Download now Free registration required
Network security is typically reactive: Networks provide connectivity and subsequently alter this connectivity according to various security policies, as implemented in middle-boxes, or at higher layers. This approach gives rise to complicated interactions between protocols and systems that can cause incorrect behavior and slow response to attacks. This paper proposes a proactive approach to securing networks, whereby security-related actions (e.g., dropping or redirecting traffic) are embedded into the network fabric itself, leaving only a fixed set of actions to higher layers. The paper explores this approach in the context of network access control. The design uses programmable switches to manipulate traffic at lower layers; these switches interact with policy and monitoring at higher layers.
- Format: PDF
- Size: 329.1 KB