Programmable In-Network Security for Context-aware BYOD Policies
| dc.contributor.advisor | Chen, Ang | en_US |
| dc.creator | Kang, Qiao | en_US |
| dc.date.accessioned | 2021-01-29T14:40:51Z | en_US |
| dc.date.available | 2021-01-29T14:40:51Z | en_US |
| dc.date.created | 2021-05 | en_US |
| dc.date.issued | 2021-01-26 | en_US |
| dc.date.submitted | May 2021 | en_US |
| dc.date.updated | 2021-01-29T14:40:51Z | en_US |
| dc.description.abstract | Bring Your Own Device (BYOD) has become the new norm in enterprise networks, but BYOD security remains a top concern. Context-aware security, which enforces access control based on dynamic runtime context, is a promising approach. Recent work has developed SDN solutions to collect device contexts and enforce access control at a central controller. However, the central controller could become a bottleneck and attack target. Responding to context changes from the remote controller is also too slow for real-time decision change. We present a new paradigm, programmable in-network security (Poise), which is enabled by the emergence of programmable switches. At the heart of Poise is a novel security primitive, which can be programmed to support a wide range of contextaware policies in hardware. Users of Poise specify concise policies, and Poise compiles them into different configurations of the primitive in P4. Compared to traditional SDN defenses, Poise is resilient to control plane saturation attacks, and it dramatically increases defense agility. | en_US |
| dc.format.mimetype | application/pdf | en_US |
| dc.identifier.citation | Kang, Qiao. "Programmable In-Network Security for Context-aware BYOD Policies." (2021) Master’s Thesis, Rice University. <a href="https://hdl.handle.net/1911/109786">https://hdl.handle.net/1911/109786</a>. | en_US |
| dc.identifier.uri | https://hdl.handle.net/1911/109786 | en_US |
| dc.language.iso | eng | en_US |
| dc.rights | Copyright is held by the author, unless otherwise indicated. Permission to reuse, publish, or reproduce the work beyond the bounds of fair use or other exemptions to copyright law must be obtained from the copyright holder. | en_US |
| dc.subject | BYOD | en_US |
| dc.subject | access control | en_US |
| dc.subject | programmable data planes | en_US |
| dc.title | Programmable In-Network Security for Context-aware BYOD Policies | en_US |
| dc.type | Thesis | en_US |
| dc.type.material | Text | en_US |
| thesis.degree.department | Computer Science | en_US |
| thesis.degree.discipline | Engineering | en_US |
| thesis.degree.grantor | Rice University | en_US |
| thesis.degree.level | Masters | en_US |
| thesis.degree.name | Master of Science | en_US |
Files
Original bundle
1 - 1 of 1