Nick Buraglio

A key dimension of reproducibility in testbeds is stable performance that scales in regular and predictable ways in accordance with declarative specifications for virtual resources. We contend that reproducibility is crucial for elastic performance control in live experiments, in which testbed tenants (slices) provide services for real user traffic that varies over time. This paper gives an overview of ExoPlex, a framework for deploying network service providers (NSPs) as a basis for live… Show more

A key dimension of reproducibility in testbeds is stable performance that scales in regular and predictable ways in accordance with declarative specifications for virtual resources. We contend that reproducibility is crucial for elastic performance control in live experiments, in which testbed tenants (slices) provide services for real user traffic that varies over time. This paper gives an overview of ExoPlex, a framework for deploying network service providers (NSPs) as a basis for live inter-domain networking experiments on the ExoGENI testbed. As a motivating example, we show how to use ExoPlex to implement a virtual software-defined exchange (vSDX) as a tenant NSP. The vSDX implements security-managed interconnection of customer IP networks that peer with it via direct L2 links stitched dynamically into its slice. An elastic controller outside of the vSDX slice provisions network links and computing capacity for a scalable monitoring fabric within the tenant vSDX slice. The vSDX checks compliance of traffic flows with customer-specified interconnection policies, and blocks traffic from senders that trigger configured rules for intrusion detection in Bro security monitors. We present initial results showing the effect of resource provisioning on Bro performance within the vSDX. Show less

Attacks against network infrastructures can be detected by Intrusion Detection Systems (IDS). Still reaction to these events are often limited by the lack of larger contextual information in which they occurred. In this paper we present CoreFlow, a framework for the correlation and enrichment of IDS data with network flow information. CoreFlow ingests data from the Bro IDS and augments this with flow data from the devices in the network. By doing this the network providers are able to… Show more

Attacks against network infrastructures can be detected by Intrusion Detection Systems (IDS). Still reaction to these events are often limited by the lack of larger contextual information in which they occurred. In this paper we present CoreFlow, a framework for the correlation and enrichment of IDS data with network flow information. CoreFlow ingests data from the Bro IDS and augments this with flow data from the devices in the network. By doing this the network providers are able to reconstruct more precisely the route followed by the malicious flows. This enables them to device tailored countermeasures, e.g. blocking close to the source of the attack. We tested the initial CoreFlow prototype in the ESnet network, using inputs from 3 Bro systems and more than 50 routers. Show less

Operate as a key collaborator on awarded NSF proposal #1642142

The SAFE Superfacilities project brings together researchers and IT support organizations from RENCI/UNC Chapel Hill, Duke University and DOE/ESnet. The goal of this project is to generalize support for stitching dynamic network circuits by providing the authorization and security monitoring necessary to enable general, dynamic, and safe interconnections as a foundational building block for Science DMZ, Software Defined… Show more

Operate as a key collaborator on awarded NSF proposal #1642142

The SAFE Superfacilities project brings together researchers and IT support organizations from RENCI/UNC Chapel Hill, Duke University and DOE/ESnet. The goal of this project is to generalize support for stitching dynamic network circuits by providing the authorization and security monitoring necessary to enable general, dynamic, and safe interconnections as a foundational building block for Science DMZ, Software Defined Exchanges (SDX), and superfacilities. One element of the project focuses on using the SAFE logical trust system to authorize dynamic stitching of network links in two systems developed, deployed, and operated by the researchers and their collaborators: the ExoGENI testbed and Duke's Software-Defined Science Network (SDSN) campus network exchange. A second element addresses dynamic out-of-band security monitoring of traffic over these links. The project serves as a model for improving security while maintaining high-performance friction-free network paths between campus scientists and remote facilities.
Show less

High level introduction to the Bro Intrusion detection system.

ChiNOG 05 presentation on Secure interdomain SDN for the SDX/IX and traditional autonomous system.

A framework for securing a network or set of systems when traditional firewalls and security appliances are not an option.

Thoughts on the shortcomings and lack of good, functional security in the border gateway protocol (BGP4).

Discussion of OpenFlow as a network control protocol that pushes past Layer 2 to transform the WAN and optical transport layer of the network.

Co-PI on CC-NIE Network Infrastructure grant award.