Award Abstract # 1642143
Collaborative Research: CICI: Secure and Resilient Architecture: SciGuard: Building a Security Architecture for Science DMZ Based on SDN and NFV Technologies
| NSF Org: |
OAC
Office of Advanced Cyberinfrastructure (OAC)
|
| Recipient: |
CLEMSON UNIVERSITY
|
| Initial Amendment Date:
|
August 4, 2016 |
| Latest Amendment Date:
|
August 4, 2016 |
| Award Number: |
1642143 |
| Award Instrument: |
Standard Grant |
| Program Manager: |
Rob Beverly
OAC
Office of Advanced Cyberinfrastructure (OAC)
CSE
Directorate for Computer and Information Science and Engineering
|
| Start Date: |
January 1, 2017 |
| End Date: |
April 30, 2021 (Estimated) |
| Total Intended Award
Amount: |
$499,805.00 |
| Total Awarded Amount to
Date: |
$499,805.00 |
| Funds Obligated to Date:
|
FY 2016 = $464,717.00
|
| History of Investigator:
|
-
Hongxin
Hu
(Principal Investigator)
hongxinh@buffalo.edu
-
Richard
Brooks
(Co-Principal Investigator)
-
Kuang-Ching
Wang
(Co-Principal Investigator)
-
Nuyun
Zhang
(Co-Principal Investigator)
|
| Recipient Sponsored Research
Office: |
Clemson University
201 SIKES HALL
CLEMSON
SC
US
29634-0001
(864)656-2424
|
| Sponsor Congressional
District: |
03
|
| Primary Place of
Performance: |
Clemson University
300 Brackett Hall, Box 345702
Clemson
SC
US
29634-0001
|
Primary Place of
Performance
Congressional District: |
03
|
| Unique Entity Identifier
(UEI): |
H2BMNX7DSKU8
|
| Parent UEI: |
|
| NSF Program(s): |
Cybersecurity Innovation
|
| Primary Program Source:
|
01001617DB NSF RESEARCH & RELATED ACTIVIT
|
| Program Reference
Code(s): |
9150
|
| Program Element Code(s):
|
802700
|
| Award Agency Code: |
4900
|
| Fund Agency Code: |
4900
|
| Assistance Listing
Number(s): |
47.070
|
ABSTRACT
As data-intensive science becomes the norm in many fields of science, high-performance data transfer is rapidly becoming a standard cyberinfrastructure requirement. To meet this requirement, an increasingly large number of university campuses have deployed Science DMZs. A Science DMZ is a portion of the network, built at or near the edge of the campus or laboratory's network, that is designed such that the equipment, configuration, and security policies are optimized for high-performance scientific applications rather than for general-purpose computing. This project develops a secure and resilient architecture called SciGuard that addresses the security challenges and the inherent weaknesses in Science DMZs. SciGuard is based on two emerging networking paradigms, Software-Defined Networking (SDN) and Network Function Virtualization (NFV), both of which enable the granularity, flexibility and elasticity needed to secure Science DMZs.
Two core security functions, an SDN firewall application and a virtual Intrusion Detection System (IDS), coexist in SciGuard for protecting Science DMZs. The SDN firewall application is a software-based, in-line security function running atop the SDN controller. It can scale well without bypassing the firewall using per-flow/per-connection network traffic processing. It is also separated from the institutional hardware-based firewalls to enforce tailored security policies for the science-only traffic sent to Science DMZs. The virtual IDS is an NFV-based, passive security function, which can be quickly instantiated and elastically scaled to deal with attack traffic variations in Science DMZs, while significantly reducing both equipment and operational costs. In addition to these functions, the researchers also design a cloud-based federation mechanism for SciGuard to support security policy automatic testing and security intelligence sharing. The new mechanisms developed in this project are robust, scalable, low cost, easily managed, and optimally provisioned, therefore substantially enhancing the security of Science DMZs. This research encourages the diversity of students involved in the project by active recruitment of women and other underrepresented groups for participation in the project. The project has substantial involvement of graduate students in research, and trains promising undergraduate students in the implementation and experiments of the proposed approach. Moreover, the project enhances academic curricula by integrating the research findings into new and existing courses.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
(Showing: 1 - 10 of 24)
(Showing: 1 - 24 of 24)
Bai, Jiasong and Zhang, Menghao and Li, Guanyu and Liu, Chang and Xu, Mingwei and Hu, Hongxin
"FastFE: Accelerating ML-based Traffic Analysis with Programmable Switches"
SPIN '20: Proceedings of the Workshop on Secure Programmable Network Infrastructure
, 2020
https://doi.org/10.1145/3405669.3405818
Citation
Details
Chen, Kang and Liu, Jianwei and Martin, James and Wang, Kuang-Ching and Hu, Hongxin
"Improving Integrated LTE-WiFi Network Performance with SDN Based Flow Scheduling"
2018 27th International Conference on Computer Communication and Networks (ICCCN)
, 2018
10.1109/ICCCN.2018.8487317
Citation
Details
Deng, Juan and Li, Hongda and Hu, Hongxin and Wang, Kuang-Ching and Ahn, Gail-Joon and Zhao, Ziming and Han, Wonkyu
"On the Safety and Efficiency of Virtual Firewall Elasticity Control"
Proceedings of the 24th Network and Distributed System Security Symposium (NDSS 2017)
, 2017
Citation
Details
Li, Hongda and Hu, Hongxin and Gu, Guofei and Ahn, Gail-Joon and Zhang, Fuqiang
"vNIDS: Towards Elastic Security with Safe and Efficient Virtualization of Network Intrusion Detection Systems"
Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
, 2018
https://doi.org/10.1145/3243734.3243862
Citation
Details
Li, Hongda and Zhang, Fuqiang and Yu, Lu and Oakley, Jon and Hu, Hongxin and Brooks, Richard R.
"Towards Efficient Traffic Monitoring for Science DMZ with Side-Channel based Traffic Winnowing"
ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization
, 2018
https://doi.org/10.1145/3180465.3180474
Citation
Details
Meng, Zili and Bi, Jun and Wang, Haiping and Sun, Chen and Hu, Hongxin
"CoCo: Compact and Optimized Consolidation of Modularized Service Function Chains in NFV"
2018 IEEE International Conference on Communications (ICC)
, 2018
https://doi.org/10.1109/ICC.2018.8422641
Citation
Details
Meng, Zili and Wang, Minhu and Bai, Jiasong and Xu, Mingwei and Mao, Hongzi and Hu, Hongxin
"Interpreting Deep Learning-Based Networking Systems"
SIGCOMM '20: Proceedings of the Annual conference of the ACM Special Interest Group on Data Communication on the applications, technologies, architectures, and protocols for computer communication
, 2020
https://doi.org/10.1145/3387514.3405859
Citation
Details
Park, Younghee and Chandaliya, Pritesh and Muralidharan, Akshaya and Kumar, Nikash and Hu, Hongxin
"Dynamic Defense Provision via Network Functions Virtualization"
Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization
, 2017
https://doi.org/10.1145/3040992.3041005
Citation
Details
Park, Younghee and Hu, Hongxin and Yuan, Xiaohong and Li, Hongda
"Enhancing Security Education Through Designing SDN Security Labs in CloudLab"
Proceedings of the 49th ACM Technical Symposium on Computer Science Education (SIGCSE'18)
, 2018
https://doi.org/10.1145/3159450.3159514
Citation
Details
Sun, Chen and Bi, Jun and Chen, Haoxian and Hu, Hongxin and Zheng, Zhilong and Zhu, Shuyong and Wu, Chenghui
"SDPA: Toward a Stateful Data Plane in Software-Defined Networking"
IEEE/ACM Transactions on Networking
, v.25
, 2017
https://doi.org/10.1109/TNET.2017.2726550
Citation
Details
Sun, Chen and Bi, Jun and Meng, Zili and Yang, Tong and Zhang, Xiao and Hu, Hongxin
"Enabling NFV Elasticity Control With Optimized Flow Migration"
IEEE Journal on Selected Areas in Communications
, v.36
, 2018
https://doi.org/10.1109/JSAC.2018.2869953
Citation
Details
Sun, Chen and Bi, Jun and Zheng, Zhilong and Hu, Hongxin
"HYPER: A Hybrid High-Performance Framework for Network Function Virtualization"
IEEE Journal on Selected Areas in Communications
, v.35
, 2017
https://doi.org/10.1109/JSAC.2017.2760438
Citation
Details
Wang, J. and Hu, H. and Zhao, B. and Li, H. and Zhang, W. and Xu, J. and Liu, P. and Ma, J.
"S-Blocks: Lightweight and Trusted Virtual Security Function with SGX"
IEEE transactions on cloud computing
, 2020
Citation
Details
Wang, Juan and Hao, Shirong and Li, Yi and Fan, Chengyang and Wang, Jie and Han, Lin and Hong, Zhi and Hu, Hongxin
"Challenges Towards Protecting VNF With SGX"
Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization
, 2018
https://doi.org/10.1145/3180465.3180476
Citation
Details
Wang, S. and Meng, Z. and Sun, C. and Wang, M. and Xu, M. and Bi, J. and Yang, T. and Huang, Q. and Hu, H.
"SmartChain: Enabling High-Performance Service Chain Partition between SmartNIC and CPU"
2020 IEEE International Conference on Communications (ICC 2020)
, 2020
Citation
Details
Yuan, Xiaohong and Liu, Zhipeng and Park, Younghee and Hu, Hongxin and Li, Hongda
"Teaching SDN Security Using Hands-on Labs in CloudLab"
Journal of the Colloquium for Information System Security Education
, v.7
, 2020
Citation
Details
Zhang, M. and Li, G. and Wang, S. and Liu, C. and Chen, A. and Hu, H. and Gu, G. and Li, Q. and Xu, M. and Wu, J.
"Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches"
the 27th Network and Distributed System Security Symposium (NDSS 2020)
, 2020
https://doi.org/10.14722/ndss.2020.24007
Citation
Details
Zhang, Menghao and Bai, Jiasong and Li, Guanyu and Meng, Zili and Li, Hongda and Hu, Hongxin and Xu, Mingwei
"When NFV Meets ANN: Rethinking Elastic Scaling for ANN-based NFs"
IEEE ICNP 2019 HDR-Nets Workshop (HDR-Nets 2019)
, 2019
https://doi.org/10.1109/ICNP.2019.8888133
Citation
Details
Zhang, Nuyun and Li, Hongda and Hu, Hongxin and Park, Younghee
"Towards Effective Virtualization of Intrusion Detection Systems"
Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization
, 2017
https://doi.org/10.1145/3040992.3041004
Citation
Details
Zheng, Zhilong and Bi, Jun and Wang, Haiping and Sun, Chen and Yu, Heng and Hu, Hongxin and Gao, Kai and Wu, Jianping
"Grus: Enabling Latency SLOs for GPU-Accelerated NFV Systems"
2018 IEEE 26th International Conference on Network Protocols (ICNP)
, 2018
https://doi.org/10.1109/ICNP.2018.00025
Citation
Details
Zheng, Zhilong and Bi, Jun and Yu, Heng and Wang, Haiping and Sun, Chen and Hu, Hongxin and Wu, Jianping
"Octans: Optimal Placement of Service Function Chains in Many-Core Systems"
IEEE INFOCOM 2019 - IEEE Conference on Computer Communications
, 2019
https://doi.org/10.1109/INFOCOM.2019.8737544
Citation
Details
(Showing: 1 - 10 of 24)
(Showing: 1 - 24 of 24)
Please report errors in award information by writing to: awardsearch@nsf.gov.
