TY - GEN
T1 - FAS
T2 - IEEE SoutheastCon 2017
AU - Chung, Joaquin
AU - Cox, Jacob
AU - Clark, Russ
AU - Owen, Henry
N1 - Publisher Copyright:
© 2017 IEEE.
PY - 2017/5/10
Y1 - 2017/5/10
N2 - The Software-defined exchange (SDX) allows multiple independent administrative domains to share computing, storage, and networking resources. One variation on the SDX applies software-defined networking (SDN) technologies to the fabric of an Internet exchange point (IXP) to support rich policy expression among participants. Similarly, Research and Education (R&E) networks are introducing SDN at exchange points to enable network operators to provision network policies over multiple independent administrative domains. The federated nature of R&E exchange points is based on a chain of trust between participant domains. However, trust and verifiability go hand in hand, an old adage says 'trust, but verify', so a responsible network operator would like to verify that his or her policies are honored by the SDN domains participating at an SDX. Moreover, some SDX participants do not want to reveal internal topology information while proving they correctly deployed the requested policies. For these reasons, we propose Federated Auditing for SDX (FAS), a federated auditing framework for SDX configuration verification, which reveals the minimal necessary information to an SDX central controller. We also show our initial proof-of-concept and preliminary evaluation.
AB - The Software-defined exchange (SDX) allows multiple independent administrative domains to share computing, storage, and networking resources. One variation on the SDX applies software-defined networking (SDN) technologies to the fabric of an Internet exchange point (IXP) to support rich policy expression among participants. Similarly, Research and Education (R&E) networks are introducing SDN at exchange points to enable network operators to provision network policies over multiple independent administrative domains. The federated nature of R&E exchange points is based on a chain of trust between participant domains. However, trust and verifiability go hand in hand, an old adage says 'trust, but verify', so a responsible network operator would like to verify that his or her policies are honored by the SDN domains participating at an SDX. Moreover, some SDX participants do not want to reveal internal topology information while proving they correctly deployed the requested policies. For these reasons, we propose Federated Auditing for SDX (FAS), a federated auditing framework for SDX configuration verification, which reveals the minimal necessary information to an SDX central controller. We also show our initial proof-of-concept and preliminary evaluation.
UR - http://www.scopus.com/inward/record.url?scp=85019696940&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85019696940&partnerID=8YFLogxK
U2 - 10.1109/SECON.2017.7925261
DO - 10.1109/SECON.2017.7925261
M3 - Conference contribution
AN - SCOPUS:85019696940
T3 - Conference Proceedings - IEEE SOUTHEASTCON
BT - IEEE SoutheastCon 2017
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 30 March 2017 through 2 April 2017
ER -