CAREER: Programmable In-network Security

职业：可编程网络安全

• 批准号: 1942219
• 负责人: Ang Chen
• 金额: $ 55万
• 依托单位: William Marsh Rice University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-01-15 至 2024-03-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1942219&HistoricalAwards=false
• 关键词: CAREER; Programmable; network; Security; CAREER; Programmable; network; Security

Attacks on the Internet cost the economy billions of dollars. While today’s Internet was developed to provide widespread connectivity to individuals and businesses across the world, the networks that support the Internet do not have built-in security mechanisms. This project is focused on solving that problem by investigating future network designs based on new network technology that would support security and provide defense across a wide variety of attacks. The project vision is to develop Programmable In-network Security, or ‘Poise’. Poise aims to design and integrate a wide range of defenses directly inside the network, leveraging the technology trend of network programmability. If successful, a Poise network would support security as naturally as today’s networks support connectivity. This project will develop new scientific foundations for network security, investigate practical use cases, release open-source tools, and produce educational materials. The potential impact of Poise is to make future networks fundamentally more secure than they are today. This project presents a vision of Programmable In-network Security, or ‘Poise’, informed by the recent trend that network devices are becoming increasingly programmable, and with a goal of supporting security as a first-class network attribute. The project plans to take a three-pronged approach to realizing this goal. First, Poise aims to transform a programmable switch into a defense platform by designing a wide range of security applications that reside in the switch. Second, Poise aims to transform a network of programmable switches into a defense fleet, by architecting defense applications into the network paths and synchronizing them for whole-network defense. Third, Poise seeks to ensure that the defense applications, individually and collectively, are themselves secure against attacks. In its ultimate embodiment, a Poise network would toggle a wide array of defenses rapidly on and off as traffic flows through, mitigating attacks in real time. This project will advance the state of the art in network security in the above three dimensions and will produce scientific foundations and reusable system prototypes.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

互联网的攻击损失了经济数十亿美元。虽然今天的互联网是为了向全世界的个人和企业提供宽度连接，但支持互联网的网络没有内置的安全机制。该项目的重点是通过基于新的网络技术研究未来的网络设计来解决该问题，该技术将支持安全性并在各种攻击中提供防御。该项目愿景是开发可编程的网络内安全性或“保持平衡”。 Porise旨在直接在网络内部设计和集成各种防御，利用网络编程的技术趋势。如果成功的话，一个平衡的网络将自然地支持当今网络支持连接的安全性。该项目将为网络安全开发新的科学基础，调查实际用例，释放开源工具并生产教育材料。平衡的潜在影响是使未来的网络从根本上比今天更加安全。该项目提出了可编程的网络内安全性或“保持平衡”的愿景，这是由于最近的趋势所启示的，即网络设备变得越来越多，并且目的是支持安全性作为一流的网络属性。该项目计划采取三方面的方法来实现这一目标。首先，Porise旨在通过设计驻留在开关中的广泛的安全应用程序，将可编程开关转换为防御平台。其次，Porise旨在通过将防御应用程序架构为网络路径并将其同步以进行整个网络防御，将可编程交换机网络转换为防御车队。第三，镇定旨在确保辩护申请单独和集体地保护自己免受攻击。在其最终实施方案中，一个平衡的网络将随着交通流量的流动而迅速打开和关闭各种防御能力，从而实时减轻攻击。该项目将在上述三个维度上推进网络安全性的最新技术，并将产生科学基础和可重复使用的系统原型。该奖项反映了NSF的法定任务，并通过评估该基金会的知识分子和更广泛的影响来审查标准。