|
|
VISCR: Securing Dynamic consumer IoT infrastructures through Vendor-Independent, Intuitive and Conflict-free Automation Specification.
VISCR, converts the topology of the IoT infrastructure into a tree-based abstraction and translates existing policies from heterogeneous vendor-specific programming languages such as Groovy-based SmartThings, OpenHAB, IFTTT-based templates, and MUD-based profiles into a vendor-independent graph-based specification. Using the two, VISCR can automatically detect rouge policies, conflicts, and bugs for coherent automation. Upon detection, VISCR infers new policies and proposes them to users as alternatives to existing policies for fine-tuning and conflict-free enforcement.
Research:
[1] Vasudevan Nagendra, Arani Bhattacharya, Vinod Yegneswaran, Amir Rahmati, Samir R Das, "An intent-based automation framework for securing dynamic consumer IoT Infrastructures", The Web Conference (WWW) 2020 [paper]
[2] Vasudevan Nagendra, "[Poster & Talk] VIPER: Vendor-Inpendendent Policy Enforcement for Consumer IoT Ecosystems", Proceedings of the 35th Annual Computer Security Applications Conference (ACSAC), Dec 2019 [Slides]
[3] Vasudevan Nagendra, "[Talk] Trio: Vendor-Independency, Situational Awareness and Behavioral Analysis for Conflict-free Policy enforcement in Consumer IoT infrastructures", USENIX Summit on Hot Topics in Security USENIX (HotSec), Aug 2019 [HotSec'19 Talk Slides]
[4] Vasudevan Nagendra, Arani Bhattacharya, Vinod Yegneswaran, Amir Rahmati, Samir R Das, "VISCR: Intuitive & Conflict-free Automation for Securing the Dynamic Consumer IoT Infrastructures", ArXiv:1907.13288, Jul 2019 [paper]
|
|
|
|
CoordiNetZ: Coordinated Dataflow Protection for Ultra-High Bandwidth Science Networks (Science DMZ)
CoordiNetZ (CNZ), provides coordinated situational awareness, i.e., the use ofcontext-aware tagging for policy enforcement using the dynamic contextual information derived from hosts and network elements. We also developed tag and IP-based security microservices that incur minimal overheads in enforcing security to data flows exchanged across geographically-distributed SDMZ sites. We evaluate our prototype implementation across two geographically distributed SDMZ sites with SDN-based case studies, and present performance measurements.
Research:
[1] Vasudevan Nagendra, Vinod Yegneswaran, Phillip Porras, Samir R Das, "Coordinated Dataflow Protection for Ultra-High Bandwidth Science Networks (Science DMZ)", Proceedings of the 35th Annual Computer Security Applications Conference (ACSAC), Dec 2019 [paper]
[2] Vasudevan Nagendra, Vinod Yegneswaran, Phillip Porras, "Securing Ultra-High-Bandwidth Science DMZ Networks with Coordinated Situational Awareness", Proceedings of ACM Hot Topics in Networking (HotNets), Nov 2017 [paper]
|
|
|
|
5GCoreLite: Scalable and Resource Efficient Next Generation Cellular Packet Core for Cellular-enabled M2M/IoT devices
5GCoreLite, a stateless and functionally decomposed NFV design in which the cellular packet core network fucntions implemented as microservices and states are decoupled from their processing, thus enabling elasticity and fault tolerance. For SLO compliance, we develop a multi-level load balancing approach based on skewed consistent hashing to efficiently distribute incoming connections. This stateless design enables dynamic provisioning of EPC nodes responsive to traffic changes, without incurring the overhead of state migration. This research project is conducted in collaboration with Dr. Vijay Gopalakrishnan AT&T research Labs.
Research:
[1] Vasudevan Nagendra, Arani Bhattacharya, Anshul Gandhi, Samir R Das, "MMLite: Scalable & Resource Efficient Control Plane for next Generation Cellular Packet Core", Proceedings of ACM Symposium on SDN Research (SOSR), Apr 2019. [paper] [LTE UE] [MME Code] [SOSR Talk Slides]
[2] Vasudevan Nagendra, Arani Bhattacharya, Anshul Gandhi, Samir R Das, "5GCoreLite: Scalable and Resource Efficient Next Generation Cellular Packet Core", 16th USENIX Symposium on Networked Systems Design and Implementation (NSDI '19 Posters), Feb 2019. [Extended Abstract]
[3] Vasudevan Nagendra, Himanshu Sharma, Samir R. Das, "LTE-Xtend: Scalable Support of M2M Devices in Cellular Packet Core", ACM MOBICOM Workshop, AllThingsCellular (ATC), Oct 2016. [paper]
|
|
|
|
LMS: Intent-based Policy Frameworks for Cloud Infrastructure Policy Management
LMS, provides meaningful infrastructure abstractions and their relationships by analyzing target cloud infrastructure. It helps the cloud administrators to model their policy requirements efficiently by decoupling the intents from underlying specifics. LMS scales to large dynamic cloud environments and manages the life cycle of label-based intent and enforcement.
Research:
[1] Joon-Myung Kang, Jeongkeun Lee, Vasudevan Nagendra, Sujata Banerjee, "LMS: Label Management Service for Intent-driven Cloud Policy Management", 15th IFIP/IEEE International Symposium on Integrated Network Management (IFIP/IEEE IM), May 2017. [paper]
|
|
|