2019
3.
Nadig, Deepak; Ramamurthy, Byrav
Securing Large-scale Data Transfers in Campus Networks: Experiences, Issues, and Challenges Proceedings Article
In: Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, pp. 29–32, ACM, New York, NY, USA, 2019, ISBN: 978-1-4503-6179-8, (event-place: Richardson, Texas, USA).
Abstract | BibTeX | Tags: application-awareness, data-intensive science, network functions virtualization, security, software defined networks | Links:
@inproceedings{nadig_securing_2019,
title = {Securing Large-scale Data Transfers in Campus Networks: Experiences, Issues, and Challenges},
author = {Deepak Nadig and Byrav Ramamurthy},
url = {http://doi.acm.org/10.1145/3309194.3309444},
doi = {10.1145/3309194.3309444},
isbn = {978-1-4503-6179-8},
year = {2019},
date = {2019-01-01},
urldate = {2019-03-28},
booktitle = {Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization},
pages = {29--32},
publisher = {ACM},
address = {New York, NY, USA},
series = {SDN-NFVSec '19},
abstract = {Increasingly, campus networks manage a multitude of large-scale data transfers. Big data plays a pivotal role in university research and impacts domains such as engineering, agriculture, natural sciences, and humanities. Over the years, numerous solutions have been proposed to manage and secure large-scale data transfers efficiently. Examples consist of the inclusion of security policies at the network edge, optimized middlebox management, and the Science Demilitarized Zone (Science DMZ). These solutions either severely degrade data transfer performance or result in data flows completely bypassing the campus network security controls. In this paper, we present our experience with the design, development, and management of large-scale data transfers using software defined networking (SDN) and network functions virtualization (NFV). We also discuss the issues and challenges associated with securing large-scale data transfers in campus networks.},
note = {event-place: Richardson, Texas, USA},
keywords = {application-awareness, data-intensive science, network functions virtualization, security, software defined networks},
pubstate = {published},
tppubtype = {inproceedings}
}
Increasingly, campus networks manage a multitude of large-scale data transfers. Big data plays a pivotal role in university research and impacts domains such as engineering, agriculture, natural sciences, and humanities. Over the years, numerous solutions have been proposed to manage and secure large-scale data transfers efficiently. Examples consist of the inclusion of security policies at the network edge, optimized middlebox management, and the Science Demilitarized Zone (Science DMZ). These solutions either severely degrade data transfer performance or result in data flows completely bypassing the campus network security controls. In this paper, we present our experience with the design, development, and management of large-scale data transfers using software defined networking (SDN) and network functions virtualization (NFV). We also discuss the issues and challenges associated with securing large-scale data transfers in campus networks.
2017
2.
Nadig, D.; Ramamurthy, B.; Bockelman, B.; Swanson, D.
Differentiated network services for data-intensive science using application-aware SDN Best Paper Proceedings Article
In: 2017 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS), pp. 1–6, 2017.
Abstract | BibTeX | Tags: application-aware SDN, application-aware software-defined networking, application-awareness, Compact Muon Solenoid, Cryptography, Data transfer, data-intensive science, data-intensive science projects, differentiated network services, DiffServ networks, Engines, fault-tolerant protocols, gravitational wave detectors, gridftp, GridFTP protocol, high-delay wide area network, high-energy physics projects, Laser Interferometer Gravitational-Wave Observatory, Metadata, physics computing, policy-driven approach, Protocols, queueing theory, queuing system, Servers, software defined networking, software defined networks, Wide area networks | Links:
@inproceedings{nadig_differentiated_2017,
title = {Differentiated network services for data-intensive science using application-aware SDN},
author = {D. Nadig and B. Ramamurthy and B. Bockelman and D. Swanson},
url = {https://deepaknadig.com/wp-content/uploads/2021/09/Anantha-et-al.-2017-Differentiated-network-services-for-data-intensive.pdf},
doi = {10.1109/ANTS.2017.8384105},
year = {2017},
date = {2017-12-01},
urldate = {2017-12-01},
booktitle = {2017 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS)},
pages = {1--6},
abstract = {Data-intensive science projects rely on scalable, high-performance, fault-tolerant protocols for transferring large-volume data over a high-bandwidth, high-delay wide area network (WAN). The commonly used protocol for WAN data distribution is the GridFTP protocol. GridFTP uses encrypted sessions for data transfers and does not exchange any information with the network-layer resulting in reduced flexibility for network management at the site-level. We propose an application-aware software-defined networking (SDN) approach for providing differentiated network services for high-energy physics projects such as Compact Muon Solenoid (CMS) and Laser Interferometer Gravitational-Wave Observatory (LIGO). We demonstrate a policy-driven approach for differentiating network traffic by exploiting application- and network-layer collaboration to achieve accurate accounting of resources used by each project. We implement two strategies, a 7-3 queuing system, and a 10-3 queuing system, and show that the 10-3 strategy provides an additional capacity improvement of 11.74% over the 7-3 strategy.},
keywords = {application-aware SDN, application-aware software-defined networking, application-awareness, Compact Muon Solenoid, Cryptography, Data transfer, data-intensive science, data-intensive science projects, differentiated network services, DiffServ networks, Engines, fault-tolerant protocols, gravitational wave detectors, gridftp, GridFTP protocol, high-delay wide area network, high-energy physics projects, Laser Interferometer Gravitational-Wave Observatory, Metadata, physics computing, policy-driven approach, Protocols, queueing theory, queuing system, Servers, software defined networking, software defined networks, Wide area networks},
pubstate = {published},
tppubtype = {inproceedings}
}
Data-intensive science projects rely on scalable, high-performance, fault-tolerant protocols for transferring large-volume data over a high-bandwidth, high-delay wide area network (WAN). The commonly used protocol for WAN data distribution is the GridFTP protocol. GridFTP uses encrypted sessions for data transfers and does not exchange any information with the network-layer resulting in reduced flexibility for network management at the site-level. We propose an application-aware software-defined networking (SDN) approach for providing differentiated network services for high-energy physics projects such as Compact Muon Solenoid (CMS) and Laser Interferometer Gravitational-Wave Observatory (LIGO). We demonstrate a policy-driven approach for differentiating network traffic by exploiting application- and network-layer collaboration to achieve accurate accounting of resources used by each project. We implement two strategies, a 7-3 queuing system, and a 10-3 queuing system, and show that the 10-3 strategy provides an additional capacity improvement of 11.74% over the 7-3 strategy.
1.
Nadig, Deepak; Ramamurthy, Byrav
ScienceSDS: A Novel Software Defined Security Framework for Large-scale Data-intensive Science Proceedings Article
In: Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, pp. 13–18, ACM, New York, NY, USA, 2017, ISBN: 978-1-4503-4908-6, (event-place: Scottsdale, Arizona, USA).
Abstract | BibTeX | Tags: data-intensive science, service function chaining, software defined security | Links:
@inproceedings{nadig_sciencesds:_2017,
title = {ScienceSDS: A Novel Software Defined Security Framework for Large-scale Data-intensive Science},
author = {Deepak Nadig and Byrav Ramamurthy},
url = {http://doi.acm.org/10.1145/3040992.3040999},
doi = {10.1145/3040992.3040999},
isbn = {978-1-4503-4908-6},
year = {2017},
date = {2017-01-01},
urldate = {2019-02-07},
booktitle = {Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization},
pages = {13--18},
publisher = {ACM},
address = {New York, NY, USA},
series = {SDN-NFVSec '17},
abstract = {Experimental science workflows from projects such as Compact Muon Solenoid (CMS) and Laser Interferometer Gravitational Wave Observatory (LIGO) are characterized by data-intensive computational tasks over large datasets transferred over encrypted channels. The Science DMZ approach to network design favors lossless packet forwarding through a separate isolated network over secure lossy forwarding through stateful packet processors (e.g. firewalls). We propose ScienceSDS, a novel software defined security framework for securely monitoring large-scale science datasets over a software defined networking and network functions virtualization (SDN/NFV) infrastructure.},
note = {event-place: Scottsdale, Arizona, USA},
keywords = {data-intensive science, service function chaining, software defined security},
pubstate = {published},
tppubtype = {inproceedings}
}
Experimental science workflows from projects such as Compact Muon Solenoid (CMS) and Laser Interferometer Gravitational Wave Observatory (LIGO) are characterized by data-intensive computational tasks over large datasets transferred over encrypted channels. The Science DMZ approach to network design favors lossless packet forwarding through a separate isolated network over secure lossy forwarding through stateful packet processors (e.g. firewalls). We propose ScienceSDS, a novel software defined security framework for securely monitoring large-scale science datasets over a software defined networking and network functions virtualization (SDN/NFV) infrastructure.