Resilience as a Service: Optimisation of Middlebox placement
Lead Research Organisation:
University of Glasgow
Department Name: School of Computing Science
Abstract
The aim of this research is to propose an approach for virtualising, deploying
and orchestrating multiple security applications in a distributed fashion within
a network, to boost overall performance and resilience. Our initial list of objectives
contains the following:
Investigate and implement lightweight virtual environments that can run
on a variety of network systems, including nodes and switches, and can
provide the required access to network data for security applications. Such
virtual environments are currently limited by underlying operating systems,
such as Docker[11], or present unnecessary complexity for embedded
devices, e.g. network switches, as is the case with the Java Virtual
Machine[15][14].
Investigate various deployment strategies that can maximise performance
4
and resilience through flow analysis, virtual machine migration techniques
and topology coverage analysis. Research has shown that the migration
and optimal placement of guest virtual machines within large data centre
networks improves overall resource usage[16][4], a technique we want to
leverage in order to also offer increased network resilience in the case of
faults or attacks.
Propose an extension to SDN southbound protocols that would allow management
of these devices in a programmatic manner. Following the same
design principles as SDN, this allows for increased scalability and flexibility
of a large network; furthermore it provides a global view of the security
status of the network, allowing administrators and developers to manage
security applications with ease. Current attempts of using SDN for this
show severe limitations[8], the protocols involved not being designed with
this use case in mind.
Analyse, implement and deploy proof of concept applications that would
leverage existing locality for resilience within a network. In order to verify
the correct functionality and prove our claims for middlebox localisation
(which provides overall increased performance and allows for scaling on
demand) and enhanced resilience, applications that perform well known
network functions (e.g. Firewalls, Proxies, Intrusion Detection Systems)
are required. These applications must leverage the lightweight environment
mentioned above to also demonstrate portability and execution on
embedded devices.
and orchestrating multiple security applications in a distributed fashion within
a network, to boost overall performance and resilience. Our initial list of objectives
contains the following:
Investigate and implement lightweight virtual environments that can run
on a variety of network systems, including nodes and switches, and can
provide the required access to network data for security applications. Such
virtual environments are currently limited by underlying operating systems,
such as Docker[11], or present unnecessary complexity for embedded
devices, e.g. network switches, as is the case with the Java Virtual
Machine[15][14].
Investigate various deployment strategies that can maximise performance
4
and resilience through flow analysis, virtual machine migration techniques
and topology coverage analysis. Research has shown that the migration
and optimal placement of guest virtual machines within large data centre
networks improves overall resource usage[16][4], a technique we want to
leverage in order to also offer increased network resilience in the case of
faults or attacks.
Propose an extension to SDN southbound protocols that would allow management
of these devices in a programmatic manner. Following the same
design principles as SDN, this allows for increased scalability and flexibility
of a large network; furthermore it provides a global view of the security
status of the network, allowing administrators and developers to manage
security applications with ease. Current attempts of using SDN for this
show severe limitations[8], the protocols involved not being designed with
this use case in mind.
Analyse, implement and deploy proof of concept applications that would
leverage existing locality for resilience within a network. In order to verify
the correct functionality and prove our claims for middlebox localisation
(which provides overall increased performance and allows for scaling on
demand) and enhanced resilience, applications that perform well known
network functions (e.g. Firewalls, Proxies, Intrusion Detection Systems)
are required. These applications must leverage the lightweight environment
mentioned above to also demonstrate portability and execution on
embedded devices.
Organisations
Studentship Projects
| Project Reference | Relationship | Related To | Start | End | Student Name |
|---|---|---|---|---|---|
| EP/N509668/1 | 01/10/2016 | 30/09/2021 | |||
| 1802322 | Studentship | EP/N509668/1 | 03/10/2016 | 30/06/2020 | Mircea Iordache Sica |