CAREER: Secure and Trustworthy Intent-Based Networking

职业：安全且值得信赖的基于意图的网络

• 批准号: 2339882
• 负责人: Benjamin Ujcich
• 金额: $ 62.16万
• 依托单位: Georgetown University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2024
• 资助国家: 美国
• 起止时间: 2024-03-01 至 2029-02-28
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2339882&HistoricalAwards=false
• 关键词: CAREER; Secure; Trustworthy; Intent; Based

Intent-based networking (IBN) is poised to be a crucial element in future computer networks over the next decade. Unlike traditional network management, IBN allows administrators to express their goals in high-level natural language, focusing on 'what' they want the network to achieve rather than 'how' it should be configured. This approach simplifies network management in various environments such as cloud computing data centers, enterprises, and mobile networks. IBN also holds potential for enhancing network security by reducing human errors and responding swiftly to emerging threats. However, there has been little attention given to the unique security challenges posed by IBN for network vendors, administrators, tenants, and users. This project seeks to bridge that gap by addressing IBN's security and trust aspects. The project's novelties are designing a secure and trustworthy IBN architecture, identifying vulnerabilities in current designs, defending against operational attacks, and enhancing resilience against emerging threats. The project's broader significance and importance are in influencing real-world designs, standardization efforts, and industry practices to create a safer and more resilient digital infrastructure for society.The project aims to embed security considerations into the foundational principles of IBN, design a secure reference architecture, and explore IBN's interactions with other network components. The research team addresses these goals in three central and interdependent research thrusts. The first thrust focuses on securely fulfilling network intents, including designing formal models, identifying security-related race conditions, and addressing side-channel attack vectors. The second thrust ensures the secure fulfillment of network intents through scalable network provenance collection for generating access control policies and maintaining overall decision-making integrity. The third thrust involves integrating secure IBN into the broader network infrastructure, addressing cross-plane vulnerabilities, enforcing correct cross-plane functionality, and enhancing reasoning capabilities through root cause analysis. The research team plans to share project results by enhancing existing open-source IBN implementations and creating new tools for use by other researchers. Additionally, the outcomes are incorporated into networking and security courses for both graduate and undergraduate students.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

基于意图的网络（IBN）有望成为未来十年未来计算机网络的关键要素。与传统的网络管理不同，IBN 允许管理员用高级自然语言表达他们的目标，重点关注他们希望网络实现的“什么”，而不是“如何”配置网络。这种方法简化了云计算数据中心、企业和移动网络等各种环境中的网络管理。 IBN 还具有通过减少人为错误和快速响应新出现的威胁来增强网络安全的潜力。然而，很少有人关注 IBN 给网络供应商、管理员、租户和用户带来的独特安全挑战。该项目旨在通过解决 IBN 的安全和信任问题来弥补这一差距。该项目的新颖之处在于设计一个安全且值得信赖的 IBN 架构、识别当前设计中的漏洞、防御操作攻击以及增强针对新兴威胁的弹性。该项目更广泛的意义和重要性在于影响现实世界的设计、标准化工作和行业实践，为社会创建更安全、更有弹性的数字基础设施。该项目旨在将安全考虑因素嵌入到 IBN 的基本原则中，设计一个安全的参考架构，并探索 IBN 与其他网络组件的交互。研究团队通过三个相互依赖的中心研究重点来实现这些目标。第一个重点是安全地实现网络意图，包括设计正式模型、识别与安全相关的竞争条件以及解决旁道攻击向量。第二个推动力通过可扩展的网络来源收集来确保网络意图的安全实现，以生成访问控制策略并维护整体决策的完整性。第三个重点涉及将安全 IBN 集成到更广泛的网络基础设施中、解决跨平面漏洞、实施正确的跨平面功能以及通过根本原因分析增强推理能力。研究团队计划通过增强现有的开源 IBN 实施和创建供其他研究人员使用的新工具来分享项目成果。此外，这些成果还被纳入研究生和本科生的网络和安全课程中。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准进行评估，被认为值得支持。