Programmable In-network Security: A Vision for Network Security in the Next Generation
Network attacks are on the rise, and many of them can be traced to a common root cause---the Internet does not have security support in its architecture. Existing proposals either need to make intrusive changes to the Internet, or resort to bolt-on protection for each discovered attack. In the Poise (Programmable In-network Security) project, we are rethinking how to develop a secure foundation for the next-generation Internet. Poise leverages technological advances in emerging programmable networking hardware, and it takes a three-step approach. First, Poise transforms a programmable switch into a defense platform by developing a suite of defenses that reside in the switch. Next, Poise transforms a programmable network into a defense fleet by synchronizing distributed defenses across the network. Furthermore, Poise reasons about the in-network defenses to ensure that they are themselves secure, both individually and in composition.
Ang Chen is an assistant professor in the Department of Computer Science at Rice University. His research interests span networking, security, and systems, with a particular focus on making networked systems more reliable, efficient, and secure. Ang loves life and hopes that you do, too!