CPSC 8570

Security in Advanced Networking Technologies

Spring 2017

General Information

Instructor

Dr. Hongxin Hu
E-mail: hongxih@clemson.edu
Homepage: http://www.cs.clemson.edu/~hongxih
Office: McAdams Hall 217
Office Hours: MW 9:00 AM – 11:00 AM; By Appointment
Time and Location: MW 2:30 PM 3:45 PM, McAdams Hall 119

Overview

In this course, we will discuss emerging networking techniques, inducing software-defined networking (SDN) and network function visualization (NFV). We will also discuss corresponding security issues in SDN and NFV. Course will involve readings and discussion of classic and new papers on recent developments in computer networking research. Students will explore new ideas through projects, improve skills in presentations, and enhance critical thinking, systems and security programming, and creativity. The class format will consist of lectures, student presentations, and class project presentations.

Downloads: Course Syllabus

Tentative Schedule

Date Topic Notes
Monday, January 16, 2017 -- No Class -- (Martin Luther King Day)  
Wednesday, January 18, 2017 Lecture 1 – Introduction  
Monday, January 23, 2017 Lecture 2 – Access Control
Wednesday, January 25, 2017 Lecture 3 – Computer Network Concepts and Security  
Monday, January 30, 2017 Lecture 4 – IP and TCP Security Organizing project teams and selecting candidate topics  
Wednesday, February 1, 2017 Lecture 5 – IDS
Survey paper 1 due: Software-Defined Networking
Monday, February 6, 2017 Advanced Topic 1 - Software-Defined Networking Overview (Software-Defined Networking at the Crossroads, Scott Shenker - video) (The Road to SDN, OpenFlow: Enabling Innovation in Campus Networks; Software-Defined Networking: A Comprehensive Survey)  
Wednesday, February 8, 2017 Advanced Topic 1 - Software-Defined Networking Overview
SDN Introduction
 
Monday, February 13, 2017 Advanced Topic 1 - Software-Defined Networking Overview
OpenFlow
 
Wednesday, February 15, 2017 Advanced Topic 1 - Software-Defined Networking Securiity Overview (Towards Secure and Dependable Software-Defined Networks) Project 1 due (Packet Sniffing and Spoofing Lab - Tasks 1&2)
Monday, February 20, 2017 Advanced Topic 2 - Network Function Virtualization Overview Project 1 due (Packet Sniffing and Spoofing Lab - Tasks 3 for bonus points)
Wednesday, February 22, 2017 Proposal Presentation Proposal Due
Monday, February 27, 2017

-- No Class -- (Attending a Conference)

 
Wednesday, March 1, 2017

Midterm

 
Monday, March 6, 2017 Advanced Topic 1 - Software-Defined Networking (Enabling Dynamic Access Control for Controller Applications in Software-Defined Networks ; VNGuard: An NFV/SDN Combination Framework for Provisioning and Managing Virtual Firewalls)
Survey paper 2 due: Software-Defined Networking Security

Wednesday, March 8, 2017 Advanced Topic 1 - Software-Defined Networking (On the Safety and Efficiency of Virtual Firewall Elasticity Control; ClickOS and the art of network function virtualization)

Monday, March 13, 2017 Advanced Topic 1 - Software-Defined Networking
Paper presnetation 1: FlowGuard: Building Robust Firewalls for Software-Defined Networks” (HotSDN’14)
Paper presnetation 2: State-aware Network Access Management for Software-Defined Networks” (SACMAT’16)

Team 1
Team 2
Wednesday, March 15, 2017 Advanced Topic 1 - Software-Defined Networking
Paper presnetation 1: “Bohatei: Flexible and Elastic DDoS Defense” (USENIX Security 2015)
Paper presnetation 2: “Towards SDN-Defined Programmable BYOD (Bring Your Own Device) Security” (NDSS 2016)
Project 2 due (Floodlight Firewall App)
Team 3
Team 4
Monday, March 20, 2017 - Spring Break --
 
Wednesday, March 22, 2017 -- Spring Break --

Monday, March 27, 2017 Midterm Project Presentation 1
Teams 1, 3, 4, 5, 6
Wednesday, March 29, 2017 Midterm Project Presentation 2 Teams 2, 7, 8, 9, 10, 12, 13, 11
Project 3 due (Tutorial of Installing ClickOS Testbed) (ClickOS)

Monday, April 3, 2017 Advanced Topic 1 - Software-Defined Networking
Paper presnetation 1:
Providing Dynamic Control to Passive Network Security Monitoring” (RAID 2015)
Paper presnetation 2:SciPass: a 100Gbps capable secure Science DMZ using OpenFlow and Bro

Team 5
Team 6
Wednesday, April 5, 2017 Advanced Topic 2 - Network Function Virtualization
Paper presnetation 1:
“Making Middleboxes Someone Else’s Problem: Network Processing as a Cloud Service” (Sigcomm 2012)
Paper presnetation 2: “OpenNF: enabling innovation in network function control” (Sigcomm 2014)

Team 6
Team 8
Monday, April 10, 2017 Advanced Topic 2 - Network Function Virtualization
Paper presnetation 1: Deep Packet Inspection as a Service” (CoNEXT '14)
Paper presnetation 2: OpenBox: A Software-Defined Framework for Developing, Deploying, and Managing Network Functions” (SIGCOMM '16)
Survey paper 3 due: Network Function Virtualization
Team 9
Team 10
Wednesday, April 12, 2017 Advanced Topic 2 - Network Function Virtualization - IoT
Paper presnetation 1:
“Handling a trillion (unfixable) flaws on a billion devices: Rethinking network security for the Internet-of-Things” (HotNets 2015)
Paper presnetation 2:
“PSI: Precise Security Instrumentation for Enterprise Networks” (NDSS 2017)

Team 12
Team 13
Monday, April 17, 2017 Final Project Presentation 1 Teams 1, 2, 3, 4
Wednesday, April 19, 2019 Advanced Topic 2 - Network Function Virtualization
Paper presnetation:
FRESCO: Modular Composable Security Services for Software-Defined Networks” (NDSS’13)

Team 11
Monday, April 24, 2017 Final Project Presentation 2 Teams 5, 6, 7, 8
Wednesday, April 26, 2017 Final Project Presentation 3 Teams 9, 10, 12, 13, 11
Wednesday, May 3, 2017 No class Final project repost due

Textbook (Optional)

Grading Scheme

Resources

Google Scholar

ACM's Computing Research Repository

ACM CCS

NDSS

USENIX Security