Award Abstract # 1528099
TWC: TTP Option: Small: Collaborative: SRN: On Establishing Secure and Resilient Networking Services

NSF Org: CNS
Division Of Computer and Network Systems
Recipient: ARIZONA STATE UNIVERSITY
Initial Amendment Date: September 11, 2015
Latest Amendment Date: September 11, 2015
Award Number: 1528099
Award Instrument: Standard Grant
Program Manager: Kevin Thompson
kthompso@nsf.gov  (703)292-4220
CNS  Division Of Computer and Network Systems
CSE  Directorate for Computer and Information Science and Engineering
Start Date: September 1, 2015
End Date: August 31, 2019 (Estimated)
Total Intended Award Amount: $230,000.00
Total Awarded Amount to Date: $230,000.00
Funds Obligated to Date: FY 2015 = $230,000.00
History of Investigator:
  • Dijiang Huang (Principal Investigator)
     dijiang@asu.edu
Recipient Sponsored Research Office: Arizona State University
 660 S MILL AVENUE STE 204
 TEMPE
 AZ  US  85281-3670
(480)965-5479
Sponsor Congressional District: 04
Primary Place of Performance: Arizona State University
 P.O. Box 876011
 Tempe
 AZ  US  85287-6011
Primary Place of Performance
Congressional District:		 04
Unique Entity Identifier (UEI): NTLHJXM55KZ6
Parent UEI:
NSF Program(s): Secure &Trustworthy Cyberspace
Primary Program Source: 01001516DB NSF RESEARCH & RELATED ACTIVIT
Program Reference Code(s): 7923, 7434
Program Element Code(s): 806000
Award Agency Code: 4900
Fund Agency Code: 4900
Assistance Listing Number(s): 47.070

ABSTRACT

Almost every organization depends on cloud-based services. The backend of cloud-based services are designed for multiple tenants and reside in data centers spread across multiple physical locations. Network security and security management are major hurdles in such a complex, shared environment. This research investigates mitigating the security challenges by taking a moving target defense (MTD) approach. Continually adjusting the system resources such as the topology of the data center, bandwidth allocation and traffic flow policies makes it difficult for attackers to compromise the system. New evaluations methods will be developed to ensure that these MTD mechanisms work properly in practice. The outcome of this research is to have cloud services that are more secure and resilient to attacks. This research is a collaborative effort conducted by researchers from three different universities, Arizona State University, Duke University, and the University of Missouri-Kansas City. Graduate students will be trained to serve the growing need for educating professionals in cyber security. The results of the proposed research will be incorporated into several courses taught at the respective institutions.

The MTD approach in a multi-location, multi-tenant data center environment requires a complex level of coordination. This research investigates defense mechanisms in the data center's virtual networking environment based on programmable networking solutions so that proactive attack countermeasures can be deployed with considerations of the system resource consumption, software bugs/vulnerabilities, effectiveness of countermeasures, and impact on consumers running applications. The research outcomes can be employed for applications that require security situation-awareness variables accurately predicted at a very fine grain resolution, from a few milliseconds to a few seconds. This introduces additional challenges, namely, developing new performance models for networking, data collection, big data-enabled security processing, and control. To address these challenges, this project has two interdependent fundamental research thrusts: (a) investigate a dynamic and adaptive defensive framework at both networking and software levels; and (b) deploy an adaptive security-enabled traffic engineering approach to select optimal countermeasures by considering the effectiveness of countermeasures and network bandwidth allocations while minimizing the intrusiveness to the applications and the cost of deploying the countermeasures. The outcomes of this project will include a set of software APIs and tools to integrate the measurement system and analytical models in a transition to practice effort.

PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH

Note:  When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

(Showing: 1 - 10 of 28)
Abdulhakim Sabur, Ankur Chowdhary, Dijiang Huang, Myong Kang, Anya Kim, and Alexander Velazquez "S3: A DFW-based Scalable Security State Analysis Framework for Large-Scale Data Center Networks" the 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID) , 2019
Abdullah Alshalan, Sandeep Pisharody, and Dijiang Huang "A Survey of Mobile VPN Technologies" IEEE Communications Surveys and Tutorials , v.PP , 2015
Abdullah Alshalan, Sandeep Pisharody, and Dijiang Huang "MobiVPN: A Mobile VPN Providing Persistency To Applications" International Conference on Computing, Networking and Communications, Wireless Networks (ICNC) , 2016 10.1109/ICCNC.2016.7440684
Adel Alshamrani, Ankur Chowdhary, Dijiang Huang, Sowmya Myneni, and Qussama Mjihil "Combining Dynamic and Static Attack Information for Attack Tracing and Event Correlation" IEEE Globalcom, Communication Information and System Security (CISS) Symposium , 2018
Adel Alshamran,Sowmya Myneni,Ankur Chowdhary, and Dijiang Huang "A Survey of Advanced Persistent Threats: Techniques, Solutions, Challenges, and Research Opportunities" IEEE Survey and Tutorials , 2019
Ankur Chowdhary, Adel Alshamrani, and Dijiang Huang "MTD Analysis and evaluation framework in Software Defined Network (MASON)" the ACM SDN/NFV Security Workshop , 2018
Ankur Chowdhary, Adel Alshamrani, and Dijiang Huang "SUPC: SDN enabled Universal Policy Checking in Cloud Network" International Conference on Computing, Networking and Communications (ICNC): Communications and Information Security Symposium - Communications and Information Security , 2019
Ankur Chowdhary, Adel Alshamrani, Dijiang Huang, Myong Kang, Anya Kim, and Alexander Velazquez "TRUFL: Distributed Trust Management framework in SDN" IEEE ICC , 2019
Ankur Chowdhary and Dijiang Huang "SDN based Network Function Parallelism in Cloud" International Conference on Computing, Networking and Communications (ICNC): Communications and Information Security Symposium - Communications and Information Security , 2019
Ankur Chowdhary, Dijiang Huang, Gail-Joon Ahn, Myong Kang, Anya Kim, and Alexander Velazquez "SDNSOC: Object Oriented SDN Framework" the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization (SDN-NFVSec?19) , 2019
Ankur Chowdhary, Sailik Sengupta, Adel Alshamrani, Dijiang Huang, and Abdulhakim Sabur "Adaptive MTD Security using Markov Game Modeling" International Conference on Computing, Networking and Communications (ICNC): Communications and Information Security Symposium - Communications and Information Security , 2019
(Showing: 1 - 10 of 28)

PROJECT OUTCOMES REPORT

Disclaimer

This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.

The SRN project targets at developing new metrics, analytical models, and evaluation methods to dynamically adjust the virtual networking system according to the security events and vulnerabilities detected in the system. To this end, this research focused on modeling attack scenarios by using a systematic approach considering how to incorporate theoretical attack analysis models such as attack graphs into a real-time security decision procedure. In particular, software defined networking (SDN), network function virtualization (NFV), distributed firewall (DFW), service function chaining approaches are used as the fundamental building-block to provide a more agile and intelligent network security monitoring and management system.  Moreover, this research investigates into game-based defense strategy solutions considering sophisticated attack scenarios such as Advanced Persistent Threats (APTs) and considering Moving Target Defense (MTD) approach to mitigate APTs.

 

To disseminate the research outcomes, at ASU, the research team has produced more than 20 peer-reviewed high-quality research publications, one half-day tutorials, and one professional book on SDN/NFV security. In addition to the conference presentations, the research team has delivered ten invited talks including research seminars, panels, and keynotes.

 

In order to promote transition to practice for this project, the research team at ASU had submitted one US patent application and build a startup company to investigate in the commercial opportunity of SDN security. The start-up company won the devil challenge venture funds to support the commercialization of SDN security research outcomes.

 

Through this project, at ASU, one postdoc, two PhD students, and one MS students have devoted their efforts to build their research agenda, PhD dissertations, and MS thesis, respectively. One course curriculum has been revised by incorporating moving target defense (MTD) related teach materials and a set of course projects have been setup in the area of SDN/NFV security. An online SDN/NFV security courses will be online on Coursera in spring 2020. Hands-on lab materials are delivered through ThoTh Lab that provides practical hands-on access for students and developers to practice SDN technologies.

 


Last Modified: 10/30/2019
Modified by: Dijiang Huang

Please report errors in award information by writing to: awardsearch@nsf.gov.

Print this page

Back to Top of page

Top