Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security.

Slides:



Advertisements
Similar presentations
All Rights Reserved © Alcatel-Lucent 2009 Enhancing Dynamic Cloud-based Services using Network Virtualization F. Hao, T.V. Lakshman, Sarit Mukherjee, H.
Advertisements

IP datagrams Service paradigm, IP datagrams, routing, encapsulation, fragmentation and reassembly.
OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.
An Overview of Software-Defined Network Presenter: Xitao Wen.
OpenFlow Costin Raiciu Using slides from Brandon Heller and Nick McKeown.
OpenFlow : Enabling Innovation in Campus Networks SIGCOMM 2008 Nick McKeown, Tom Anderson, et el. Stanford University California, USA Presented.
Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security.
Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
An Overview of Software-Defined Network
Data Center Virtualization: Open vSwitch Hakim Weatherspoon Assistant Professor, Dept of Computer Science CS 5413: High Performance Systems and Networking.
Jennifer Rexford Princeton University MW 11:00am-12:20pm SDN Software Stack COS 597E: Software Defined Networking.
N. GSU Slide 1 Chapter 04 Cloud Computing Systems N. Xiong Georgia State University.
An Overview of Software-Defined Network Presenter: Xitao Wen.
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
Connecting LANs, Backbone Networks, and Virtual LANs
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Identity Management and DNS Services Tianyi XING.
Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security.
Identity Management and DNS Services Tianyi XING.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Information-Centric Networks10b-1 Week 13 / Paper 1 OpenFlow: enabling innovation in campus networks –Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru.
Sumit Kumar Archana Kumar Group # 4 CSE 591 : Virtualization and Cloud Computing.
OpenFlow: Enabling Technology Transfer to Networking Industry Nikhil Handigol Nikhil Handigol Cisco Nerd.
Chapter 6: Packet Filtering
Software-Defined Networks Jennifer Rexford Princeton University.
Dynamic and Secure DNS Tianyi Xing.  Establish a dynamic and secure DNS service in the mobicloud system.
Common Devices Used In Computer Networks
CPMT 1451 IT Essentials: PC Hardware and Software ITCC 1301 Cisco Exploration 1: Network Fundamentals ITCC 1304 Cisco Exploration 2: Routing Protocols.
OpenFlow: Enabling Innovation in Campus Networks
Jon Turner, John DeHart, Fred Kuhns Computer Science & Engineering Washington University Wide Area OpenFlow Demonstration.
Virtual Circuit Network. Network Layer 2 Network layer r transport segment from sending to receiving host r network layer protocols in every host, router.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Abdullah Alshalan Garrett Drown Team 3 CSE591: Virtualization and Cloud Computing.
ECE 526 – Network Processing Systems Design Networking: protocols and packet format Chapter 3: D. E. Comer Fall 2008.
MODULE I NETWORKING CONCEPTS.
OpenFlow:Enabling Innovation in Campus Network
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
Sumit Kumar Archana Kumar Group # 4 CSE 591 : Virtualization and Cloud Computing3/3/2011.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Networking Components Michelle Vega Network System Administrations LTEC /026 Mr. West.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
STORE AND FORWARD & CUT THROUGH FORWARD Switches can use different forwarding techniques— two of these are store-and-forward switching and cut-through.
Cisco Network Devices Chapter 6 powered by DJ 1. Chapter Objectives At the end of this Chapter you will be able to:  Identify and explain various Cisco.
Security in Cloud Computing Zac Douglass Chris Kahn.
An Application of VoIP and MPLS Advisor: Dr. Kevin Ryan
OpenDNSSEC Deployment Tianyi Xing. Roadmap By mid-term – Establish a DNSSEC server within the mobicloud system (Hopfully be done by next week) Successfully.
Information-Centric Networks Section # 13.2: Alternatives Instructor: George Xylomenos Department: Informatics.
Project Description. NetFGPA-based Virtual Router Implement a Virtual Router with using NetFPGA Box. an open source hardware and software platform for.
Abdullah Alshalan Garrett Drown Group #4 CSE591 - Virtualization and Cloud Computing.
ICSA 341 Data communications & Computer Networks Switching In the WAN, mesh networks are not practical for geographically spread areas with many nodes.
Network Virtualization Sandip Chakraborty. In routing table we keep both the next hop IP (gateway) as well as the default interface. Why do we require.
Networking Components Assignment 3 Corbin Watkins.
OpenFlow: Enabling Innovation in Campus Networks Yongli Chen.
Fabric: A Retrospective on Evolving SDN Presented by: Tarek Elgamal.
SDN and Beyond Ghufran Baig Mubashir Adnan Qureshi.
Programming Assignment 2 Zilong Ye. Traditional router Control plane and data plane embed in a blackbox designed by the vendor high-seed switching fabric.
Network Virtualization Ben Pfaff Nicira Networks, Inc.
CIS 700-5: The Design and Implementation of Cloud Networks
Chapter 4 Introduction to Network Layer
Week 6 Software Defined Networking (SDN): Concepts
Virtual LANs.
The Stanford Clean Slate Program
Chapter 4 Introduction to Network Layer
Firewalls Routers, Switches, Hubs VPNs
Implementing an OpenFlow Switch on the NetFPGA platform
In-network computation
Chapter 4: outline 4.1 Overview of Network layer data plane
Presentation transcript:

Garrett Drown Tianyi Xing Group #4 CSE548 – Advanced Computer Network Security

What are Virtual Trusted Domains? A virtual trusted domain (VTD) is a collection of machines, regardless of physical boundaries, that trust one another.

 Create and manage virtual trusted domains for virtual machines through the use of a NetFPGA.  Provide the virtual machines with reliable, secure, and fast connections to others in their virtual trusted domain.

 Low-cost platform, primarily designed as a tool for teaching networking hardware and router design

Roadmap of project:  By midterm:  Research how to program NetFPGAs.  Research and design an implementation for Virtual Trusted Domains on a NetFPGA.  Research Path Splicing, which implements similar features that we would like to use in our project.  Setup environment and begin coding our program which creates and manages Virtual Trusted Domains on a NetFPGA  Find and (if time permitting) set up an existing similar solution (if there is one) for VTDs as a basis for our work.  By final:  Modify the existing solution which can or potentially can implement the VTD.  Deploy the program and setup a test-bed on a NetFPGA.  Tested and debugged.  Final documents completed.

Our idea:  Have the controller maintain and utilize a database which contains the list of approved computers, their domain, and security level.  The packet header will be modified to include the user’s trust level and the VTD he wishes to communicate with.

 Two fields: Domain ○ This domain field is used for indicating the domain that a group of VMs belong to. ○ Machines in the same domain are able to talk with each other Trust Level ○ Trust level indicates the trust relationship among different machines in the same domain

 Hardware Pre-build NetFPGA server Dell Rack Server (Xenserver)  Software CentOS 5 NetFPGA base package Openflow Switch Nox Controller

Domain/Trust Level

 Domain Field 10 bits, so it can support up to 1024 domains in the system.  Trust Level (TL) 2 bits, so it has 4 trust levels (from 0 to 3). And we defined that 3 is the highest trust level.

 The VM1(6,3) initiates the traffic to VM2(6,2)  The Openflow Switch receives the packet from VM1  There is not entry in the flow table  The packet is sent to the NOX controller.

 NOX controller checks the domain and TL, found in the packet, and compares these with the destination in the database. If they are not in the same domain, then the packet is dropped.  If src and dst are in the same domain, then check the trust level.  If the TL(src) ≥ TL(dst), traffic is forwarded, otherwise, traffic is disallowed.

 We design a virtual trust domain concept for cloud system.  We deploy a innovative platform (Openflow over NetFPGA)  We successfully implemented our VTD concept in the real cloud system

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.