SeReNe: On Establishing Secure and Resilient Networking Services for an SDN-based Multi-tenant Datacenter Environment

Conference Paper

In the current enterprise data enter networking environment, a major hurdle in the development of network security is the lack of an orchestrated and resilient defensive mechanism that uses well-established quantifiable metrics, models, and evaluation methods. In this position paper, we describe an emerging Secure and Resilient Networking (SeReNe) service model to establish a programmable and dynamic defensive mechanism that can adjust the system's networking resources such as topology, bandwidth allocation, and traffic/flow forwarding policies, according to the network security situations. We posit that this requires addressing two interdependent technical areas: (a) a Moving Target Defense (MTD) framework both at networking and software levels, and (b) an Adaptive Security-enabled Traffic Engineering (ASeTE) approach to select optimal countermeasures by considering the effectiveness of countermeasures and network bandwidth allocations while minimizing the intrusiveness to the applications and the cost of deploying the countermeasures. We believe that our position can greatly benefit the virtual networking system established in data Centerior enterprise virtual networking systems that have adopted latest Open Flow technologies.

Full Text

Duke Authors

Cited Authors

  • Chung, CJ; Xing, T; Huang, D; Medhi, D; Trivedi, K

Published Date

  • September 18, 2015

Published In

  • Proceedings 2015 45th Annual Ieee/Ifip International Conference on Dependable Systems and Networks Workshops, Dsn W 2015

Start / End Page

  • 4 - 11

International Standard Book Number 13 (ISBN-13)

  • 9781467380447

Digital Object Identifier (DOI)

  • 10.1109/DSN-W.2015.25

Citation Source

  • Scopus