Team FLOWGUARD wins third place in national Innovation Challenge
Above: Members of the SEFCOM lab won a third place award at the Extreme Networks SDN Innovation Challenge. Photographer: Nora Skrodenis/ASU
A combined Arizona State University and Clemson University team named FLOWGUARD won third place in the recent first annual Extreme Networks Software-Defined Networking (SDN) Innovation Challenge.
The competition is designed to use some of the innovative ideas arising from colleges and universities that are leading to real-world SDN applications in public safety, education, healthcare, manufacturing, transportation, e-government, clean energy and the Internet of Things (IoT).
SDN is used to create intelligent networks by programming them to fit the needs of applications that allow enabling communications, the Internet of Things and more. It also creates new security challenges. One is to build robust firewalls for protecting OpenFlow-based networks in which network states and traffic are frequently changed.
Firewalls are the most widely deployed security mechanism in most businesses and institutions. A conventional firewall sits on the border between a private network and the public Internet, examining all incoming and outgoing packets to defend against attacks and unauthorized access. A key drawback of such a firewall is that all insiders in the protected network are trusted, since internal traffic is not seen and cannot be filtered by the firewall.
With OpenFlow networks, such a problem can potentially be alleviated because OpenFlow provides a deeper level of control by placing enforcement points in any entry of traffic flows within a network.
To address this challenge, the ASU-Clemson team created FLOWGUARD to achieve not only accurate detection but also effective resolution of firewall policy violations in dynamic OpenFlow-based networks.
FLOWGUARD checks network flow path spaces to detect firewall policy violations when network states are updated. In addition, it conducts automatic and real-time violation resolutions with the help of several innovative resolution strategies designed for diverse network updates.
The FLOWGUARD team included:
- Wonkyu Han, a doctoral student in computer science, who works in the Laboratory of Security Engineering for Future Computing (SEFCOM).
- Ziming Zhao, a postdoctoral scholar working in the SEFCOM Lab, who earned a doctoral degree in computer science from ASU in 2014.
- Gail-Joon Ahn, the director of SEFCOM and a computer science professor in the School of Computing, Informatics, and Decision Systems Engineering, one of ASU’s Ira A. Fulton Schools of Engineering.
- Hongxin Hu, an assistant professor in the School of Computing at Clemson University and a member of SEFCOM at ASU, where Hu earned a doctoral degree in computer science in 2012.
“We believe this technology can be applicable to build secure and robust Science DMZ where critical and proprietary information will be shared, transmitted and stored,” says Gail-Joon Ahn. “Also, it would help enterprises with any size enforce their network policies and fully accommodate their security requirements while saving their costs in maintaining resource-intensive infrastructures. We will further improve and enhance our solutions to help those stakeholders resolve issues in network security and infrastructure management.”
In addition, Ahn’s research team from SEFCOM (http://sefcom.asu.edu) was involved in finalizing the competition materials, including Adam Doupé, an assistant professor of computer science and Jeremy Whitaker, a master’s student in computer science.
They received their SDN Innovation Challenge award for FLOWGUARD on June 1, 2015, at the National Institute of Standards and Technology/US Ignite Global Cities Teams Challenge Expo in Washington, D.C.
Erik Wirtanen, [email protected]
Ira A. Fulton Schools of Engineering