SlideShare a Scribd company logo

Security & fault tolerance in fresco

Download as PPTX, PDF
A
Amit Lanjewar

FRESCO is a modular framework that simplifies the development and deployment of security services for OpenFlow networks. It facilitates rapid design of security applications through modular composition of reusable library modules. FRESCO introduces minimal overhead and can produce flow rules to efficiently implement security directives like address blocking or flow redirection. It also provides a scripting language to configure modules and define instances, abstracting away complex OpenFlow controller implementations. Case studies demonstrate FRESCO's use in services like scan deflection and botnet detection by enforcing security policies through automatic translation to flow rules.

Education
1 of 17
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Security & Fault Tolerance in FRESCO AMIT LANJEWAR |SYMBIOSIS
Introduction  Modular Compassable Security Service  An OF security application development framework  Facilitates rapid designing, modular composition of modules.  Offers a CLICK-inspired programming framework.  Designed with an intent to address several key issues accelerating composition of new OF-enabled security services.
FRESCO Exports scripting API. Libraries represent the elementary processing units in FRESCO. 16 re-usable modules. FRESCO introduces minimal overhead. Can produce flow rules, and thus provide an efficient means to implement security directives. Security Functions such as - simple address blocking to complex flow redirection procedures. Fresco Countermeasure module. Fresco Response module. Fresco Database module. Summary – Simplifies development and deployment of security services for OF n/w. Enables rapid creation of popular security functions with significantly (over 90%) fewer lines of code.
SDN Architecture
Security & fault tolerance in fresco
Security & fault tolerance in fresco
FRESCO DESIGN FRESCO Framework Application Layer Security Enforcement Kernel (SEK)
FRESCO Script Language  To simplify development of security applications  FRESCO provides its own script language.  configure modules through a FRESCO script.  Defining an instance is very similar to defining a function in C or C++.
Operational illustration of running FRESCO script
FRESCO Security Enforcement Kernel  Security applications developed in FRESCO - security policies, such as DROP, REDIRECT, QUARANTINE.  These policies will be automatically translated into flow rules.  Flow rules for non-security-critical applications:- 1. Rule Source Identification 2. Rule Conflict Detection 3. Conflict Resolution
Case Study  Implementing Reflector Net  Cooperating with a Legacy Security Application :-
Implementation of Fresco Architecture  Implementation We have developed a prototype implementation of the FRESCO architecture.  The FRESCO Application Layer prototype is implemented in Python and runs as an OpenFlow application on NOX.  The prototype operates on NOX version 0.5.0 using the OpenFlow 1.1.0 protocol, and is implemented in approximately 3,000 lines of Python.
Fresco Services 1. FRESCO Scan Deflector Service
 2. FRESCO BotMiner Service
 FRESCO P2P Plotter Service
Advantages  Enables rapid creation of popular security functions.  Fewer lines of code.  minimal overhead for use in live network environments.  FRESCO also exports a high-level API in the FRESCO language that abstracts away complexities relating to switch management and specific controller implementations.  can enforce diverse security policies  Implementing Reflector Net FRESCO’s power stems from its ability to use OpenFlow to effectively reprogram the underlying network infrastructure to defend the network against an emerging threat
Thank You!

More Related Content

PDF
Make your OpenStack Cloud Self-Defending with VESPA!
mlacostma
 
PDF
message passing interface
ZTech Proje
 
DOCX
message passing interface
ZTech Proje
 
PDF
a famework for analyzing template security and privacy in biometric authenti...
ZTech Proje
 
PDF
Infrastructure as (Secure) Code
Mark Nunnikhoven
 
PPT
Ch16
Joe Christensen
 
PDF
secureTF: A Secure TensorFlow Framework
LEGATO project
 
PPTX
IP Security and its Components
Mohibullah Saail
 
Make your OpenStack Cloud Self-Defending with VESPA!
mlacostma
 
message passing interface
ZTech Proje
 
message passing interface
ZTech Proje
 
a famework for analyzing template security and privacy in biometric authenti...
ZTech Proje
 
Infrastructure as (Secure) Code
Mark Nunnikhoven
 
Ch16
Joe Christensen
 
secureTF: A Secure TensorFlow Framework
LEGATO project
 
IP Security and its Components
Mohibullah Saail
 

What's hot (18)

PDF
TEEMon: A continuous performance monitoring framework for TEEs
LEGATO project
 
PDF
I psec cisco
Deepak296
 
PDF
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
Shawn Wells
 
PDF
Cns unit4
PRADEEPJ30
 
PPT
An Architectural Concept for Intrusion Tolerance in Air Traffic Networks
Ülger Ahmet
 
DOC
Network security
Chintan Gosai
 
PPT
Tossim Accurate And Scalable Simulation Of Entire Tiny Os Applications Sensys03
AndyTau
 
PPTX
Lecture 07 networking
HNDE Labuduwa Galle
 
PPT
IT103Microsoft Windows XP/OS Chap11
blusmurfydot1
 
PPTX
I psecurity
ZainabNoorGul
 
PDF
74080-1421272433
Michael Swierzewski
 
PDF
'Moon' Security Management System for OPNFV
OPNFV
 
PPT
1.Architecture
phanleson
 
PDF
Generating Signatures for cyberattacks.
Shyamsundar Das
 
PPTX
Security protocols in constrained environments
Chris Swan
 
PPTX
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Eric Vanderburg
 
PDF
IEEE NFV-SDN 2017 - On the establishment of trust in the cloud-based ETSI NFV...
Marco De Benedictis
 
DOCX
Effective key management in dynamic wireless sensor networks
LogicMindtech Nologies
 
TEEMon: A continuous performance monitoring framework for TEEs
LEGATO project
 
I psec cisco
Deepak296
 
2009-08-11 IBM Teach the Teachers (IBM T3), Linux Security Overview
Shawn Wells
 
Cns unit4
PRADEEPJ30
 
An Architectural Concept for Intrusion Tolerance in Air Traffic Networks
Ülger Ahmet
 
Network security
Chintan Gosai
 
Tossim Accurate And Scalable Simulation Of Entire Tiny Os Applications Sensys03
AndyTau
 
Lecture 07 networking
HNDE Labuduwa Galle
 
IT103Microsoft Windows XP/OS Chap11
blusmurfydot1
 
I psecurity
ZainabNoorGul
 
74080-1421272433
Michael Swierzewski
 
'Moon' Security Management System for OPNFV
OPNFV
 
1.Architecture
phanleson
 
Generating Signatures for cyberattacks.
Shyamsundar Das
 
Security protocols in constrained environments
Chris Swan
 
Ethical hacking Chapter 7 - Enumeration - Eric Vanderburg
Eric Vanderburg
 
IEEE NFV-SDN 2017 - On the establishment of trust in the cloud-based ETSI NFV...
Marco De Benedictis
 
Effective key management in dynamic wireless sensor networks
LogicMindtech Nologies
 
Ad

Similar to Security & fault tolerance in fresco (20)

PDF
GitOps meets Serverless
Alex Ellis
 
PDF
Charlotte Gayton's OpenChain ISO 18974 Dissertation
HowardvanRooijen1
 
PDF
Luncheon 2015-01-15 - Managing Security Requirements in Software Projects by ...
North Texas Chapter of the ISSA
 
PDF
FRED: A Hosted Data Flow Platform for the IoT
Michael Blackstock
 
PDF
Anomaly_Analysis_of_OpenStack_Firewall_Polices_Report
Ciaran McDonald
 
PDF
Putting the Sec into DevOps
Maytal Levi
 
PDF
Orion NTA Customer Training
SolarWinds
 
PDF
DevSecOps: Putting the Sec into the DevOps
shira koper
 
PDF
OS_File_systems_Consistency_Semantics.ppt
sujaachar6
 
PPTX
SLIDE DECK - NFRs vs FRs.pptx
AustraliaChapterIIBA
 
PDF
FASTEN H2020 project presentation at Paris Open Source Summit, December 2019.
Fasten Project
 
PPT
Flux: A Language for Programming High-Performance Servers
Emery Berger
 
PDF
software defined network, openflow protocol and its controllers
Isaku Yamahata
 
PPTX
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Cloudera, Inc.
 
PDF
System Security @ NECSTLab
NECST Lab @ Politecnico di Milano
 
PPTX
Securing and automating your application infrastructure meetup 23112021 b
lior mazor
 
PDF
A story of the passive aggressive sysadmin of AEM
Frans Rosén
 
PDF
Reactive: Programming -> Systems -> Architecture
Aleksey Izmailov
 
PDF
Agile integration: Decomposing the monolith
Judy Breedlove
 
PDF
Secure software chapman
AdaCore
 
GitOps meets Serverless
Alex Ellis
 
Charlotte Gayton's OpenChain ISO 18974 Dissertation
HowardvanRooijen1
 
Luncheon 2015-01-15 - Managing Security Requirements in Software Projects by ...
North Texas Chapter of the ISSA
 
FRED: A Hosted Data Flow Platform for the IoT
Michael Blackstock
 
Anomaly_Analysis_of_OpenStack_Firewall_Polices_Report
Ciaran McDonald
 
Putting the Sec into DevOps
Maytal Levi
 
Orion NTA Customer Training
SolarWinds
 
DevSecOps: Putting the Sec into the DevOps
shira koper
 
OS_File_systems_Consistency_Semantics.ppt
sujaachar6
 
SLIDE DECK - NFRs vs FRs.pptx
AustraliaChapterIIBA
 
FASTEN H2020 project presentation at Paris Open Source Summit, December 2019.
Fasten Project
 
Flux: A Language for Programming High-Performance Servers
Emery Berger
 
software defined network, openflow protocol and its controllers
Isaku Yamahata
 
Hadoop World 2011: Security Considerations for Hadoop Deployments - Jeremy Gl...
Cloudera, Inc.
 
System Security @ NECSTLab
NECST Lab @ Politecnico di Milano
 
Securing and automating your application infrastructure meetup 23112021 b
lior mazor
 
A story of the passive aggressive sysadmin of AEM
Frans Rosén
 
Reactive: Programming -> Systems -> Architecture
Aleksey Izmailov
 
Agile integration: Decomposing the monolith
Judy Breedlove
 
Secure software chapman
AdaCore
 
Ad

Recently uploaded (20)

PPTX
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
PDF
Basic Mud Logging Guide for educational purpose
wdandworks
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PPTX
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
PPTX
Pharma ospi slides which help in ospi learning
rameetkumar304
 
PDF
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PDF
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
PPTX
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
PDF
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PDF
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
PDF
Pre independence Education in Inndia.pdf
goofy5603
 
PDF
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
PPTX
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PDF
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PPTX
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
1st Inaugural Professorial Lecture held on 19th February 2020 (Governance and...
kawisojames10
 
Basic Mud Logging Guide for educational purpose
wdandworks
 
RMMM.pdf make it easy to upload and study
sajedul2
 
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
Pharma ospi slides which help in ospi learning
rameetkumar304
 
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
Renaissance Architecture: A Journey from Faith to Humanism
DrMonicaSharma
 
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
Pre independence Education in Inndia.pdf
goofy5603
 
Supply Chain Operations Speaking Notes -ICLT Program
labyankof
 
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 

Security & fault tolerance in fresco

  • 1. Security & Fault Tolerance in FRESCO AMIT LANJEWAR |SYMBIOSIS
  • 2. Introduction  Modular Compassable Security Service  An OF security application development framework  Facilitates rapid designing, modular composition of modules.  Offers a CLICK-inspired programming framework.  Designed with an intent to address several key issues accelerating composition of new OF-enabled security services.
  • 3. FRESCO Exports scripting API. Libraries represent the elementary processing units in FRESCO. 16 re-usable modules. FRESCO introduces minimal overhead. Can produce flow rules, and thus provide an efficient means to implement security directives. Security Functions such as - simple address blocking to complex flow redirection procedures. Fresco Countermeasure module. Fresco Response module. Fresco Database module. Summary – Simplifies development and deployment of security services for OF n/w. Enables rapid creation of popular security functions with significantly (over 90%) fewer lines of code.
  • 7. FRESCO DESIGN FRESCO Framework Application Layer Security Enforcement Kernel (SEK)
  • 8. FRESCO Script Language  To simplify development of security applications  FRESCO provides its own script language.  configure modules through a FRESCO script.  Defining an instance is very similar to defining a function in C or C++.
  • 9. Operational illustration of running FRESCO script
  • 10. FRESCO Security Enforcement Kernel  Security applications developed in FRESCO - security policies, such as DROP, REDIRECT, QUARANTINE.  These policies will be automatically translated into flow rules.  Flow rules for non-security-critical applications:- 1. Rule Source Identification 2. Rule Conflict Detection 3. Conflict Resolution
  • 11. Case Study  Implementing Reflector Net  Cooperating with a Legacy Security Application :-
  • 12. Implementation of Fresco Architecture  Implementation We have developed a prototype implementation of the FRESCO architecture.  The FRESCO Application Layer prototype is implemented in Python and runs as an OpenFlow application on NOX.  The prototype operates on NOX version 0.5.0 using the OpenFlow 1.1.0 protocol, and is implemented in approximately 3,000 lines of Python.
  • 13. Fresco Services 1. FRESCO Scan Deflector Service
  • 14.  2. FRESCO BotMiner Service
  • 15.  FRESCO P2P Plotter Service
  • 16. Advantages  Enables rapid creation of popular security functions.  Fewer lines of code.  minimal overhead for use in live network environments.  FRESCO also exports a high-level API in the FRESCO language that abstracts away complexities relating to switch management and specific controller implementations.  can enforce diverse security policies  Implementing Reflector Net FRESCO’s power stems from its ability to use OpenFlow to effectively reprogram the underlying network infrastructure to defend the network against an emerging threat