Document Type thesis Author Name Taylor, Curtis R URN etd-043014-130012 Title Leveraging Software-Defined Networking and Virtualization for a One-to-One Client-Server Model Degree MS Department Computer Science Advisors Craig A. Shue, Advisor Krishna Venkatasubramanian, Reader Craig Wills, Department Head Keywords one-to-one client-server model virtualization security software-defined networks networking Date of Presentation/Defense 2014-04-28 Availability restricted
Modern computer networks allow server resources to be shared. While this multiplexing is the unsung hero of scalability and performance, the fact that clients are sharing resources and each client’s network traffic is transmitted in a larger pool of the total network traffic, poses distinct challenges for security. By adopting multiplexing so broadly, the networking and systems communities have implicitly favored performance over security.
When servers multiplexing clients are compromised, the attack is able to spread by exploiting unsuspecting clients sharing the resource. Drive-by-downloads are an example of an attack where a Web server is compromised and begins distributing malware to connecting clients. As a result of using today’s many-to-one client-server network model, current approaches are inadequate at protecting the network and its resources.
We propose a redesign of the modern network infrastructure. Our approach involves moving from the current many-to-one client-server model to a one-to-one client-server model. In redesigning the network, we provide a means of better accountability for traffic between clients and servers. With accountability, we enable the ability to quickly determine which client is responsible for an attack. This allows us to quickly repair the affected entities. To accomplish this accountability, we separate each client’s communication into separate flows. A flow is identified by various network features, such as IP addresses and ports. Further, instead of allowing multiple clients to be multiplexed at the same server, we use a technique that allows each client to communicate with a server that is logically separate from all other clients. Accordingly, a server compromise only effects a single client.
We create a one-to-one client-server model using virtualization techniques and OpenFlow, a software-defined network (SDN) protocol. We complete our model in three phases. In the first, we deploy a physical SDN using physical machines and a commodity network switch that supports OpenFlow to gain an initial understanding of SDNs. The next phase involves implementation of Choreographer, a DNS access control mechanism, in a virtualized SDN environment for better scalability over our physical configuration. Finally, we leverage Choreographer to dynamically instantiate a server for each client and create network flows that allow a client to reach the requested server.
indicates that a file or directory is accessible from the WPI campus network only.
Browse by Author | Browse by Department | Search all available ETDs
Questions? Email email@example.com