•   When: Friday, April 27, 2018 from 02:30 PM to 04:30 PM
•   Speakers: An Wang
•   Export to iCal

The past decade has witnessed a dramatic change in the way organizations and enterprises manage their cloud and data center systems. The main drive of such transition is the Network Virtualization techniques, which have been promoted to a new level by the Software-Defined Networking (SDN) paradigm. Along with the programmability and flexibility offered by SDN, there are fundamental challenges in defending against the prevalent large-scale network attacks, such as DDoS attacks, against the SDN-based cloud systems.

This dissertation presents efficient and flexible solutions to address such challenges in both reactive and proactive modes of SDN. The dissertation first discusses the vulnerabilities in the architecture of SDN, which results in risk of congestions on the control path under the reactive mode. For the solution, the dissertation shows how the control path capacity could be elastically scaled up by taking advantages of the software switches’ abundant processing powers to handle control messages. Then, for the proactive mode, the dissertation discusses how traffic measurement and monitoring mechanisms are necessary yet incompetent with the existing SDN solutions. To address this issue, the dissertation presents the design and implementation of a separate monitoring plane in SDN that enables flexible and fine-grained data collections for security purposes.