IEEE/ACM Transactions on Networking (TON)
A lattice model of secure information flow
Communications of the ACM
Simple network performance tomography
Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
The case for separating routing from routers
Proceedings of the ACM SIGCOMM workshop on Future directions in network architecture
A clean slate 4D approach to network control and management
ACM SIGCOMM Computer Communication Review
Detecting BGP configuration faults with static analysis
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Ethane: taking control of the enterprise
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Filtering spam with behavioral blacklisting
Proceedings of the 14th ACM conference on Computer and communications security
NOX: towards an operating system for networks
ACM SIGCOMM Computer Communication Review
SS'08 Proceedings of the 17th conference on Security symposium
The Tempest-a practical framework for network programmability
IEEE Network: The Magazine of Global Internetworking
Scalable flow-based networking with DIFANE
Proceedings of the ACM SIGCOMM 2010 conference
DevoFlow: cost-effective flow management for high performance enterprise networks
Hotnets-IX Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks
DevoFlow: scaling flow management for high-performance networks
Proceedings of the ACM SIGCOMM 2011 conference
Communicating with caps: managing usage caps in home networks
Proceedings of the ACM SIGCOMM 2011 conference
Frenetic: a network programming language
Proceedings of the 16th ACM SIGPLAN international conference on Functional programming
A compiler and run-time system for network programming languages
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Hot-ICE'12 Proceedings of the 2nd USENIX conference on Hot Topics in Management of Internet, Cloud, and Enterprise Networks and Services
A NICE way to test openflow applications
NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
Fabric: a retrospective on evolving SDN
Proceedings of the first workshop on Hot topics in software defined networks
A security enforcement kernel for OpenFlow networks
Proceedings of the first workshop on Hot topics in software defined networks
Composing software-defined networks
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
Participatory networking: an API for application control of SDNs
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
Queue - Large-Scale Implementations
Hi-index | 0.00 |
Enterprise network security is typically reactive, and it relies heavily on host security and middleboxes. This approach creates complicated interactions between protocols and systems that can cause incorrect behavior and slow response to attacks. We argue that imbuing the network layer with mechanisms for dynamic access control can remedy these ills. We propose Resonance, a system for securing enterprise networks, where the network elements themselves enforce dynamic access control policies based on both flow-level information and real-time alerts. Resonance uses programmable switches to manipulate traffic at lower layers; these switches take actions (e.g., dropping or redirecting traffic) to enforce high-level security policies based on input from both higherlevel security policies and distributed monitoring and inference systems. We describe the design of Resonance, apply it to Georgia Tech's network access control system, show how it can both overcome the current shortcomings and provide new security functions, describe our proposed deployment, and discuss open research questions.