CAREER: Programmable In-network Security

职业：可编程网络安全

基本信息

批准号：
1942219
负责人：
Ang Chen
金额：
$ 55万
依托单位：
William Marsh Rice University
依托单位国家：
美国
项目类别：
Continuing Grant
财政年份：
2020
资助国家：
美国
起止时间：
2020-01-15 至 2024-03-31
项目状态：
已结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=1942219&HistoricalAwards=false
关键词：
CAREER Programmable network Security

项目摘要

Attacks on the Internet cost the economy billions of dollars. While today’s Internet was developed to provide widespread connectivity to individuals and businesses across the world, the networks that support the Internet do not have built-in security mechanisms. This project is focused on solving that problem by investigating future network designs based on new network technology that would support security and provide defense across a wide variety of attacks. The project vision is to develop Programmable In-network Security, or ‘Poise’. Poise aims to design and integrate a wide range of defenses directly inside the network, leveraging the technology trend of network programmability. If successful, a Poise network would support security as naturally as today’s networks support connectivity. This project will develop new scientific foundations for network security, investigate practical use cases, release open-source tools, and produce educational materials. The potential impact of Poise is to make future networks fundamentally more secure than they are today. This project presents a vision of Programmable In-network Security, or ‘Poise’, informed by the recent trend that network devices are becoming increasingly programmable, and with a goal of supporting security as a first-class network attribute. The project plans to take a three-pronged approach to realizing this goal. First, Poise aims to transform a programmable switch into a defense platform by designing a wide range of security applications that reside in the switch. Second, Poise aims to transform a network of programmable switches into a defense fleet, by architecting defense applications into the network paths and synchronizing them for whole-network defense. Third, Poise seeks to ensure that the defense applications, individually and collectively, are themselves secure against attacks. In its ultimate embodiment, a Poise network would toggle a wide array of defenses rapidly on and off as traffic flows through, mitigating attacks in real time. This project will advance the state of the art in network security in the above three dimensions and will produce scientific foundations and reusable system prototypes.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

尽管当今的互联网是为了向世界各地的个人和企业提供广泛的连接而开发的，但支持互联网的网络并没有内置的安全机制，该项目的重点是解决这一问题。通过研究基于新网络技术的未来网络设计来解决问题，该技术将支持安全性并提供针对各种攻击的防御。该项目的愿景是开发可编程网络内安全性，或“Poise”，旨在设计和集成广泛的网络安全性。直接在网络内部的防御范围，如果成功，Poise 网络将利用网络可编程性的技术趋势来支持安全性，就像当今的网络支持连接一样，该项目将为科学研究网络安全性、实际用例、发布开源工具并产生教育成果奠定基础。 Poise 的潜在影响是使未来的网络从根本上比现在更加安全。该项目提出了可编程网络安全（或“Poise”）的愿景，该愿景是基于网络设备变得越来越可编程的最新趋势。并目标是该项目计划采取三管齐下的方法来实现这一目标，首先，Poise 旨在通过设计驻留在网络中的广泛安全应用程序，将可编程交换机转变为防御平台。其次，Poise 旨在通过将防御应用程序构建到网络路径中并将其同步以实现整个网络防御，将可编程交换机网络转变为防御舰队。本身可以抵御攻击。在其最终实施例中，Poise 网络将在流量通过时快速打开和关闭各种防御，从而实时减轻攻击。该项目将在上述三个方面推进网络安全的最新技术，并将产生成果。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准进行评估，被认为值得支持。