2014 Technology Exchange

Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

SciPass: 100G OpenFlow Science DMZ

Time 10/29/14 01:30PM-02:15PM

Room White River Ballroom A

Session Abstract

SciPass is an open source project lead by the GlobalNOC at Indiana University and developed in collaboration with the IU Security Office, ESnet, and the Bro team. This session will introduce SciPass and go into its use case and capabilities, our implementation experience, and its current development status. Additionally, with the help of our development collaborators and Brocade, we will provide a live demonstration of the system performing large-scale science data transfers.

SciPass provides a security enhanced Science DMZ that employs state of the art IDS fingerprinting techniques to identify trusted science data transfers, bypassing limited infrastructure components (such as institutional firewalls) and enabling better utilization of 100G campus connectivity. The SciPass system consists of a cluster of Bro Intrusion Detection System (IDS) sensors, a capable OpenFlow Switch, and the SciPass application.

SciPass is designed to use security capabilities to increase rather than decrease performance, as is often the case. The system operates as an adaptive load balancer sending traffic to the Bro Cluster. As trusted flows are identified, the sensor signals this to the SciPass application, which then installs a bypass into the switch to avoid the institutional firewall.


Speaker Edward Balas Indiana University

Primary track Advanced Networking/Joint Techs

Secondary tracks Security

platinum Sponsors

gold Sponsors

silver Sponsors

bronze Sponsors

supporter Sponsors