Software-Defined Networking (SDN)
- Barista: Operator-defined Reconfigurable Network OS for Software-Defined Networks
Barista is a novel architecture that seeks to enable flexible and customizable instantiations of network operating systems (NOSs) for software-defined networks (SDNs). First, the modular design of the Barista enables the flexible composition of functionalities prevalent in contemporary SDN controllers. Second, its event-handling mechanism enables dynamic customization of control flows in a NOS. Third, its predictive NOS assessment helps to discover the optimal composition for the requirements specified by operators.
Network Function Virtualization (NFV)
- Probius: Automated Approach for VNF and Service Chain Analysis in Software-Defined NFV
Probius is a performance analysis system that provides a comprehensive view of virtualized network functions (VNFs) and their service chains on the basis of NFV architectural characteristics. Probius collects the most possible NFV performance-related features, analyzes the behaviors of VNFs in service chains, and finally infers possible reasons for performance uncertainties in the VNFs of suspicious service chains.
Internet of Things (IoT)
- SODA: A Software-defined Security Framework for IoT Environments
SODA is a secure IoT gateway that enables device-side dynamic access control and is capable of deploying various security services to protect sensitive and private information. With the assumption that a large number of IoT devices are crowded around an IoT gateway, SODA is implemented for such an environment based on software-defined-networking (SDN) and integrated with virtualized network functions (VNFs) over network function virtualization (NFV) on top of a real IoT device.
- BASTION: A Security Enforcement Network Stack for Container Networks
Bastion is a new high-performance security enforcement network stack that extends the container hosting platform with an intelligent container-aware communication sandbox. Bastion introduces (i) a network visibility service that provides fine-grained control over the visible network topology per container application, and (ii) a traffic visibility service, which securely isolates and forwards inter-container traffic in a point-to-point manner, preventing the exposure of this traffic to other peer containers.
High-Performance Network Security
- Haetae: Scaling the Performance of Network Intrusion Detection with Many-core Processors
Haetae is a highly scalable network intrusion detection system on many-core processors. To maximize the NIDS performance, we take advantage of the underlying hardware and adhere to four design principles: shared-nothing architecture, computation offloading, lightweight data structure, and flow offloading. Through the experimental results, we find that our design choices can significantly improve the NIDS performance (79 Gbps with 1514B synthetic packets).