June 2007NSF Find Forensics and Attribution in Ethane Martin Casado Stanford University With: Michael Freedman, Justin Pettit, Jianying Luo, Natasha Gude,

Slides:



Advertisements
Similar presentations
Flow-based Management Language Tim Hinrichs Natasha Gude* Martín Casado John Mitchell Scott Shenker University of Chicago Stanford University ICSI/UC Berkeley.
Advertisements

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
NETWORK LAYER (1) T.Najah AlSubaie Kingdom of Saudi Arabia Prince Norah bint Abdul Rahman University College of Computer Since and Information System NET331.
An Overview of Software-Defined Network Presenter: Xitao Wen.
OpenFlow : Enabling Innovation in Campus Networks SIGCOMM 2008 Nick McKeown, Tom Anderson, et el. Stanford University California, USA Presented.
Ethane: Taking Control of the Enterprise
May, 2006 EdgeNet 2006 The Protection Problem in Enterprise Networks Martin Casado PhD Student in Computer Science, Stanford University
SANE: A Protection Architecture for Enterprise Networks Authors: Martin Casado, Tal Garfinkel, Aditya Akella, Michael J. Freedman Dan Boneh, Nick McKeown,
June, 2006 Stanford 2006 Ethane: Addressing the Protection Problem in Enterprise Networks Martin Casado Michael Freedman Glen Gibb Lew Glendenning Dan.
Lab 4: Simple Router CS144 Lab 4 Screencast May 2, 2008 Ben Nham Based on slides by Clay Collier and Martin Casado.
1 Internet Networking Spring 2004 Tutorial 13 LSNAT - Load Sharing NAT (RFC 2391)
4-1 Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving side, delivers.
10 - Network Layer. Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving.
August, 2006 Usenix Security 2006 SANE: Addressing the Protection Problem in Enterprise Networks Martin Casado Tal Garfinkel Michael Freedman Aditya Akaella.
1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.
Chapter 9 Classification And Forwarding. Outline.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)
A Scalable, Commodity Data Center Network Architecture.
An Overview of Software-Defined Network Presenter: Xitao Wen.
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru Parulkar, Larry Peterson, Jennifer Rexford, Scott Shenker, Jonathan Turner, SIGCOM CCR, 2008 Presented.
Information-Centric Networks10b-1 Week 13 / Paper 1 OpenFlow: enabling innovation in campus networks –Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru.
Chapter 4: Managing LAN Traffic
Network Layer (3). Node lookup in p2p networks Section in the textbook. In a p2p network, each node may provide some kind of service for other.
Software Defined Networks and OpenFlow SDN CIO Summit 2010 Nick McKeown & Guru Parulkar Stanford University In collaboration with Martin Casado and Scott.
PA3: Router Junxian (Jim) Huang EECS 489 W11 /
SANE: A Protection Architecture for Enterprise Networks
June, 2006 Stanford 2006 Ethane. June, 2006 Stanford 2006 Security and You  What does security mean to you?  Data on personal PC?  Data on family PC?
CS4550 Computer Networks II IP : internet protocol, part 2 : packet formats, routing, routing tables, ICMP read feit chapter 6.
OpenFlow:Enabling Innovation in Campus Network
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Copyright © 2011, A Flow-based Hybrid Mechanism to Improve Performance in NOX and wireless OpenFlow switch networks Bruno Van Den Bossche,
1 Firewalls Types of Firewalls Inspection Methods  Static Packet Inspection  Stateful Packet Inspection  NAT  Application Firewalls Firewall Architecture.
Presented by Rebecca Meinhold But How Does the Internet Work?
Natasha Gude, Teemu Koponen, Justin Pettit, Ben Pfaff, Martín Casado, Nick McKeown, Scott Shenker SIGCOMM CCR, 2008 Presented by Ye Tian for Course CS05112.
Information-Centric Networks Section # 13.2: Alternatives Instructor: George Xylomenos Department: Informatics.
Firewall Technology and InterCell Communication Peter T. Dinsmore Trusted Information Systems Network Associates Inc 3060 Washington Rd (Rt. 97) Glenwood,
NOX: Towards an Operating System for Networks Author: Natasha Gude, Teemu Koponen, Justin Pettit, Ben Pfaff, Martín Casado, Nick McKeown and Scott Shenker.
ECE 526 – Network Processing Systems Design Network Address Translator II.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Ethane: Taking Control of the Enterprise Presenter: KyoungSoo Park Department of Electrical Engineering KAIST.
Skype.
Basic Edge Core switch Training for Summit Communication.
Ethernet Packet Filtering - Part1 Øyvind Holmeide Jean-Frédéric Gauvin 05/06/2014 by.
Chapter 3 Part 3 Switching and Bridging
COS 561: Advanced Computer Networks
Chapter 2 Network Models
Step-by-step explanation what happens if a L3 device is connected via a L2 vPC: Packet arrives at R R does lookup in routing table and sees 2 equal paths.
ETHANE: TAKING CONTROL OF THE ENTERPRISE
NOX: Towards an Operating System for Networks
Principles of Computer Security
Introduction to Networking
Virtual LANs.
SDN Overview for UCAR IT meeting 19-March-2014
Chapter 3 Part 3 Switching and Bridging
Stanford University Software Defined Networks and OpenFlow SDN CIO Summit 2010 Nick McKeown & Guru Parulkar In collaboration with Martin Casado and Scott.
The Stanford Clean Slate Program
Network Core and QoS.
Chapter 16 Connecting LANs, Backbone Networks, and Virtual LANs
دیواره ی آتش.
Implementing an OpenFlow Switch on the NetFPGA platform
Chapter 3 Part 3 Switching and Bridging
Ethane: Addressing the Protection Problem in Enterprise Networks
Networking Essentials For Firewall-1 Administrators
CS434/534: Topics in Network Systems High-Level Programming for Programmable Networks Yang (Richard) Yang Computer Science Department Yale University.
Ethane: Addressing the Protection Problem in Enterprise Networks
Chapter 1 Introduction Networking Architecture Overview.
Network Core and QoS.
Chapter 4: outline 4.1 Overview of Network layer data plane
Presentation transcript:

June 2007NSF Find Forensics and Attribution in Ethane Martin Casado Stanford University With: Michael Freedman, Justin Pettit, Jianying Luo, Natasha Gude, David Goubad, Aditya Akella, Dan Boneh, Scott Shenker, Nick McKeown

June 2007NSF Find Ethane Overview Centralized, Flow-based architecture Connectivity dictated by global policy file For the Enterprise Single administration domain (someone everyone has to trust) Known principle roles (users, hosts) Bounded in size

June 2007NSF Find Ethane Operation Nancy Payroll Host:b IP:y MAC:n Host: a IP: x MAC: m controller Credentials Payroll XXXX Nancy YYYY Authenticate Bindings Payroll x m sw4 Nancy y n sw4 Bindings Payroll x m sw4 Nancy y n sw4 Assumptions Physical ingress port of all packets is known Controller knows network topology

June 2007NSF Find Ethane: First Packet = Path Setup Payroll POLICY FILE POLICY FILE Controller Nancy

June 2007NSF Find Forwarding in Ethane Check flow-table If entry exists, apply corresponding action Forward (or drop) Rate limit Outbound initiated only (NAT-like) Swap MAC header (Source obfuscation) Place in specific queue (isolation) If no entry, send to Controller

June 2007NSF Find Ethane Switch = Flow Tables Flow ID = Hash over relevant header fields Ethernet = H( inport,ethsrc|ethdst|ethprot) IP = H(eth,ipsrc|ipdst|ipproto) TCP/UDP = H(ip|srcport|dstport) Flow-Table & Lookup Flow ID Action 0xcf32 0xdf32 Header Values 0xef32 Fwd port1 Fwd port1, Swap MAC 01|ffee|… 01|ddee|… 02|ddef|…Fwd port2, Rate limit

June 2007NSF Find Preventing Address Forging Principles bound to addresses/physical port at authentication time Packet addresses checked against bindings at Controller (e.g. MAC/port pair matches known bindings) Flow definition includes ingress port Forged packets will never match a flow and will be dropped at first hop switch

June 2007NSF Find Forensic Support User host Host IP IP MAC MAC switch port Switch port switch port User Login Host Join Switch Join Link Change Replay Log All bindings logged Current bindings + packet + timestamp + log = bindings at time packet was sent Controller Bindings

June 2007NSF Find Forensics Given a packet can determine Which user/host sent and received it Physical port it was sent/received from What the topology looked like when it was sent Access control bind state and log (only admin access)

June 2007NSF Find Anonymity IP addresses allocated dynamically Source MAC can be swapped by switches (use IP during forensics) End-hosts perform encryption

June 2007NSF Find Source Address? Doesnt matter Addresses are virtual and multiplexed among physical ports Address allocations are enforced by network Address + bind log = source

June 2007NSF Find Mechanism Issues Requires bind state and log Function assumes global trust Minor compared to flow state Encryption off datapath = good Simple switches at Gig speeds

June 2007NSF Find Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.