ScienceSDS: A Novel Software Defined Security Framework for Large-scale Data-intensive Science

Deepak Nadig Anantha and Byrav Ramamurthy
Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization
Publication year: 2017

Abstract: Experimental science workflows from projects such as Compact Muon Solenoid (CMS) and Laser Interferometer Gravitational Wave Observatory (LIGO) are characterized by data-intensive computational tasks over large datasets transferred over encrypted channels. The Science DMZ approach to network design favors lossless packet forwarding through a separate isolated network over secure lossy forwarding through stateful packet processors (e.g. firewalls). We propose ScienceSDS, a novel software defined security framework for securely monitoring large-scale science datasets over a software defined networking and network functions virtualization (SDN/NFV) infrastructure.

SNAG: SDN-managed Network Architecture for GridFTP Transfers

Deepak Nadig Anantha, Zhe Zhang, Byrav Ramamurthy, Brian Bockelman, Garhan Attebury and David Swanson
Proceedings of the Third Workshop on Innovating the Network for Data-Intensive Science, INDIS '16
Publication year: 2016

Abstract: Software Defined Networking (SDN) is driving transformations in Research and Education (R&E) networks, enabling innovations in network research, enhancing network performance, and providing security through a policy-driven network management framework. The Holland Computing Center (HCC) at the University of Nebraska-Lincoln (UNL) supports scientists studying large datasets, and has identified a need for flexibility in network management and security, particularly with respect to identifying data flows. This problem is addressed through the deployment of a production SDN with a focus on integrating network resource management for large-scale GridFTP data transfers. We propose SNAG (SDN-managed Network Architecture for GridFTP transfers), an architecture that enables the SDN-based network management of GridFTP file transfers for large-scale science datasets. We also show how SNAG can efficiently and securely identify science dataset transfers from projects such as Compact Muon Solenoid (CMS) and Laser Interferometer Gravitational-Wave Observatory (LIGO). We focus on exposing an Application Program Interface (API) between the trusted GridFTP process and the network layer allowing the network to track flows via application metadata.