Worcester Polytechnic Institute Electronic Theses and Dissertations Collection

Title page for ETD etd-043014-130012


Document Typethesis
Author NameTaylor, Curtis R
URNetd-043014-130012
TitleLeveraging Software-Defined Networking and Virtualization for a One-to-One Client-Server Model
DegreeMS
DepartmentComputer Science
Advisors
  • Craig A. Shue, Advisor
  • Krishna Venkatasubramanian, Reader
  • Craig Wills, Department Head
  • Keywords
  • one-to-one client-server model
  • virtualization
  • security
  • software-defined networks
  • networking
  • Date of Presentation/Defense2014-04-28
    Availability restricted

    Abstract

    Modern computer networks allow server resources to be shared. While this multiplexing is the unsung hero of scalability and performance, the fact that clients are sharing resources and each client’s network traffic is transmitted in a larger pool of the total network traffic, poses distinct challenges for security. By adopting multiplexing so broadly, the networking and systems communities have implicitly favored performance over security.

    When servers multiplexing clients are compromised, the attack is able to spread by exploiting unsuspecting clients sharing the resource. Drive-by-downloads are an example of an attack where a Web server is compromised and begins distributing malware to connecting clients. As a result of using today’s many-to-one client-server network model, current approaches are inadequate at protecting the network and its resources.

    We propose a redesign of the modern network infrastructure. Our approach involves moving from the current many-to-one client-server model to a one-to-one client-server model. In redesigning the network, we provide a means of better accountability for traffic between clients and servers. With accountability, we enable the ability to quickly determine which client is responsible for an attack. This allows us to quickly repair the affected entities. To accomplish this accountability, we separate each client’s communication into separate flows. A flow is identified by various network features, such as IP addresses and ports. Further, instead of allowing multiple clients to be multiplexed at the same server, we use a technique that allows each client to communicate with a server that is logically separate from all other clients. Accordingly, a server compromise only effects a single client.

    We create a one-to-one client-server model using virtualization techniques and OpenFlow, a software-defined network (SDN) protocol. We complete our model in three phases. In the first, we deploy a physical SDN using physical machines and a commodity network switch that supports OpenFlow to gain an initial understanding of SDNs. The next phase involves implementation of Choreographer, a DNS access control mechanism, in a virtualized SDN environment for better scalability over our physical configuration. Finally, we leverage Choreographer to dynamically instantiate a server for each client and create network flows that allow a client to reach the requested server.

    Files
  • (WPI)crtaylor.pdf

    (WPI) indicates that a file or directory is accessible from the WPI campus network only.


  • Browse by Author | Browse by Department | Search all available ETDs

    [WPI] [Library] [Home] [Top]

    Questions? Email etd-questions@wpi.edu
    Maintained by webmaster@wpi.edu