About the Project
Software-defined networking (SDN) [1] is a special computer-networking paradigm that allows network administrators and engineers to dynamically manage network services through the abstraction of the network’s architecture. An SDN controls the network’s architecture using specialized software, which is defined according to requirements specified by users and business applications, and then deployed to the network’s switches and routers. SDNs enable organizations to accelerate application deployment and delivery, leading to reduced IT costs. As a result, they have recently gained popularity with big companies such as Google, Microsoft and Facebook (e.g. Facebook’s FBOSS switching system [2]).
The concept of a container SDN is based on the idea that container virtual machines, for example Docker containers [3], can be dynamically networked in a virtual manner to construct applications (on the spot) running in multiple containers according to what is required at the business application level. Docker containers are micro-VMs that share the same OS kernel running as an isolated user process. A Docker container wraps-up a piece of software in a complete file system that contains everything it needs to run: code, runtime, system tools and system libraries. This guarantees that it will always run in the same manner regardless of the environment it is running in. Recently, containers have been used as part of virtual networking systems, such as Weave [4], facilitating on-the-fly service creation and deployment by dynamically changing the connectivity of containers, as the application requires.
One of the shortcomings with of the above approach is that security is seen as a specific case [5] of communication security with solutions rooted in standard cryptography (e.g. TLS). Higher-order security requirements, expressed using security policies, are often ignored. Moreover, existing solutions for container communication security are generally commercial solutions with little or no scientific research performed to back up their claims regarding the security of the generated systems. To fill this gap, this project will focus on the modeling and analysis of risk and security properties of container-based SDN systems. The project will aim at establishing a formal model of the container SDNs, expanding on existing formal languages such as B [6] and process algebra [7], and then define analyses that capture breaches of risk and security properties, such as the over-shooting of risk metrics, leakage of information and others. The new framework will be validated through an implementation, which operates as an additional service in a container SDN.
The project will build on existing research work that the first supervisor is conducting in the area of the security and risk of SDN-based systems. There is currently one PhD student who is working this area, and the recruitment of other PhD researchers will strengthen the group. Both first and second supervisors have a long research track record covering areas of networking and security.
Continue with Facebook
