Summer 2012 ESCC/Internet2 Joint Techs

Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Using Software Defined Networking to Achieve Network Security

Time 07/16/12 12:30PM-01:50PM

Session Abstract

We suggest setting up a group within Internet2 to provide management and software products to audit networks for Data Intensive Science (DIS).

By "audit" we refer to a capability that parallels the auditing function in government and private industry.

  • The auditors determine that various management outputs are correct by examining the outputs with objective data not under the control of management.
  • The fact that the outputs were prepared by duly authorized managers acting within the scope of their management duties is perhaps a necessary, but by no means sufficient, condition to pass an audit.

The current security procedures to be employed for the proposed build-out of massive DIS network capacity are limited to whether network administrators are authorized and acting within their authorization.

An audit capability for a massive DIS network needs to be expanded to include examination of whether the actions of managers are objectively correct as determined by comparison with data not under the control of the managers.

For audits of networks to support DIS, the audits will be conducted primarily by software agents.

SDN network components are easier to audit because the correct state of SDN components is easier to determine.


Speaker Fred Smith Angel Secure Networks

Presentation Media

Secondary tracks Software Defined Networking Security

gold Sponsors

silver Sponsors