ASU Electronic Theses and Dissertations
This collection includes most of the ASU Theses and Dissertations from 2011 to present. ASU Theses and Dissertations are available in downloadable PDF format; however, a small percentage of items are under embargo. Information about the dissertations/theses includes degree information, committee members, an abstract, supporting data or media.
In addition to the electronic theses found in the ASU Digital Repository, ASU Theses and Dissertations can be found in the ASU Library Catalog.
Dissertations and Theses granted by Arizona State University are archived and made available through a joint effort of the ASU Graduate College and the ASU Libraries. For more information or questions about this collection contact or visit the Digital Repository ETD Library Guide or contact the ASU Graduate College at gradformat@asu.edu.
Filtering by
- All Subjects: Software-defined networking (Computer network technology)
- Creators: Huang, Dijiang
After building the MobiCloud, G-PLaNE and studying the MCC model, I have been using Software Defined Networking (SDN) approaches to enhance the system security in the cloud virtual networking environment. I present an OpenFlow based IPS solution called SDNIPS that includes a new IPS architecture based on Open vSwitch (OVS) in the cloud software-based networking environment. It is enabled with elasticity service provisioning and Network Reconfiguration (NR) features based on POX controller. Finally, SDNIPS demonstrates the feasibility and shows more efficiency than traditional approaches through a thorough evaluation.
At last, I propose an OpenFlow-based defensive module composition framework called CloudArmour that is able to perform query, aggregation, analysis, and control function over distributed OpenFlow-enabled devices. I propose several modules and use the DDoS attack as an example to illustrate how to composite the comprehensive defensive solution based on CloudArmour framework. I introduce total 20 Python-based CloudArmour APIs. Finally, evaluation results prove the feasibility and efficiency of CloudArmour framework.
industry has brought about unique set of challenges and opportunities. ARM architecture
in particular has evolved to a point where it supports implementations across wide spectrum
of performance points and ARM based tablets and smart-phones are in demand. The
enhancements to basic ARM RISC architecture allow ARM to have high performance,
small code size, low power consumption and small silicon area. Users want their devices to
perform many tasks such as read email, play games, and run other online applications and
organizations no longer desire to provision and maintain individual’s IT equipment. The
term BYOD (Bring Your Own Device) has come into being from demand of such a work
setup and is one of the motivation of this research work. It brings many opportunities such
as increased productivity and reduced costs and challenges such as secured data access,
data leakage and amount of control by the organization.
To provision such a framework we need to bridge the gap from both organizations side
and individuals point of view. Mobile device users face issue of application delivery on
multiple platforms. For instance having purchased many applications from one proprietary
application store, individuals may want to move them to a different platform/device but
currently this is not possible. Organizations face security issues in providing such a solution
as there are many potential threats from allowing BYOD work-style such as unauthorized
access to data, attacks from the devices within and outside the network.
ARM based Secure Mobile SDN framework will resolve these issues and enable employees
to consolidate both personal and business calls and mobile data access on a single device.
To address application delivery issue we are introducing KVM based virtualization that
will allow host OS to run multiple guest OS. To address the security problem we introduce
SDN environment where host would be running bridged network of guest OS using Open
vSwitch . This would allow a remote controller to monitor the state of guest OS for making
important control and traffic flow decisions based on the situation.
With the applications now having direct access to the flow table entries, it is easy to have inconsistencies arise in the flow table rules. Since the flow rules are structured similar to firewall rules, the research done in analyzing and identifying firewall rule conflicts can be adapted to work with OpenFlow rules.
The main work of this thesis is to implement flow conflict detection logic in OpenDaylight and inspect the applicability of techniques in visualizing the conflicts. A hierarchical edge-bundling technique coupled with a Reingold-Tilford tree is employed to present the relationship between the conflicting rules. Additionally, a table-driven approach is also implemented to display the details of each flow.
Both types of visualization are then tested for correctness by providing them with flows which are known to have conflicts. The conflicts were identified properly and displayed by the views.
More specifically, I discuss the following four security challenges in this dissertation: (1) In SDN, generating reliable network rules is challenging because SDN applications cannot be trusted and have complicated dependencies each other. To address this problem, I analyze applications’ policies and remove those dependencies by applying grid-based policy decomposition mechanism; (2) One network rule could accidentally affect others (or by malicious users), which lead to creating of indirect security violations. I build systematic and automated tools that analyze network rules in the data plane to detect a wide range of security violations and resolve them in an automated fashion; (3) A fundamental limitation of current SDN protocol (OpenFlow) is a lack of statefulness, which is extremely important to several security applications such as stateful firewall. To bring statelessness to SDN-based environment, I come up with an innovative stateful monitoring scheme by extending existing OpenFlow specifications; (4) Existing honeynet architecture is suffering from its limited functionalities of ’data control’ and ’data capture’. To address this challenge, I design and implement an innovative next generation SDN-based honeynet architecture.