Programmable In-Network Security for Context-aware BYOD Policies

摘要: Bring Your Own Device (BYOD) has become the new norm in enterprise networks, but BYOD security remains a top concern. Context-aware security, which enforces access control based on dynamic runtime context, holds much promise. Recent work developed SDN solutions to collect device context for network-wide central controller. However, controller poses bottleneck that can an attack target, and processing changes at remote software low agility. We present paradigm, programmable in-network (Poise), is enabled by emergence of switches. At heart Poise novel switch primitive, be programmed support wide range context-aware policies hardware. Users specify concise policies, compiles them into different instantiations primitive P4. Compared centralized defenses, resilient plane saturation attacks, it dramatically increases defense