1. Proof-Carrying Network Code
- Author
-
Sahil Gupta, Minseok Kwon, David Darias, Kyle I. Diller, Christian Skalka, Steffen Smolka, Nate Foster, and John H. Ring
- Subjects
021110 strategic, defence & security studies ,Computer science ,020208 electrical & electronic engineering ,Control (management) ,0211 other engineering and technologies ,02 engineering and technology ,Security policy ,Computer security ,computer.software_genre ,Home health ,0202 electrical engineering, electronic engineering, information engineering ,Code (cryptography) ,Trust management (information system) ,Network code ,Software-defined networking ,Formal verification ,computer - Abstract
Computer networks often serve as the first line of defense against malicious attacks. Although there are a growing number of tools for defining and enforcing security policies in software-defined networks (SDNs), most assume a single point of control and are unable to handle the challenges that arise in networks with multiple administrative domains. For example, consumers may want want to allow their home IoT networks to be configured by device vendors, which raises security and privacy concerns. In this paper we propose a framework called Proof-Carrying Network Code (PCNC) for specifying and enforcing security in SDNs with interacting administrative domains. Like Proof-Carrying Authorization (PCA), PCNC provides methods for managing authorization domains, and like Proof-Carrying Code (PCC), PCNC provides methods for enforcing behavioral properties of network programs. We develop theoretical foundations for PCNC and evaluate it in simulated and real network settings, including a case study that considers security in IoT networks for home health monitoring.
- Published
- 2019