Software-defined networking

Rethinking how networks can be more programmable

The state of network security today is quite abysmal. Security breaches and downtime of critical infrastructures continue to be the norm rather than the exception, despite the dramatic rise in spending on network security. Attackers today can easily leverage a distributed and programmable infrastructure of compromised machines (or botnets) to launch large-scale and sophisticated attacks. In contrast, the defenders of our critical infrastructures are crippled as they rely on fixed capacity, inflexible, and expensive hardware appliances. This forces them into adopting weak and static security postures, as they face unpleasant tradeoffs between false positives and false negatives. Continuing along this trajectory means that attackers will always hold the upper hand as defenders are stifled by the inflexible and impotent tools in their arsenal. The goal of this project is to reverse this long-standing asymmetry and fundamentally change the dynamics of this attack- defense equation. Instead of developing attack-specific defenses, we focus on empowering defenders with the right tools and abstractions to tackle the constantly evolving attack landscape. To this end, we envision a new software-defined approach to network security, where we can rapidly develop and deploy novel in-depth defenses and dynamically customize the network’s security posture to the current operating context. Realizing this vision raises fundamental challenges that transcend conventional networking and security technologies and necessitates a radical rethink across the entire “stack”.

  1. Sigcomm
    TEA: Enabling State-Intensive Network Functions on Programmable Switches
    Kim, Daehyeok, Liu, Zaoxing, Zhu, Yibo, Kim, Changhoon, Lee, Jeongkeun, Sekar, Vyas, and Seshan, Srinivasan
    In SIGCOMM ’20: Proceedings of the 2020 Annual conference of the ACM Special Interest Group on Data Communication on the applications, technologies, architectures, and protocols for computer communication, Virtual Event, USA, August 10-14, 2020 2020
    PDF
  2. Sigcomm
    Contention-Aware Performance Prediction For Virtualized Network Functions
    Manousis, Antonis, Sharma, Rahul Anand, Sekar, Vyas, and Sherry, Justine
    In SIGCOMM ’20: Proceedings of the 2020 Annual conference of the ACM Special Interest Group on Data Communication on the applications, technologies, architectures, and protocols for computer communication, Virtual Event, USA, August 10-14, 2020 2020
    PDF
  3. NSDI
    FreeFlow: Software-based Virtual RDMA Networking for Containerized Clouds
    Kim, Daehyeok, Yu, Tianlong, Liu, Hongqiang Harry, Zhu, Yibo, Padhye, Jitu, Raindel, Shachar, Guo, Chuanxiong, Sekar, Vyas, and Seshan, Srinivasan
    In 16th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2019, Boston, MA, February 26-28, 2019 2019
    PDF