Transcript slides

Resonance: Dynamic Access
Control in Enterprise Networks
Ankur Nayak, Alex Reimers,
Nick Feamster, Russ Clark
School of Computer Science
Georgia Institute of Technology
1
Motivation
• Enterprise and campus networks are dynamic
– Hosts continually coming and leaving
– Hosts may become infected
• Today, access control is static, and poorly
integrated with the network layer itself
• Resonance: Dynamic access control
– Track state of each host on the network
– Update forwarding state of switches per host as these
states change
2
State of the Art
• Today’s networks have many components
“bolted on” after the fact
– Firewalls, VLANs, Web authentication portal,
vulnerability scanner
• Separate (and perhaps competing) devices for
performing the following functions
– Registration (based on MAC addresses)
– Scanning
– Filtering and rate limiting traffic
3
Authentication at GT : “START”
3. VLAN with Private IP
7. REBOOT
Switch
.1. New MAC Addr
2. VQP
6. VLAN with Public IP
New Host
4. Web
Authentication
VMPS
5. Authentication
and Scanning
Result
Web Portal,
Scanner
4
Problems with Current Architecture
• Access Control is too coarse-grained
– Static, inflexible and prone to misconfigurations
– Need to rely on VLANs to isolate infected machines
• Cannot dynamically remap hosts to different
portions of the network
– Needs a DHCP request which for a windows user
would mean a reboot
• Monitoring is not continuous
Idea: Express access control to incorporate network dynamics.
5
Resonance Methodology
• Step 1: Associate each host with generic states
and security classes
• Step 2: Specify a state machine for moving
machines from one state to the other
• Step 3: Control forwarding state in switches
based on the current state of each machine
– Actions from other network elements, and distributed
inference, can affect network state
6
Applying resonance to START
Infection removed or manually fixed
Registration
Failed Authentication
Quarantined
Successful
Authentication
Clean after update
Authenticated
Operation
Vulnerability detected
7
Resonance: Step by Step
DHCP
Server
Web Portal
Openflow
Switch
Controller
1. DHCP
request
Internet
2. Web
Authenticaition
4. To the Internet
New Host
3. Scanning
8
Preliminary Implementation: OpenFlow
• OpenFlow: Flow-based control over the forwarding
behavior of switches and routers
– A switch, a centralized controller and end-hosts
– Switches communicate with the controller through an open
protocol over a secure channel
• Why OpenFlow?
– Dynamically change security policies
– Central control enables
• Specifying a single, centralized security policy
• Coordinating the mechanisms for switches
• Granularity of control. VLANs don’t provide that granularity
9
Resonance Controller: NOX
• NOX:
Programmatic
interface to the
OpenFlow
controller
– Ability to add,
remove and reuse
components
• We are building
the Resonance
controller using
NOX
10
Research Testbed
11
Potential Challenges
• Scale
– How many forwarding entries per switch?
• OF switches support ~130K flow entries and 100
wildcard entries.
– How much traffic at the controller?
• Performance
– Responsiveness
• Security
– MAC address spoofing
– Securing the controller (and control framework)
12
Summary
• Resonance: An architecture to secure and
maintain enterprise networks.
– Preliminary design
– Application to Georgia Tech campus network
– Planned evaluation
• Many challenges remain
– Scaling
– Performance
Questions?
13