Room 1020 Emerging Tech. Building (ETB)
Department of CSE, TAMU
Abstract: OpenFlow is an open standard that has gained tremendous interest in the last few years within the network community. It is an embodiment of the software defined networking (SDN) paradigm, in which higher level flow routing decisions are derived from a control layer which, unlike classic network switch implementations, is separated from the data handling layer. The central attraction to this paradigm is that by decoupling the control logic from the closed and proprietary implementations of traditional network switch infrastructure, researchers can more easily design and distribute innovative flow handling and network control algorithms. Indeed, we also believe that OpenFlow can, in time,
prove to be one of the more impactful technologies to drive a variety of innovations in network security. OpenFlow could offer a dramatic simplification to the way we design and integrate complex network security applications/services into large networks. However, to date there remains a stark paucity of compelling OpenFlow security applications/services.
In this talk I will propose new killer apps for SDN, namely security as an app (SaaA) and security as a service (SaaS), and I will introduce our new technologies to enable them. In SaaA, various security functions are provided as OpenFlow (OF) apps for network operators to simply download and use, similar to the way of using iPhone/Android apps. For SaaA, I will introduce FRESCO, a
new OpenFlow (OF) security application development framework designed to facilitate the rapid design, and modular composition of OF-enabled security modules (e.g., for threat detection and mitigation). FRESCO offers a Click-inspired programming framework that enables security researchers to implement, share, and compose together, many different security detection and mitigation modules. In SaaS, website/network operators, e.g., tenants in a cloud, can outsource security-monitoring tasks to the cloud security provider. For SaaS, I will introduce CloudWatcher, a new framework that provides security monitoring services for large and dynamic cloud networks. I will demonstrate the utility of FRESCO and CloudWatcher, and report various performance and efficiency aspects of our proposed frameworks. In summary, with the innovations of FRESCO and CloudWatcher, we hope to enable new killer apps (i.e., SaaA and SaaS) for SDN.
Bio: Guofei Gu is an assistant professor in the Department of Computer Science & Engineering at Texas A&M University (TAMU). Before coming to Texas A&M, he received his Ph.D. degree in Computer Science from the College of Computing, Georgia Institute of Technology. His research interests are in network and system security, such as Internet malware/botnet analysis/detection/defense,
web and social network security, cloud and software-defined networking security, and intrusion/anomaly detection. Dr. Gu is a recipient of 2010 NSF CAREER Award, 2013 AFOSR Young Investigator Award, and a co-recipient of 2010 IEEE Symposium on Security & Privacy (Oakland’10) best student paper award. Dr. Gu is an active member of the security research community and he has served on the program committees of top-tier security venues, such as the IEEE Symposium on Security and Privacy and the ACM Conference on Computer and Communications Security, among many others. He is currently directing the SUCCESS (Secure Communication and Computer Systems) Lab at TAMU.