SlideShare a Scribd company logo

ICCT2017: A user mode implementation of filtering rule management plane using key-value

Ruo Ando
Ruo Ando

2017 17th IEEE International Conference on Communication Technology | Chengdu, China | Oct 27-30, 2017

1 of 14
Download to read offline
A user mode implementation of filtering rule management plane using key-value Ruo Ando National Institute of informatics, Japan Yuuki Takano, Shinsuke Miwa Network Security Research Institute, National Institute of Information and Communications Technology, Japan 2017 17th IEEE International Conference on Communication Technology | Chengdu, China | Oct 27-30, 2017
Abstract: Towards alternative access control model [A] The emergence of network virtualization and related technologies such as SDN and Cloud computing make us face the new challenge of new alternative access control model. [B] Particularly, besides flexibility, fine-grained traffic engineering functionality for coping with scalability and diversified networks is required for the deployments of SDN and Cloud Computing. [C] Our architecture leverages NoSQL data store for handling a large scale of filtering rules. By adopting NoSQL, we can achieve scalability, availability and tolerance to network partition. Besides, separating management plane and control plane, we can achieve responsiveness and strong consistency at the same time. [D] In experiment, we have prototyped a lightweight management plane for IP filtering. Access filtering rules including target IP address, prefix and gateway is represented as radix tree. It is shown that proposed method can achieve reasonable utilization in filtering IP packets
Network virtualization: abstraction and centralization NIC HD CPU RAM FW LB VLANS VRF 2001 2012 image vCPU vRAM vNIC FlowTable vFW vLB abstraction layer Xen KVM VMWare OpenFlow Open vSwitch FloodLight Decouple Virtualization layer reproduce Automate
What is SDN and network virtualization ? Myth: “SDN is network virtualization” x86 / ARM Virtualization Layer Windows Linux Open Flow Virtualization Or Slicing NOX NOX CPU, Hardisk, PIC, IO X86 instruction set Xen, QEMU, etc Windows Linux Hardware Resources Abstraction layer Virtualization Layer slice slice Bandwidth, CPU, FIB OpenFlow FlowVisor Controller Contoller Definition of a slice • Slice is a set of flows (called flowspace) running on a topology of switches. https://www.clear.rice.edu/comp529/.../tutorial_4.pdf
“when virtual is harder than real” drawbacks of virtualized network Tal Garfinkel , Mendel Rosenblum, When virtual is harder than real: Security challenges in virtual machine based computing environments, HotOS 2005 Scalability. Growth in physical machines is ultimately limited by setup time and bounded by organization‘s capital equipment budget. In contrast creating a new VM is as easy as copying file. Users will frequently have several or even dozens of special purpose VMs . Thus,total number of VMs in an organization can grow at an explosive rate.Rarely all administrative tasks completely automated. Diversity. Many IT organizations tackle security problems by enforcing homogenity. all machines must run the most current patched software. This creates a range of problems as one must try and maintain patches or other protection for a wide range of OS and deal with the risk posed by having many unpatched machines on the network. Access Control should be centralized ! CloudPolice: Taking access control out of the network Lucian Popa, Minlan Yu, Steven Y. Ko, Ion Stoica, Sylvia Ratnasamy 9th ACM Workshop on Hot Topics in Networks (HotNets-IX). Monterey, CA, October 2010. Jonathan M McCune, Stefan Berger, Trent Jaeger, Reiner Sailer: Shamon -- A System for Distributed Mandatory Access Control. 22nd Annual Computer Security Applications Conference (ACSAC), Miami Beach, Florida, December 2006
Design requirement: fine grained traffic functioning for scalability, diversity and flexibility. [1] Scalability and diversity: Garfinkel pointed that creating a new virtual instance is far easier than physical environment. the rapid and unpredictable growth can exacerbate management tasks and in worse case the impact of catastorophic events can be multiplied where all instances should be patched. Enforcing homogenity is difficult in the situation that users can have their own special purpose VM easily without expensive cost, like copying files. [2] Flexibility: In SDN, networks are diversified, programmable and elastic. For a long period, from active networks to advanced network technologies like cloud and SDN, one of the general goals of net working research has been arrived at a network which is flexible. [3] Fine-grained traffic functioning: commercial corporations,private Enterprises and universities emplos datacenters to run variety of applications and cloud based services. Their study reveals that existing traffic engineering perform 15%to 20% worse than the optimal solution. MicroTE: fine grained traffic engineering for data centers, CoNEXT '11 Proceedings of the Seventh COnference on emerging Networking EXperiments and Technologies Lucian Popa, Ion Stoica, Sylvia Ratnasamy: Rule-based Forwarding(RBF): Improving Internet’s flexibility and security. HotNets 2009
Tradeoffs between manageability and performance "Logically centralized?: state distribution trade-offs in software defined networks", Dan Levin, Andreas Wundsam, Brandon Heller, Nikhil Handigol and Anja Feldmann, HotSDN '12 Proceedings of the first workshop on Hot topics in software defined networks Controller component choices: [1] Strongly consistent – controller components always operate on the same world view. Imposes delay and overhead. [2] Eventually consistent – controller components incorporate information as it becomes available but may make decisions on different world views. http://www.richardclegg.org/node/21 C A P NoSQLRDBMS Consistency Availability Tolerance to network partition CAP Theorem (Eric Brewer 2000) Enforced Consistency Eventual Consistency Strongly Consistent is preferred. With NoSQL and Key-value, A (availability) P (Tolerance to network partition) S (Scalability) can be achieved.
Basic SDN architecture and proposed system Node (VM) Node (VM) Node (VM) Flow Table ControllerSecure Channel Node (VM) Node (VM) Node (VM) Filtering rule Table Data store match match Ingress packets Ingress packets Data plane Control plane Control and Data plane Management plane VCRIB: Virtualized rule management in the cloud Masoud Moshref, Minlan Yu, Abhishek Sharma, Ramesh Govindan the 4th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud). Boston, MA, June 2012. Basic SDN Proposed system,
Avenues of Attack Sensitive data Enterprise Network Missing Security Patches Misconfigured Database Advanced Attacks Sensitive Data Leaks Escalating User Privileges Default Passwords Weak Passwords Unauthorized Database Weak PRNG CDP:Functional & Operational Firewall Pattern - AWS-CloudDesignPattern Nemesis: preventing authentication & access control vulnerabilities in web applications, SSYM'09 Proceedings of the 18th conference on USENIX security symposium Detecting BGP configuration faults with static analysis, NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation A security enforcement kernel for OpenFlow networks, HotSDN '12 Proceedings of the first workshop on Hot topics in software defined networks Misconfigured Filtering
Adopting basic datastore on management plane auto_ptr<mongo::DBClientCursor> cursor = client.query(ns, mongo::BSONObj()); while(cursor->more()) { mongo::BSONObj p = cursor->next(); mongo::OID oid = p["_id"].OID(); string dest = p["dest"].str(); int mask = p["mask"].numberInt(); string gateway = p["gateway"].str(); const char *p0 = dest.c_str(); const char *p1 = gateway.c_str(); add_rtentry(p0, mask, p1); int res; res = find_route(dstAddress); if(res==0) printf("route find ¥n"); /* flush entry /* rm_rtentry(p0, mask); {"_id": "$oid":"53370eaeb1f58908a9837910" "dest":"10.0.0.0","mask": 8,"gateway":"192.168.0.2"} Filtering rule with BSON (JSON) a radix tree (also patricia trie or radix trie or compact prefix tree) is a space-optimized trie data structure where each node with only one child is merged with its parent. 14 entry.addr = ntohl(addr dst.s addr); 15 entry.prefix len = 32; 17 radix tree<rtentry, in addr>::iterator it; 18 19 it = rttable.longest match(entry); 20 if (it == rttable.end()) f 21 std::cout << ‘‘no route to ‘‘ << dst << std::endl; 22 return 1;
if ((memc = memcached_create(NULL)) == NULL) { fprintf(stderr, "failed to allocate memory¥n"); // return 1; } rv = memcached_server_add(memc, "localhost", 11211); if (rv != MEMCACHED_SUCCESS) { fprintf(stderr, "failed to set server¥n"); return 1; } char *result; uint32_t flags; size_t result_length; /* retrieving gateway address */ sprintf(key1,"gate-%s", dstAddress); printf("key1: %s ¥n", key1); result = memcached_get(memc, key1, strlen(key1), &result_length, &flags, &rv); if (rv != MEMCACHED_SUCCESS) { fprintf(stderr, "failed to fetch record¥n"); return 1; } /* retrieving netmask */ snprintf(key2,32,"mask-%s", dstAddress); printf("key2: %s ¥n", key2); result = memcached_get(memc, key2, strlen(key2), &result_length, &flags, &rv); if (rv != MEMCACHED_SUCCESS) { fprintf(stderr, "failed to fetch record¥n"); return 1; } Adopting Memcached on management plane import bmemcached import random client = bmemcached.Client(('127.0.0.1:11211', ), 'user','password') client.set('gate-10.0.0.8', '10.0.0.1') client.set('mask-10.0.0.8', '8') {"_id": "$ Basic datastore query representation oid":"53370eaeb1f58908a9837910" "dest":"10.0.0.0","mask": 8,"gateway":"192.168.0.2"}
Experimental result on Amazon VPC We compiled our system on ubuntu12 LTS with Linux kernel 3.2.0. proposed system is hosted on Intel Xeon E5645 with 2.4 GHZ clock. vNIC1 vNIC2 Bridge IP capture 1 2 3 MongoDB 5 8 7 8 Radix Module 6 0 Management plane Control plane Python module
Experimental result on Amazon VPC (Memcached) vNIC1 vNIC2 Bridge IP capture 1 2 3 Memcached 5 8 7 8 Radix Module 6 0 Control plane Python module We compiled our system on ubuntu12 LTS with Linux kernel 3.2.0. proposed system is hosted on Intel Xeon E5645 with 2.4 GHZ clock.
Conclusions: Towards alternative access control model [A] The emergence of network virtualization and related technologies such as SDN and Cloud computing make us face the new challenge of new alternative access control model. [B] Particularly, besides flexibility, fine-grained traffic engineering functionality for coping with scalability and diversified networks is required for the deployments of SDN and Cloud Computing. [C] Our architecture leverages NoSQL data store for handling a large scale of filtering rules. By adopting NoSQL, we can achieve scalability, availability and tolerance to network partition. Besides, separating management plane and control plane, we can achieve responsiveness and strong consistency at the same time. [D] In experiment, we have prototyped a lightweight management plane for IP filtering. Access filtering rules including target IP address, prefix and gateway is represented as radix tree. It is shown that proposed method can achieve reasonable utilization in filtering IP packets

Recommended

A hybrid cloud approach for secure authorized
A hybrid cloud approach for secure authorizedA hybrid cloud approach for secure authorized
A hybrid cloud approach for secure authorized
Ninad Samel
 
Conference Paper: Multistage OCDO: Scalable Security Provisioning Optimizatio...
Conference Paper: Multistage OCDO: Scalable Security Provisioning Optimizatio...Conference Paper: Multistage OCDO: Scalable Security Provisioning Optimizatio...
Conference Paper: Multistage OCDO: Scalable Security Provisioning Optimizatio...
Ericsson
 
Multi- Level Data Security Model for Big Data on Public Cloud: A New Model
Multi- Level Data Security Model for Big Data on Public Cloud: A New ModelMulti- Level Data Security Model for Big Data on Public Cloud: A New Model
Multi- Level Data Security Model for Big Data on Public Cloud: A New Model
Eswar Publications
 
Data Decentralisation: Efficiency, Privacy and Fair Monetisation
Data Decentralisation: Efficiency, Privacy and Fair MonetisationData Decentralisation: Efficiency, Privacy and Fair Monetisation
Data Decentralisation: Efficiency, Privacy and Fair Monetisation
Angelo Corsaro
 
iaetsd Controlling data deuplication in cloud storage
iaetsd Controlling data deuplication in cloud storageiaetsd Controlling data deuplication in cloud storage
iaetsd Controlling data deuplication in cloud storage
Iaetsd Iaetsd
 
Diploma Paper Contribution
Diploma Paper ContributionDiploma Paper Contribution
Diploma Paper Contribution
Mehdi Touati
 
A Back Propagation Neural Network Intrusion Detection System Based on KVM
A Back Propagation Neural Network Intrusion Detection System Based on KVMA Back Propagation Neural Network Intrusion Detection System Based on KVM
A Back Propagation Neural Network Intrusion Detection System Based on KVM
International Journal of Innovation Engineering and Science Research
 
Cloud computing and security issues in the
Cloud computing and security issues in theCloud computing and security issues in the
Cloud computing and security issues in the
IJNSA Journal
 
SECURE THIRD PARTY AUDITOR (TPA) FOR ENSURING DATA INTEGRITY IN FOG COMPUTING
SECURE THIRD PARTY AUDITOR (TPA) FOR ENSURING DATA INTEGRITY IN FOG COMPUTINGSECURE THIRD PARTY AUDITOR (TPA) FOR ENSURING DATA INTEGRITY IN FOG COMPUTING
SECURE THIRD PARTY AUDITOR (TPA) FOR ENSURING DATA INTEGRITY IN FOG COMPUTING
IJNSA Journal
 
Vortex II -- The Industrial IoT Connectivity Standard
Vortex II -- The Industrial IoT Connectivity StandardVortex II -- The Industrial IoT Connectivity Standard
Vortex II -- The Industrial IoT Connectivity Standard
Angelo Corsaro
 
A Hybrid Cloud Approach for Secure Authorized Deduplication
A Hybrid Cloud Approach for Secure Authorized DeduplicationA Hybrid Cloud Approach for Secure Authorized Deduplication
A Hybrid Cloud Approach for Secure Authorized Deduplication
1crore projects
 
Privacy-Preserving Public Auditing for Regenerating-Code-Based Cloud Storage
Privacy-Preserving Public Auditing for Regenerating-Code-Based Cloud StoragePrivacy-Preserving Public Auditing for Regenerating-Code-Based Cloud Storage
Privacy-Preserving Public Auditing for Regenerating-Code-Based Cloud Storage
1crore projects
 
140320702029 maurya ppt
140320702029 maurya ppt140320702029 maurya ppt
140320702029 maurya ppt
Maurya Shah
 
zenoh: The Edge Data Fabric
zenoh: The Edge Data Fabriczenoh: The Edge Data Fabric
zenoh: The Edge Data Fabric
Angelo Corsaro
 
Security and privacy issues of fog
Security and privacy issues of fogSecurity and privacy issues of fog
Security and privacy issues of fog
Rezgar Mohammad
 
zenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocolzenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocol
Angelo Corsaro
 
The Death Of Computer Forensics: Digital Forensics After the Singularity
The Death Of Computer Forensics: Digital Forensics After the SingularityThe Death Of Computer Forensics: Digital Forensics After the Singularity
The Death Of Computer Forensics: Digital Forensics After the Singularity
Tech and Law Center
 
Building IoT Applications with Vortex and the Intel Edison Starter Kit
Building IoT Applications with Vortex and the Intel Edison Starter KitBuilding IoT Applications with Vortex and the Intel Edison Starter Kit
Building IoT Applications with Vortex and the Intel Edison Starter Kit
Angelo Corsaro
 
The Data Distribution Service
The Data Distribution ServiceThe Data Distribution Service
The Data Distribution Service
Angelo Corsaro
 
Turn InSecure And High Speed Intra-Cloud and Inter-Cloud Communication
Turn InSecure And High Speed Intra-Cloud and Inter-Cloud CommunicationTurn InSecure And High Speed Intra-Cloud and Inter-Cloud Communication
Turn InSecure And High Speed Intra-Cloud and Inter-Cloud Communication
Richard Jung
 
Lessons Learned from Porting HelenOS to RISC-V
Lessons Learned from Porting HelenOS to RISC-VLessons Learned from Porting HelenOS to RISC-V
Lessons Learned from Porting HelenOS to RISC-V
Martin Děcký
 
Fluid IoT Architectures
Fluid IoT ArchitecturesFluid IoT Architectures
Fluid IoT Architectures
Angelo Corsaro
 
Covert Flow Confinement For Vm Coalition
Covert Flow Confinement For Vm CoalitionCovert Flow Confinement For Vm Coalition
Covert Flow Confinement For Vm Coalition
Logic Solutions, Inc.
 
A NEW FRAMEWORK FOR SECURING PERSONAL DATA USING THE MULTI-CLOUD
A NEW FRAMEWORK FOR SECURING PERSONAL DATA USING THE MULTI-CLOUDA NEW FRAMEWORK FOR SECURING PERSONAL DATA USING THE MULTI-CLOUD
A NEW FRAMEWORK FOR SECURING PERSONAL DATA USING THE MULTI-CLOUD
ijsptm
 
Data Sharing in Extremely Resource Constrained Envionrments
Data Sharing in Extremely Resource Constrained EnvionrmentsData Sharing in Extremely Resource Constrained Envionrments
Data Sharing in Extremely Resource Constrained Envionrments
Angelo Corsaro
 
An Efficient PDP Scheme for Distributed Cloud Storage
An Efficient PDP Scheme for Distributed Cloud StorageAn Efficient PDP Scheme for Distributed Cloud Storage
An Efficient PDP Scheme for Distributed Cloud Storage
IJMER
 
Microkernels in the Era of Data-Centric Computing
Microkernels in the Era of Data-Centric ComputingMicrokernels in the Era of Data-Centric Computing
Microkernels in the Era of Data-Centric Computing
Martin Děcký
 
Cloud Camp Milan 2K9 Telecom Italia: Where P2P?
Cloud Camp Milan 2K9 Telecom Italia: Where P2P?Cloud Camp Milan 2K9 Telecom Italia: Where P2P?
Cloud Camp Milan 2K9 Telecom Italia: Where P2P?
Gabriele Bozzi
 
csec66 a user mode implementation of filtering rule management plane on virtu...
csec66 a user mode implementation of filtering rule management plane on virtu...csec66 a user mode implementation of filtering rule management plane on virtu...
csec66 a user mode implementation of filtering rule management plane on virtu...
Ruo Ando
 
ZCloud Consensus on Hardware for Distributed Systems
ZCloud Consensus on Hardware for Distributed SystemsZCloud Consensus on Hardware for Distributed Systems
ZCloud Consensus on Hardware for Distributed Systems
Gokhan Boranalp
 

More Related Content

What's hot (19)

SECURE THIRD PARTY AUDITOR (TPA) FOR ENSURING DATA INTEGRITY IN FOG COMPUTING
SECURE THIRD PARTY AUDITOR (TPA) FOR ENSURING DATA INTEGRITY IN FOG COMPUTINGSECURE THIRD PARTY AUDITOR (TPA) FOR ENSURING DATA INTEGRITY IN FOG COMPUTING
SECURE THIRD PARTY AUDITOR (TPA) FOR ENSURING DATA INTEGRITY IN FOG COMPUTING
IJNSA Journal
 
Vortex II -- The Industrial IoT Connectivity Standard
Vortex II -- The Industrial IoT Connectivity StandardVortex II -- The Industrial IoT Connectivity Standard
Vortex II -- The Industrial IoT Connectivity Standard
Angelo Corsaro
 
A Hybrid Cloud Approach for Secure Authorized Deduplication
A Hybrid Cloud Approach for Secure Authorized DeduplicationA Hybrid Cloud Approach for Secure Authorized Deduplication
A Hybrid Cloud Approach for Secure Authorized Deduplication
1crore projects
 
Privacy-Preserving Public Auditing for Regenerating-Code-Based Cloud Storage
Privacy-Preserving Public Auditing for Regenerating-Code-Based Cloud StoragePrivacy-Preserving Public Auditing for Regenerating-Code-Based Cloud Storage
Privacy-Preserving Public Auditing for Regenerating-Code-Based Cloud Storage
1crore projects
 
140320702029 maurya ppt
140320702029 maurya ppt140320702029 maurya ppt
140320702029 maurya ppt
Maurya Shah
 
zenoh: The Edge Data Fabric
zenoh: The Edge Data Fabriczenoh: The Edge Data Fabric
zenoh: The Edge Data Fabric
Angelo Corsaro
 
Security and privacy issues of fog
Security and privacy issues of fogSecurity and privacy issues of fog
Security and privacy issues of fog
Rezgar Mohammad
 
zenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocolzenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocol
Angelo Corsaro
 
The Death Of Computer Forensics: Digital Forensics After the Singularity
The Death Of Computer Forensics: Digital Forensics After the SingularityThe Death Of Computer Forensics: Digital Forensics After the Singularity
The Death Of Computer Forensics: Digital Forensics After the Singularity
Tech and Law Center
 
Building IoT Applications with Vortex and the Intel Edison Starter Kit
Building IoT Applications with Vortex and the Intel Edison Starter KitBuilding IoT Applications with Vortex and the Intel Edison Starter Kit
Building IoT Applications with Vortex and the Intel Edison Starter Kit
Angelo Corsaro
 
The Data Distribution Service
The Data Distribution ServiceThe Data Distribution Service
The Data Distribution Service
Angelo Corsaro
 
Turn InSecure And High Speed Intra-Cloud and Inter-Cloud Communication
Turn InSecure And High Speed Intra-Cloud and Inter-Cloud CommunicationTurn InSecure And High Speed Intra-Cloud and Inter-Cloud Communication
Turn InSecure And High Speed Intra-Cloud and Inter-Cloud Communication
Richard Jung
 
Lessons Learned from Porting HelenOS to RISC-V
Lessons Learned from Porting HelenOS to RISC-VLessons Learned from Porting HelenOS to RISC-V
Lessons Learned from Porting HelenOS to RISC-V
Martin Děcký
 
Fluid IoT Architectures
Fluid IoT ArchitecturesFluid IoT Architectures
Fluid IoT Architectures
Angelo Corsaro
 
Covert Flow Confinement For Vm Coalition
Covert Flow Confinement For Vm CoalitionCovert Flow Confinement For Vm Coalition
Covert Flow Confinement For Vm Coalition
Logic Solutions, Inc.
 
A NEW FRAMEWORK FOR SECURING PERSONAL DATA USING THE MULTI-CLOUD
A NEW FRAMEWORK FOR SECURING PERSONAL DATA USING THE MULTI-CLOUDA NEW FRAMEWORK FOR SECURING PERSONAL DATA USING THE MULTI-CLOUD
A NEW FRAMEWORK FOR SECURING PERSONAL DATA USING THE MULTI-CLOUD
ijsptm
 
Data Sharing in Extremely Resource Constrained Envionrments
Data Sharing in Extremely Resource Constrained EnvionrmentsData Sharing in Extremely Resource Constrained Envionrments
Data Sharing in Extremely Resource Constrained Envionrments
Angelo Corsaro
 
An Efficient PDP Scheme for Distributed Cloud Storage
An Efficient PDP Scheme for Distributed Cloud StorageAn Efficient PDP Scheme for Distributed Cloud Storage
An Efficient PDP Scheme for Distributed Cloud Storage
IJMER
 
Microkernels in the Era of Data-Centric Computing
Microkernels in the Era of Data-Centric ComputingMicrokernels in the Era of Data-Centric Computing
Microkernels in the Era of Data-Centric Computing
Martin Děcký
 
SECURE THIRD PARTY AUDITOR (TPA) FOR ENSURING DATA INTEGRITY IN FOG COMPUTING
SECURE THIRD PARTY AUDITOR (TPA) FOR ENSURING DATA INTEGRITY IN FOG COMPUTINGSECURE THIRD PARTY AUDITOR (TPA) FOR ENSURING DATA INTEGRITY IN FOG COMPUTING
SECURE THIRD PARTY AUDITOR (TPA) FOR ENSURING DATA INTEGRITY IN FOG COMPUTING
IJNSA Journal
 
Vortex II -- The Industrial IoT Connectivity Standard
Vortex II -- The Industrial IoT Connectivity StandardVortex II -- The Industrial IoT Connectivity Standard
Vortex II -- The Industrial IoT Connectivity Standard
Angelo Corsaro
 
A Hybrid Cloud Approach for Secure Authorized Deduplication
A Hybrid Cloud Approach for Secure Authorized DeduplicationA Hybrid Cloud Approach for Secure Authorized Deduplication
A Hybrid Cloud Approach for Secure Authorized Deduplication
1crore projects
 
Privacy-Preserving Public Auditing for Regenerating-Code-Based Cloud Storage
Privacy-Preserving Public Auditing for Regenerating-Code-Based Cloud StoragePrivacy-Preserving Public Auditing for Regenerating-Code-Based Cloud Storage
Privacy-Preserving Public Auditing for Regenerating-Code-Based Cloud Storage
1crore projects
 
140320702029 maurya ppt
140320702029 maurya ppt140320702029 maurya ppt
140320702029 maurya ppt
Maurya Shah
 
zenoh: The Edge Data Fabric
zenoh: The Edge Data Fabriczenoh: The Edge Data Fabric
zenoh: The Edge Data Fabric
Angelo Corsaro
 
Security and privacy issues of fog
Security and privacy issues of fogSecurity and privacy issues of fog
Security and privacy issues of fog
Rezgar Mohammad
 
zenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocolzenoh -- the ZEro Network OverHead protocol
zenoh -- the ZEro Network OverHead protocol
Angelo Corsaro
 
The Death Of Computer Forensics: Digital Forensics After the Singularity
The Death Of Computer Forensics: Digital Forensics After the SingularityThe Death Of Computer Forensics: Digital Forensics After the Singularity
The Death Of Computer Forensics: Digital Forensics After the Singularity
Tech and Law Center
 
Building IoT Applications with Vortex and the Intel Edison Starter Kit
Building IoT Applications with Vortex and the Intel Edison Starter KitBuilding IoT Applications with Vortex and the Intel Edison Starter Kit
Building IoT Applications with Vortex and the Intel Edison Starter Kit
Angelo Corsaro
 
The Data Distribution Service
The Data Distribution ServiceThe Data Distribution Service
The Data Distribution Service
Angelo Corsaro
 
Turn InSecure And High Speed Intra-Cloud and Inter-Cloud Communication
Turn InSecure And High Speed Intra-Cloud and Inter-Cloud CommunicationTurn InSecure And High Speed Intra-Cloud and Inter-Cloud Communication
Turn InSecure And High Speed Intra-Cloud and Inter-Cloud Communication
Richard Jung
 
Lessons Learned from Porting HelenOS to RISC-V
Lessons Learned from Porting HelenOS to RISC-VLessons Learned from Porting HelenOS to RISC-V
Lessons Learned from Porting HelenOS to RISC-V
Martin Děcký
 
Fluid IoT Architectures
Fluid IoT ArchitecturesFluid IoT Architectures
Fluid IoT Architectures
Angelo Corsaro
 
Covert Flow Confinement For Vm Coalition
Covert Flow Confinement For Vm CoalitionCovert Flow Confinement For Vm Coalition
Covert Flow Confinement For Vm Coalition
Logic Solutions, Inc.
 
A NEW FRAMEWORK FOR SECURING PERSONAL DATA USING THE MULTI-CLOUD
A NEW FRAMEWORK FOR SECURING PERSONAL DATA USING THE MULTI-CLOUDA NEW FRAMEWORK FOR SECURING PERSONAL DATA USING THE MULTI-CLOUD
A NEW FRAMEWORK FOR SECURING PERSONAL DATA USING THE MULTI-CLOUD
ijsptm
 
Data Sharing in Extremely Resource Constrained Envionrments
Data Sharing in Extremely Resource Constrained EnvionrmentsData Sharing in Extremely Resource Constrained Envionrments
Data Sharing in Extremely Resource Constrained Envionrments
Angelo Corsaro
 
An Efficient PDP Scheme for Distributed Cloud Storage
An Efficient PDP Scheme for Distributed Cloud StorageAn Efficient PDP Scheme for Distributed Cloud Storage
An Efficient PDP Scheme for Distributed Cloud Storage
IJMER
 
Microkernels in the Era of Data-Centric Computing
Microkernels in the Era of Data-Centric ComputingMicrokernels in the Era of Data-Centric Computing
Microkernels in the Era of Data-Centric Computing
Martin Děcký
 

Similar to ICCT2017: A user mode implementation of filtering rule management plane using key-value (20)

Cloud Camp Milan 2K9 Telecom Italia: Where P2P?
Cloud Camp Milan 2K9 Telecom Italia: Where P2P?Cloud Camp Milan 2K9 Telecom Italia: Where P2P?
Cloud Camp Milan 2K9 Telecom Italia: Where P2P?
Gabriele Bozzi
 
csec66 a user mode implementation of filtering rule management plane on virtu...
csec66 a user mode implementation of filtering rule management plane on virtu...csec66 a user mode implementation of filtering rule management plane on virtu...
csec66 a user mode implementation of filtering rule management plane on virtu...
Ruo Ando
 
ZCloud Consensus on Hardware for Distributed Systems
ZCloud Consensus on Hardware for Distributed SystemsZCloud Consensus on Hardware for Distributed Systems
ZCloud Consensus on Hardware for Distributed Systems
Gokhan Boranalp
 
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...
Christian Esteve Rothenberg
 
Security and risk analysis in the cloud with software defined networking arch...
Security and risk analysis in the cloud with software defined networking arch...Security and risk analysis in the cloud with software defined networking arch...
Security and risk analysis in the cloud with software defined networking arch...
IJECEIAES
 
IEEE 2014 NS2 Projects
IEEE 2014 NS2 ProjectsIEEE 2014 NS2 Projects
IEEE 2014 NS2 Projects
Vijay Karan
 
IEEE 2014 NS2 Projects
IEEE 2014 NS2 ProjectsIEEE 2014 NS2 Projects
IEEE 2014 NS2 Projects
Vijay Karan
 
Infrastructure SecurityChapter 10Principles of Compute.docx
Infrastructure SecurityChapter 10Principles of Compute.docxInfrastructure SecurityChapter 10Principles of Compute.docx
Infrastructure SecurityChapter 10Principles of Compute.docx
annettsparrow
 
Virtualization in Distributed System: A Brief Overview
Virtualization in Distributed System: A Brief OverviewVirtualization in Distributed System: A Brief Overview
Virtualization in Distributed System: A Brief Overview
BOHR International Journal of Computer Science (BIJCS)
 
Virtualization in Distributed System: A Brief Overview
Virtualization in Distributed System: A Brief OverviewVirtualization in Distributed System: A Brief Overview
Virtualization in Distributed System: A Brief Overview
BOHR International Journal of Intelligent Instrumentation and Computing
 
DDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin MeetingDDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin Meeting
Jaime Martin Losa
 
Drops division and replication of data in cloud for optimal performance and s...
Drops division and replication of data in cloud for optimal performance and s...Drops division and replication of data in cloud for optimal performance and s...
Drops division and replication of data in cloud for optimal performance and s...
Pvrtechnologies Nellore
 
Security in Software Defined Networks (SDN): Challenges and Research Opportun...
Security in Software Defined Networks (SDN): Challenges and Research Opportun...Security in Software Defined Networks (SDN): Challenges and Research Opportun...
Security in Software Defined Networks (SDN): Challenges and Research Opportun...
Editor IJCATR
 
High performance and flexible networking
High performance and flexible networkingHigh performance and flexible networking
High performance and flexible networking
John Berkmans
 
Sigcomm16 sdn-nvf-topics-preview
Sigcomm16 sdn-nvf-topics-previewSigcomm16 sdn-nvf-topics-preview
Sigcomm16 sdn-nvf-topics-preview
Christian Esteve Rothenberg
 
CONTAINERIZED SERVICES ORCHESTRATION FOR EDGE COMPUTING IN SOFTWARE-DEFINED W...
CONTAINERIZED SERVICES ORCHESTRATION FOR EDGE COMPUTING IN SOFTWARE-DEFINED W...CONTAINERIZED SERVICES ORCHESTRATION FOR EDGE COMPUTING IN SOFTWARE-DEFINED W...
CONTAINERIZED SERVICES ORCHESTRATION FOR EDGE COMPUTING IN SOFTWARE-DEFINED W...
IJCNCJournal
 
What Is Openstack And Its Importance
What Is Openstack And Its ImportanceWhat Is Openstack And Its Importance
What Is Openstack And Its Importance
Lorie Harris
 
Necos keynote ii_mobislice
Necos keynote ii_mobisliceNecos keynote ii_mobislice
Necos keynote ii_mobislice
Augusto Neto
 
9-2020.pdf
9-2020.pdf9-2020.pdf
9-2020.pdf
fermanrw
 
Computing_Paradigms_An_Overview.pdf
Computing_Paradigms_An_Overview.pdfComputing_Paradigms_An_Overview.pdf
Computing_Paradigms_An_Overview.pdf
HODCS6
 
Cloud Camp Milan 2K9 Telecom Italia: Where P2P?
Cloud Camp Milan 2K9 Telecom Italia: Where P2P?Cloud Camp Milan 2K9 Telecom Italia: Where P2P?
Cloud Camp Milan 2K9 Telecom Italia: Where P2P?
Gabriele Bozzi
 
csec66 a user mode implementation of filtering rule management plane on virtu...
csec66 a user mode implementation of filtering rule management plane on virtu...csec66 a user mode implementation of filtering rule management plane on virtu...
csec66 a user mode implementation of filtering rule management plane on virtu...
Ruo Ando
 
ZCloud Consensus on Hardware for Distributed Systems
ZCloud Consensus on Hardware for Distributed SystemsZCloud Consensus on Hardware for Distributed Systems
ZCloud Consensus on Hardware for Distributed Systems
Gokhan Boranalp
 
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...
IEEE HPSR 2017 Keynote: Softwarized Dataplanes and the P^3 trade-offs: Progra...
Christian Esteve Rothenberg
 
Security and risk analysis in the cloud with software defined networking arch...
Security and risk analysis in the cloud with software defined networking arch...Security and risk analysis in the cloud with software defined networking arch...
Security and risk analysis in the cloud with software defined networking arch...
IJECEIAES
 
IEEE 2014 NS2 Projects
IEEE 2014 NS2 ProjectsIEEE 2014 NS2 Projects
IEEE 2014 NS2 Projects
Vijay Karan
 
IEEE 2014 NS2 Projects
IEEE 2014 NS2 ProjectsIEEE 2014 NS2 Projects
IEEE 2014 NS2 Projects
Vijay Karan
 
Infrastructure SecurityChapter 10Principles of Compute.docx
Infrastructure SecurityChapter 10Principles of Compute.docxInfrastructure SecurityChapter 10Principles of Compute.docx
Infrastructure SecurityChapter 10Principles of Compute.docx
annettsparrow
 
Virtualization in Distributed System: A Brief Overview
Virtualization in Distributed System: A Brief OverviewVirtualization in Distributed System: A Brief Overview
Virtualization in Distributed System: A Brief Overview
BOHR International Journal of Computer Science (BIJCS)
 
Virtualization in Distributed System: A Brief Overview
Virtualization in Distributed System: A Brief OverviewVirtualization in Distributed System: A Brief Overview
Virtualization in Distributed System: A Brief Overview
BOHR International Journal of Intelligent Instrumentation and Computing
 
DDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin MeetingDDS Advanced Tutorial - OMG June 2013 Berlin Meeting
DDS Advanced Tutorial - OMG June 2013 Berlin Meeting
Jaime Martin Losa
 
Drops division and replication of data in cloud for optimal performance and s...
Drops division and replication of data in cloud for optimal performance and s...Drops division and replication of data in cloud for optimal performance and s...
Drops division and replication of data in cloud for optimal performance and s...
Pvrtechnologies Nellore
 
Security in Software Defined Networks (SDN): Challenges and Research Opportun...
Security in Software Defined Networks (SDN): Challenges and Research Opportun...Security in Software Defined Networks (SDN): Challenges and Research Opportun...
Security in Software Defined Networks (SDN): Challenges and Research Opportun...
Editor IJCATR
 
High performance and flexible networking
High performance and flexible networkingHigh performance and flexible networking
High performance and flexible networking
John Berkmans
 
Sigcomm16 sdn-nvf-topics-preview
Sigcomm16 sdn-nvf-topics-previewSigcomm16 sdn-nvf-topics-preview
Sigcomm16 sdn-nvf-topics-preview
Christian Esteve Rothenberg
 
CONTAINERIZED SERVICES ORCHESTRATION FOR EDGE COMPUTING IN SOFTWARE-DEFINED W...
CONTAINERIZED SERVICES ORCHESTRATION FOR EDGE COMPUTING IN SOFTWARE-DEFINED W...CONTAINERIZED SERVICES ORCHESTRATION FOR EDGE COMPUTING IN SOFTWARE-DEFINED W...
CONTAINERIZED SERVICES ORCHESTRATION FOR EDGE COMPUTING IN SOFTWARE-DEFINED W...
IJCNCJournal
 
What Is Openstack And Its Importance
What Is Openstack And Its ImportanceWhat Is Openstack And Its Importance
What Is Openstack And Its Importance
Lorie Harris
 
Necos keynote ii_mobislice
Necos keynote ii_mobisliceNecos keynote ii_mobislice
Necos keynote ii_mobislice
Augusto Neto
 
9-2020.pdf
9-2020.pdf9-2020.pdf
9-2020.pdf
fermanrw
 
Computing_Paradigms_An_Overview.pdf
Computing_Paradigms_An_Overview.pdfComputing_Paradigms_An_Overview.pdf
Computing_Paradigms_An_Overview.pdf
HODCS6
 

More from Ruo Ando (20)

KISTI-NII Joint Security Workshop 2023.pdf
KISTI-NII Joint Security Workshop 2023.pdfKISTI-NII Joint Security Workshop 2023.pdf
KISTI-NII Joint Security Workshop 2023.pdf
Ruo Ando
 
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
Ruo Ando
 
解説#86 決定木 - ss.pdf
解説#86 決定木 - ss.pdf解説#86 決定木 - ss.pdf
解説#86 決定木 - ss.pdf
Ruo Ando
 
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
Ruo Ando
 
解説#83 情報エントロピー
解説#83 情報エントロピー解説#83 情報エントロピー
解説#83 情報エントロピー
Ruo Ando
 
解説#82 記号論理学
解説#82 記号論理学解説#82 記号論理学
解説#82 記号論理学
Ruo Ando
 
解説#81 ロジスティック回帰
解説#81 ロジスティック回帰解説#81 ロジスティック回帰
解説#81 ロジスティック回帰
Ruo Ando
 
解説#74 連結リスト
解説#74 連結リスト解説#74 連結リスト
解説#74 連結リスト
Ruo Ando
 
解説#76 福岡正信
解説#76 福岡正信解説#76 福岡正信
解説#76 福岡正信
Ruo Ando
 
解説#77 非加算無限
解説#77 非加算無限解説#77 非加算無限
解説#77 非加算無限
Ruo Ando
 
解説#1 C言語ポインタとアドレス
解説#1 C言語ポインタとアドレス解説#1 C言語ポインタとアドレス
解説#1 C言語ポインタとアドレス
Ruo Ando
 
解説#78 誤差逆伝播
解説#78 誤差逆伝播解説#78 誤差逆伝播
解説#78 誤差逆伝播
Ruo Ando
 
解説#73 ハフマン符号
解説#73 ハフマン符号解説#73 ハフマン符号
解説#73 ハフマン符号
Ruo Ando
 
【技術解説20】 ミニバッチ確率的勾配降下法
【技術解説20】 ミニバッチ確率的勾配降下法【技術解説20】 ミニバッチ確率的勾配降下法
【技術解説20】 ミニバッチ確率的勾配降下法
Ruo Ando
 
【技術解説4】assertion failureとuse after-free
【技術解説4】assertion failureとuse after-free【技術解説4】assertion failureとuse after-free
【技術解説4】assertion failureとuse after-free
Ruo Ando
 
ITmedia Security Week 2021 講演資料
ITmedia Security Week 2021 講演資料 ITmedia Security Week 2021 講演資料
ITmedia Security Week 2021 講演資料
Ruo Ando
 
ファジングの解説
ファジングの解説ファジングの解説
ファジングの解説
Ruo Ando
 
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月
Ruo Ando
 
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰【AI実装4】TensorFlowのプログラムを読む2 非線形回帰
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰
Ruo Ando
 
Intel Trusted Computing Group 1st Workshop
Intel Trusted Computing Group 1st WorkshopIntel Trusted Computing Group 1st Workshop
Intel Trusted Computing Group 1st Workshop
Ruo Ando
 
KISTI-NII Joint Security Workshop 2023.pdf
KISTI-NII Joint Security Workshop 2023.pdfKISTI-NII Joint Security Workshop 2023.pdf
KISTI-NII Joint Security Workshop 2023.pdf
Ruo Ando
 
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
Gartner 「セキュリティ&リスクマネジメントサミット 2019」- 安藤
Ruo Ando
 
解説#86 決定木 - ss.pdf
解説#86 決定木 - ss.pdf解説#86 決定木 - ss.pdf
解説#86 決定木 - ss.pdf
Ruo Ando
 
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
SaaSアカデミー for バックオフィス アイドルと学ぶDX講座 ~アイドル戦略に見るDXを専門家が徹底解説~
Ruo Ando
 
解説#83 情報エントロピー
解説#83 情報エントロピー解説#83 情報エントロピー
解説#83 情報エントロピー
Ruo Ando
 
解説#82 記号論理学
解説#82 記号論理学解説#82 記号論理学
解説#82 記号論理学
Ruo Ando
 
解説#81 ロジスティック回帰
解説#81 ロジスティック回帰解説#81 ロジスティック回帰
解説#81 ロジスティック回帰
Ruo Ando
 
解説#74 連結リスト
解説#74 連結リスト解説#74 連結リスト
解説#74 連結リスト
Ruo Ando
 
解説#76 福岡正信
解説#76 福岡正信解説#76 福岡正信
解説#76 福岡正信
Ruo Ando
 
解説#77 非加算無限
解説#77 非加算無限解説#77 非加算無限
解説#77 非加算無限
Ruo Ando
 
解説#1 C言語ポインタとアドレス
解説#1 C言語ポインタとアドレス解説#1 C言語ポインタとアドレス
解説#1 C言語ポインタとアドレス
Ruo Ando
 
解説#78 誤差逆伝播
解説#78 誤差逆伝播解説#78 誤差逆伝播
解説#78 誤差逆伝播
Ruo Ando
 
解説#73 ハフマン符号
解説#73 ハフマン符号解説#73 ハフマン符号
解説#73 ハフマン符号
Ruo Ando
 
【技術解説20】 ミニバッチ確率的勾配降下法
【技術解説20】 ミニバッチ確率的勾配降下法【技術解説20】 ミニバッチ確率的勾配降下法
【技術解説20】 ミニバッチ確率的勾配降下法
Ruo Ando
 
【技術解説4】assertion failureとuse after-free
【技術解説4】assertion failureとuse after-free【技術解説4】assertion failureとuse after-free
【技術解説4】assertion failureとuse after-free
Ruo Ando
 
ITmedia Security Week 2021 講演資料
ITmedia Security Week 2021 講演資料 ITmedia Security Week 2021 講演資料
ITmedia Security Week 2021 講演資料
Ruo Ando
 
ファジングの解説
ファジングの解説ファジングの解説
ファジングの解説
Ruo Ando
 
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月
AI(機械学習・深層学習)との協働スキルとOperational AIの事例紹介 @ ビジネス+ITセミナー 2020年11月
Ruo Ando
 
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰【AI実装4】TensorFlowのプログラムを読む2 非線形回帰
【AI実装4】TensorFlowのプログラムを読む2 非線形回帰
Ruo Ando
 
Intel Trusted Computing Group 1st Workshop
Intel Trusted Computing Group 1st WorkshopIntel Trusted Computing Group 1st Workshop
Intel Trusted Computing Group 1st Workshop
Ruo Ando
 

Recently uploaded (20)

Compiler Design Unit1 PPT Phases of Compiler.pptx
Compiler Design Unit1 PPT Phases of Compiler.pptxCompiler Design Unit1 PPT Phases of Compiler.pptx
Compiler Design Unit1 PPT Phases of Compiler.pptx
RushaliDeshmukh2
 
MODULE 03 - CLOUD COMPUTING- [BIS 613D] 2022 scheme.pptx
MODULE 03 - CLOUD COMPUTING- [BIS 613D] 2022 scheme.pptxMODULE 03 - CLOUD COMPUTING- [BIS 613D] 2022 scheme.pptx
MODULE 03 - CLOUD COMPUTING- [BIS 613D] 2022 scheme.pptx
Alvas Institute of Engineering and technology, Moodabidri
 
"Boiler Feed Pump (BFP): Working, Applications, Advantages, and Limitations E...
"Boiler Feed Pump (BFP): Working, Applications, Advantages, and Limitations E..."Boiler Feed Pump (BFP): Working, Applications, Advantages, and Limitations E...
"Boiler Feed Pump (BFP): Working, Applications, Advantages, and Limitations E...
Infopitaara
 
RICS Membership-(The Royal Institution of Chartered Surveyors).pdf
RICS Membership-(The Royal Institution of Chartered Surveyors).pdfRICS Membership-(The Royal Institution of Chartered Surveyors).pdf
RICS Membership-(The Royal Institution of Chartered Surveyors).pdf
MohamedAbdelkader115
 
Efficient Algorithms for Isogeny Computation on Hyperelliptic Curves: Their A...
Efficient Algorithms for Isogeny Computation on Hyperelliptic Curves: Their A...Efficient Algorithms for Isogeny Computation on Hyperelliptic Curves: Their A...
Efficient Algorithms for Isogeny Computation on Hyperelliptic Curves: Their A...
IJCNCJournal
 
SICPA: Fabien Keller - background introduction
SICPA: Fabien Keller - background introductionSICPA: Fabien Keller - background introduction
SICPA: Fabien Keller - background introduction
fabienklr
 
Nanometer Metal-Organic-Framework Literature Comparison
Nanometer Metal-Organic-Framework Literature ComparisonNanometer Metal-Organic-Framework Literature Comparison
Nanometer Metal-Organic-Framework Literature Comparison
Chris Harding
 
The Gaussian Process Modeling Module in UQLab
The Gaussian Process Modeling Module in UQLabThe Gaussian Process Modeling Module in UQLab
The Gaussian Process Modeling Module in UQLab
Journal of Soft Computing in Civil Engineering
 
Introduction to Zoomlion Earthmoving.pptx
Introduction to Zoomlion Earthmoving.pptxIntroduction to Zoomlion Earthmoving.pptx
Introduction to Zoomlion Earthmoving.pptx
AS1920
 
seninarppt.pptx1bhjiikjhggghjykoirgjuyhhhjj
seninarppt.pptx1bhjiikjhggghjykoirgjuyhhhjjseninarppt.pptx1bhjiikjhggghjykoirgjuyhhhjj
seninarppt.pptx1bhjiikjhggghjykoirgjuyhhhjj
AjijahamadKhaji
 
Data Structures_Introduction to algorithms.pptx
Data Structures_Introduction to algorithms.pptxData Structures_Introduction to algorithms.pptx
Data Structures_Introduction to algorithms.pptx
RushaliDeshmukh2
 
Comprehensive-Event-Management-System.pptx
Comprehensive-Event-Management-System.pptxComprehensive-Event-Management-System.pptx
Comprehensive-Event-Management-System.pptx
dd7devdilip
 
AI-assisted Software Testing (3-hours tutorial)
AI-assisted Software Testing (3-hours tutorial)AI-assisted Software Testing (3-hours tutorial)
AI-assisted Software Testing (3-hours tutorial)
Vəhid Gəruslu
 
Surveying through global positioning system
Surveying through global positioning systemSurveying through global positioning system
Surveying through global positioning system
opneptune5
 
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptxLidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
RishavKumar530754
 
6th International Conference on Big Data, Machine Learning and IoT (BMLI 2025)
6th International Conference on Big Data, Machine Learning and IoT (BMLI 2025)6th International Conference on Big Data, Machine Learning and IoT (BMLI 2025)
6th International Conference on Big Data, Machine Learning and IoT (BMLI 2025)
ijflsjournal087
 
Artificial Intelligence introduction.pptx
Artificial Intelligence introduction.pptxArtificial Intelligence introduction.pptx
Artificial Intelligence introduction.pptx
DrMarwaElsherif
 
How to use nRF24L01 module with Arduino
How to use nRF24L01 module with ArduinoHow to use nRF24L01 module with Arduino
How to use nRF24L01 module with Arduino
CircuitDigest
 
Main cotrol jdbjbdcnxbjbjzjjjcjicbjxbcjcxbjcxb
Main cotrol jdbjbdcnxbjbjzjjjcjicbjxbcjcxbjcxbMain cotrol jdbjbdcnxbjbjzjjjcjicbjxbcjcxbjcxb
Main cotrol jdbjbdcnxbjbjzjjjcjicbjxbcjcxbjcxb
SunilSingh610661
 
W1 WDM_Principle and basics to know.pptx
W1 WDM_Principle and basics to know.pptxW1 WDM_Principle and basics to know.pptx
W1 WDM_Principle and basics to know.pptx
muhhxx51
 
Compiler Design Unit1 PPT Phases of Compiler.pptx
Compiler Design Unit1 PPT Phases of Compiler.pptxCompiler Design Unit1 PPT Phases of Compiler.pptx
Compiler Design Unit1 PPT Phases of Compiler.pptx
RushaliDeshmukh2
 
MODULE 03 - CLOUD COMPUTING- [BIS 613D] 2022 scheme.pptx
MODULE 03 - CLOUD COMPUTING- [BIS 613D] 2022 scheme.pptxMODULE 03 - CLOUD COMPUTING- [BIS 613D] 2022 scheme.pptx
MODULE 03 - CLOUD COMPUTING- [BIS 613D] 2022 scheme.pptx
Alvas Institute of Engineering and technology, Moodabidri
 
"Boiler Feed Pump (BFP): Working, Applications, Advantages, and Limitations E...
"Boiler Feed Pump (BFP): Working, Applications, Advantages, and Limitations E..."Boiler Feed Pump (BFP): Working, Applications, Advantages, and Limitations E...
"Boiler Feed Pump (BFP): Working, Applications, Advantages, and Limitations E...
Infopitaara
 
RICS Membership-(The Royal Institution of Chartered Surveyors).pdf
RICS Membership-(The Royal Institution of Chartered Surveyors).pdfRICS Membership-(The Royal Institution of Chartered Surveyors).pdf
RICS Membership-(The Royal Institution of Chartered Surveyors).pdf
MohamedAbdelkader115
 
Efficient Algorithms for Isogeny Computation on Hyperelliptic Curves: Their A...
Efficient Algorithms for Isogeny Computation on Hyperelliptic Curves: Their A...Efficient Algorithms for Isogeny Computation on Hyperelliptic Curves: Their A...
Efficient Algorithms for Isogeny Computation on Hyperelliptic Curves: Their A...
IJCNCJournal
 
SICPA: Fabien Keller - background introduction
SICPA: Fabien Keller - background introductionSICPA: Fabien Keller - background introduction
SICPA: Fabien Keller - background introduction
fabienklr
 
Nanometer Metal-Organic-Framework Literature Comparison
Nanometer Metal-Organic-Framework Literature ComparisonNanometer Metal-Organic-Framework Literature Comparison
Nanometer Metal-Organic-Framework Literature Comparison
Chris Harding
 
The Gaussian Process Modeling Module in UQLab
The Gaussian Process Modeling Module in UQLabThe Gaussian Process Modeling Module in UQLab
The Gaussian Process Modeling Module in UQLab
Journal of Soft Computing in Civil Engineering
 
Introduction to Zoomlion Earthmoving.pptx
Introduction to Zoomlion Earthmoving.pptxIntroduction to Zoomlion Earthmoving.pptx
Introduction to Zoomlion Earthmoving.pptx
AS1920
 
seninarppt.pptx1bhjiikjhggghjykoirgjuyhhhjj
seninarppt.pptx1bhjiikjhggghjykoirgjuyhhhjjseninarppt.pptx1bhjiikjhggghjykoirgjuyhhhjj
seninarppt.pptx1bhjiikjhggghjykoirgjuyhhhjj
AjijahamadKhaji
 
Data Structures_Introduction to algorithms.pptx
Data Structures_Introduction to algorithms.pptxData Structures_Introduction to algorithms.pptx
Data Structures_Introduction to algorithms.pptx
RushaliDeshmukh2
 
Comprehensive-Event-Management-System.pptx
Comprehensive-Event-Management-System.pptxComprehensive-Event-Management-System.pptx
Comprehensive-Event-Management-System.pptx
dd7devdilip
 
AI-assisted Software Testing (3-hours tutorial)
AI-assisted Software Testing (3-hours tutorial)AI-assisted Software Testing (3-hours tutorial)
AI-assisted Software Testing (3-hours tutorial)
Vəhid Gəruslu
 
Surveying through global positioning system
Surveying through global positioning systemSurveying through global positioning system
Surveying through global positioning system
opneptune5
 
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptxLidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
Lidar for Autonomous Driving, LiDAR Mapping for Driverless Cars.pptx
RishavKumar530754
 
6th International Conference on Big Data, Machine Learning and IoT (BMLI 2025)
6th International Conference on Big Data, Machine Learning and IoT (BMLI 2025)6th International Conference on Big Data, Machine Learning and IoT (BMLI 2025)
6th International Conference on Big Data, Machine Learning and IoT (BMLI 2025)
ijflsjournal087
 
Artificial Intelligence introduction.pptx
Artificial Intelligence introduction.pptxArtificial Intelligence introduction.pptx
Artificial Intelligence introduction.pptx
DrMarwaElsherif
 
How to use nRF24L01 module with Arduino
How to use nRF24L01 module with ArduinoHow to use nRF24L01 module with Arduino
How to use nRF24L01 module with Arduino
CircuitDigest
 
Main cotrol jdbjbdcnxbjbjzjjjcjicbjxbcjcxbjcxb
Main cotrol jdbjbdcnxbjbjzjjjcjicbjxbcjcxbjcxbMain cotrol jdbjbdcnxbjbjzjjjcjicbjxbcjcxbjcxb
Main cotrol jdbjbdcnxbjbjzjjjcjicbjxbcjcxbjcxb
SunilSingh610661
 
W1 WDM_Principle and basics to know.pptx
W1 WDM_Principle and basics to know.pptxW1 WDM_Principle and basics to know.pptx
W1 WDM_Principle and basics to know.pptx
muhhxx51
 

ICCT2017: A user mode implementation of filtering rule management plane using key-value

  • 1. A user mode implementation of filtering rule management plane using key-value Ruo Ando National Institute of informatics, Japan Yuuki Takano, Shinsuke Miwa Network Security Research Institute, National Institute of Information and Communications Technology, Japan 2017 17th IEEE International Conference on Communication Technology | Chengdu, China | Oct 27-30, 2017
  • 2. Abstract: Towards alternative access control model [A] The emergence of network virtualization and related technologies such as SDN and Cloud computing make us face the new challenge of new alternative access control model. [B] Particularly, besides flexibility, fine-grained traffic engineering functionality for coping with scalability and diversified networks is required for the deployments of SDN and Cloud Computing. [C] Our architecture leverages NoSQL data store for handling a large scale of filtering rules. By adopting NoSQL, we can achieve scalability, availability and tolerance to network partition. Besides, separating management plane and control plane, we can achieve responsiveness and strong consistency at the same time. [D] In experiment, we have prototyped a lightweight management plane for IP filtering. Access filtering rules including target IP address, prefix and gateway is represented as radix tree. It is shown that proposed method can achieve reasonable utilization in filtering IP packets
  • 3. Network virtualization: abstraction and centralization NIC HD CPU RAM FW LB VLANS VRF 2001 2012 image vCPU vRAM vNIC FlowTable vFW vLB abstraction layer Xen KVM VMWare OpenFlow Open vSwitch FloodLight Decouple Virtualization layer reproduce Automate
  • 4. What is SDN and network virtualization ? Myth: “SDN is network virtualization” x86 / ARM Virtualization Layer Windows Linux Open Flow Virtualization Or Slicing NOX NOX CPU, Hardisk, PIC, IO X86 instruction set Xen, QEMU, etc Windows Linux Hardware Resources Abstraction layer Virtualization Layer slice slice Bandwidth, CPU, FIB OpenFlow FlowVisor Controller Contoller Definition of a slice • Slice is a set of flows (called flowspace) running on a topology of switches. https://www.clear.rice.edu/comp529/.../tutorial_4.pdf
  • 5. “when virtual is harder than real” drawbacks of virtualized network Tal Garfinkel , Mendel Rosenblum, When virtual is harder than real: Security challenges in virtual machine based computing environments, HotOS 2005 Scalability. Growth in physical machines is ultimately limited by setup time and bounded by organization‘s capital equipment budget. In contrast creating a new VM is as easy as copying file. Users will frequently have several or even dozens of special purpose VMs . Thus,total number of VMs in an organization can grow at an explosive rate.Rarely all administrative tasks completely automated. Diversity. Many IT organizations tackle security problems by enforcing homogenity. all machines must run the most current patched software. This creates a range of problems as one must try and maintain patches or other protection for a wide range of OS and deal with the risk posed by having many unpatched machines on the network. Access Control should be centralized ! CloudPolice: Taking access control out of the network Lucian Popa, Minlan Yu, Steven Y. Ko, Ion Stoica, Sylvia Ratnasamy 9th ACM Workshop on Hot Topics in Networks (HotNets-IX). Monterey, CA, October 2010. Jonathan M McCune, Stefan Berger, Trent Jaeger, Reiner Sailer: Shamon -- A System for Distributed Mandatory Access Control. 22nd Annual Computer Security Applications Conference (ACSAC), Miami Beach, Florida, December 2006
  • 6. Design requirement: fine grained traffic functioning for scalability, diversity and flexibility. [1] Scalability and diversity: Garfinkel pointed that creating a new virtual instance is far easier than physical environment. the rapid and unpredictable growth can exacerbate management tasks and in worse case the impact of catastorophic events can be multiplied where all instances should be patched. Enforcing homogenity is difficult in the situation that users can have their own special purpose VM easily without expensive cost, like copying files. [2] Flexibility: In SDN, networks are diversified, programmable and elastic. For a long period, from active networks to advanced network technologies like cloud and SDN, one of the general goals of net working research has been arrived at a network which is flexible. [3] Fine-grained traffic functioning: commercial corporations,private Enterprises and universities emplos datacenters to run variety of applications and cloud based services. Their study reveals that existing traffic engineering perform 15%to 20% worse than the optimal solution. MicroTE: fine grained traffic engineering for data centers, CoNEXT '11 Proceedings of the Seventh COnference on emerging Networking EXperiments and Technologies Lucian Popa, Ion Stoica, Sylvia Ratnasamy: Rule-based Forwarding(RBF): Improving Internet’s flexibility and security. HotNets 2009
  • 7. Tradeoffs between manageability and performance "Logically centralized?: state distribution trade-offs in software defined networks", Dan Levin, Andreas Wundsam, Brandon Heller, Nikhil Handigol and Anja Feldmann, HotSDN '12 Proceedings of the first workshop on Hot topics in software defined networks Controller component choices: [1] Strongly consistent – controller components always operate on the same world view. Imposes delay and overhead. [2] Eventually consistent – controller components incorporate information as it becomes available but may make decisions on different world views. http://www.richardclegg.org/node/21 C A P NoSQLRDBMS Consistency Availability Tolerance to network partition CAP Theorem (Eric Brewer 2000) Enforced Consistency Eventual Consistency Strongly Consistent is preferred. With NoSQL and Key-value, A (availability) P (Tolerance to network partition) S (Scalability) can be achieved.
  • 8. Basic SDN architecture and proposed system Node (VM) Node (VM) Node (VM) Flow Table ControllerSecure Channel Node (VM) Node (VM) Node (VM) Filtering rule Table Data store match match Ingress packets Ingress packets Data plane Control plane Control and Data plane Management plane VCRIB: Virtualized rule management in the cloud Masoud Moshref, Minlan Yu, Abhishek Sharma, Ramesh Govindan the 4th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud). Boston, MA, June 2012. Basic SDN Proposed system,
  • 9. Avenues of Attack Sensitive data Enterprise Network Missing Security Patches Misconfigured Database Advanced Attacks Sensitive Data Leaks Escalating User Privileges Default Passwords Weak Passwords Unauthorized Database Weak PRNG CDP:Functional & Operational Firewall Pattern - AWS-CloudDesignPattern Nemesis: preventing authentication & access control vulnerabilities in web applications, SSYM'09 Proceedings of the 18th conference on USENIX security symposium Detecting BGP configuration faults with static analysis, NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation A security enforcement kernel for OpenFlow networks, HotSDN '12 Proceedings of the first workshop on Hot topics in software defined networks Misconfigured Filtering
  • 10. Adopting basic datastore on management plane auto_ptr<mongo::DBClientCursor> cursor = client.query(ns, mongo::BSONObj()); while(cursor->more()) { mongo::BSONObj p = cursor->next(); mongo::OID oid = p["_id"].OID(); string dest = p["dest"].str(); int mask = p["mask"].numberInt(); string gateway = p["gateway"].str(); const char *p0 = dest.c_str(); const char *p1 = gateway.c_str(); add_rtentry(p0, mask, p1); int res; res = find_route(dstAddress); if(res==0) printf("route find ¥n"); /* flush entry /* rm_rtentry(p0, mask); {"_id": "$oid":"53370eaeb1f58908a9837910" "dest":"10.0.0.0","mask": 8,"gateway":"192.168.0.2"} Filtering rule with BSON (JSON) a radix tree (also patricia trie or radix trie or compact prefix tree) is a space-optimized trie data structure where each node with only one child is merged with its parent. 14 entry.addr = ntohl(addr dst.s addr); 15 entry.prefix len = 32; 17 radix tree<rtentry, in addr>::iterator it; 18 19 it = rttable.longest match(entry); 20 if (it == rttable.end()) f 21 std::cout << ‘‘no route to ‘‘ << dst << std::endl; 22 return 1;
  • 11. if ((memc = memcached_create(NULL)) == NULL) { fprintf(stderr, "failed to allocate memory¥n"); // return 1; } rv = memcached_server_add(memc, "localhost", 11211); if (rv != MEMCACHED_SUCCESS) { fprintf(stderr, "failed to set server¥n"); return 1; } char *result; uint32_t flags; size_t result_length; /* retrieving gateway address */ sprintf(key1,"gate-%s", dstAddress); printf("key1: %s ¥n", key1); result = memcached_get(memc, key1, strlen(key1), &result_length, &flags, &rv); if (rv != MEMCACHED_SUCCESS) { fprintf(stderr, "failed to fetch record¥n"); return 1; } /* retrieving netmask */ snprintf(key2,32,"mask-%s", dstAddress); printf("key2: %s ¥n", key2); result = memcached_get(memc, key2, strlen(key2), &result_length, &flags, &rv); if (rv != MEMCACHED_SUCCESS) { fprintf(stderr, "failed to fetch record¥n"); return 1; } Adopting Memcached on management plane import bmemcached import random client = bmemcached.Client(('127.0.0.1:11211', ), 'user','password') client.set('gate-10.0.0.8', '10.0.0.1') client.set('mask-10.0.0.8', '8') {"_id": "$ Basic datastore query representation oid":"53370eaeb1f58908a9837910" "dest":"10.0.0.0","mask": 8,"gateway":"192.168.0.2"}
  • 12. Experimental result on Amazon VPC We compiled our system on ubuntu12 LTS with Linux kernel 3.2.0. proposed system is hosted on Intel Xeon E5645 with 2.4 GHZ clock. vNIC1 vNIC2 Bridge IP capture 1 2 3 MongoDB 5 8 7 8 Radix Module 6 0 Management plane Control plane Python module
  • 13. Experimental result on Amazon VPC (Memcached) vNIC1 vNIC2 Bridge IP capture 1 2 3 Memcached 5 8 7 8 Radix Module 6 0 Control plane Python module We compiled our system on ubuntu12 LTS with Linux kernel 3.2.0. proposed system is hosted on Intel Xeon E5645 with 2.4 GHZ clock.
  • 14. Conclusions: Towards alternative access control model [A] The emergence of network virtualization and related technologies such as SDN and Cloud computing make us face the new challenge of new alternative access control model. [B] Particularly, besides flexibility, fine-grained traffic engineering functionality for coping with scalability and diversified networks is required for the deployments of SDN and Cloud Computing. [C] Our architecture leverages NoSQL data store for handling a large scale of filtering rules. By adopting NoSQL, we can achieve scalability, availability and tolerance to network partition. Besides, separating management plane and control plane, we can achieve responsiveness and strong consistency at the same time. [D] In experiment, we have prototyped a lightweight management plane for IP filtering. Access filtering rules including target IP address, prefix and gateway is represented as radix tree. It is shown that proposed method can achieve reasonable utilization in filtering IP packets