Validation of availability and policy based management for programmable networks
Software-Defined Networking (SDN) is a technology to develop communications networks that separates the network control layer from the data layer (packet forwarding). This separation allows greater flexibility when establishing new configurations. Thus, administrators can control the network through...
- Autores:
-
Maldonado López, Ferney Alonso
- Tipo de recurso:
- Doctoral thesis
- Fecha de publicación:
- 2016
- Institución:
- Universidad de los Andes
- Repositorio:
- Séneca: repositorio Uniandes
- Idioma:
- eng
- OAI Identifier:
- oai:repositorio.uniandes.edu.co:1992/7741
- Acceso en línea:
- http://hdl.handle.net/1992/7741
- Palabra clave:
- Redes definidas por software (Tecnología en redes de computador) - Investigaciones
Redes de computadores - Control de acceso - Investigaciones
Redes de computadores - Medidas de seguridad - Investigaciones
Ingeniería
- Rights
- openAccess
- License
- https://repositorio.uniandes.edu.co/static/pdf/aceptacion_uso_es.pdf
| id |
UNIANDES2_cf2cc5f8f6ce0d7b1d011c06d2c61912 |
|---|---|
| oai_identifier_str |
oai:repositorio.uniandes.edu.co:1992/7741 |
| network_acronym_str |
UNIANDES2 |
| network_name_str |
Séneca: repositorio Uniandes |
| repository_id_str |
|
| dc.title.es_CO.fl_str_mv |
Validation of availability and policy based management for programmable networks |
| title |
Validation of availability and policy based management for programmable networks |
| spellingShingle |
Validation of availability and policy based management for programmable networks Redes definidas por software (Tecnología en redes de computador) - Investigaciones Redes de computadores - Control de acceso - Investigaciones Redes de computadores - Medidas de seguridad - Investigaciones Ingeniería |
| title_short |
Validation of availability and policy based management for programmable networks |
| title_full |
Validation of availability and policy based management for programmable networks |
| title_fullStr |
Validation of availability and policy based management for programmable networks |
| title_full_unstemmed |
Validation of availability and policy based management for programmable networks |
| title_sort |
Validation of availability and policy based management for programmable networks |
| dc.creator.fl_str_mv |
Maldonado López, Ferney Alonso |
| dc.contributor.advisor.none.fl_str_mv |
Donoso Meisel, Yezid Enrique Calle Ortega, Eusebi Marzo, José Luis Rueda Rodríguez, Sandra Julieta |
| dc.contributor.author.none.fl_str_mv |
Maldonado López, Ferney Alonso |
| dc.subject.keyword.es_CO.fl_str_mv |
Redes definidas por software (Tecnología en redes de computador) - Investigaciones Redes de computadores - Control de acceso - Investigaciones Redes de computadores - Medidas de seguridad - Investigaciones |
| topic |
Redes definidas por software (Tecnología en redes de computador) - Investigaciones Redes de computadores - Control de acceso - Investigaciones Redes de computadores - Medidas de seguridad - Investigaciones Ingeniería |
| dc.subject.themes.none.fl_str_mv |
Ingeniería |
| description |
Software-Defined Networking (SDN) is a technology to develop communications networks that separates the network control layer from the data layer (packet forwarding). This separation allows greater flexibility when establishing new configurations. Thus, administrators can control the network through software without the need to access the physical configuration of each device. SDN networks have become important today due to the rapid growth of computer and network virtualization. Furthermore, this technology quickly responds to changes that may occur in the network due to its operation, failures or security incidents. That is, the network can be reprogrammed to respond to dynamic circumstances. Moreover, network functionalities such as load balancers, firewalls and intrusion detection systems can be programmed as logical rules of traffic. However, this technology is in continuous development and still faces interesting challenges for us. One of the challenge that generate high impact is errors in programming and configuration. These types of errors are the most common and account for between 50% and 80% of network failures. This dissertation seeks to contribute to verification mechanisms, based on logical techniques for specifying and verifying network functions as SDN applications. This thesis is focused on verifying the availability and network management based policies, and these policies are used for the specification and validation configurations. This research focuses on four aspects: 1) verification of invariants to validate network topologies, 2) network security by verifying firewall functions, 3) auditing of network settings against high-level policies, and 4) the validation of a SDN model as interdependent networks that suffers a sequential targeted attack |
| publishDate |
2016 |
| dc.date.issued.none.fl_str_mv |
2016 |
| dc.date.accessioned.none.fl_str_mv |
2018-09-27T16:37:24Z |
| dc.date.available.none.fl_str_mv |
2018-09-27T16:37:24Z |
| dc.type.spa.fl_str_mv |
Trabajo de grado - Doctorado |
| dc.type.coarversion.fl_str_mv |
http://purl.org/coar/version/c_970fb48d4fbd8a85 |
| dc.type.driver.spa.fl_str_mv |
info:eu-repo/semantics/doctoralThesis |
| dc.type.coar.spa.fl_str_mv |
http://purl.org/coar/resource_type/c_db06 |
| dc.type.content.spa.fl_str_mv |
Text |
| dc.type.redcol.spa.fl_str_mv |
http://purl.org/redcol/resource_type/TD |
| format |
http://purl.org/coar/resource_type/c_db06 |
| dc.identifier.uri.none.fl_str_mv |
http://hdl.handle.net/1992/7741 |
| dc.identifier.pdf.none.fl_str_mv |
u754170.pdf |
| dc.identifier.instname.spa.fl_str_mv |
instname:Universidad de los Andes |
| dc.identifier.reponame.spa.fl_str_mv |
reponame:Repositorio Institucional Séneca |
| dc.identifier.repourl.spa.fl_str_mv |
repourl:https://repositorio.uniandes.edu.co/ |
| url |
http://hdl.handle.net/1992/7741 |
| identifier_str_mv |
u754170.pdf instname:Universidad de los Andes reponame:Repositorio Institucional Séneca repourl:https://repositorio.uniandes.edu.co/ |
| dc.language.iso.es_CO.fl_str_mv |
eng |
| language |
eng |
| dc.rights.uri.*.fl_str_mv |
https://repositorio.uniandes.edu.co/static/pdf/aceptacion_uso_es.pdf |
| dc.rights.accessrights.spa.fl_str_mv |
info:eu-repo/semantics/openAccess |
| dc.rights.coar.spa.fl_str_mv |
http://purl.org/coar/access_right/c_abf2 |
| rights_invalid_str_mv |
https://repositorio.uniandes.edu.co/static/pdf/aceptacion_uso_es.pdf http://purl.org/coar/access_right/c_abf2 |
| eu_rights_str_mv |
openAccess |
| dc.format.extent.es_CO.fl_str_mv |
192 hojas |
| dc.format.mimetype.es_CO.fl_str_mv |
application/pdf |
| dc.publisher.es_CO.fl_str_mv |
Uniandes |
| dc.publisher.program.es_CO.fl_str_mv |
Doctorado en Ingeniería |
| dc.publisher.faculty.es_CO.fl_str_mv |
Facultad de Ingeniería |
| dc.source.es_CO.fl_str_mv |
instname:Universidad de los Andes reponame:Repositorio Institucional Séneca |
| instname_str |
Universidad de los Andes |
| institution |
Universidad de los Andes |
| reponame_str |
Repositorio Institucional Séneca |
| collection |
Repositorio Institucional Séneca |
| bitstream.url.fl_str_mv |
https://repositorio.uniandes.edu.co/bitstreams/74a25604-b4de-4865-97fb-e2b81a5c2040/download https://repositorio.uniandes.edu.co/bitstreams/81dbab80-671d-46a6-aa2f-bc1f703f652c/download https://repositorio.uniandes.edu.co/bitstreams/39f977e3-8b61-4a5f-a830-b95770532f0e/download |
| bitstream.checksum.fl_str_mv |
74a5d306908d5b3327e27690d69c8342 45e3cf5ab74b542d72458c204393db89 de8b0aeead7764531eb95df23d520252 |
| bitstream.checksumAlgorithm.fl_str_mv |
MD5 MD5 MD5 |
| repository.name.fl_str_mv |
Repositorio institucional Séneca |
| repository.mail.fl_str_mv |
adminrepositorio@uniandes.edu.co |
| _version_ |
1808390362266337280 |
| spelling |
Al consultar y hacer uso de este recurso, está aceptando las condiciones de uso establecidas por los autores.https://repositorio.uniandes.edu.co/static/pdf/aceptacion_uso_es.pdfinfo:eu-repo/semantics/openAccesshttp://purl.org/coar/access_right/c_abf2Donoso Meisel, Yezid Enrique26d2bbc7-baf2-4c2c-8527-79432dea4bba400Calle Ortega, Eusebi5e3dc455-5333-4506-a53c-5ec526e16bd5500Marzo, José Luiseee89f49-5792-41f6-a096-aa105d6ded14500Rueda Rodríguez, Sandra Julieta1da4858e-26fc-42a9-88f0-dbe0a1705059400Maldonado López, Ferney Alonsof045f480-8d85-4387-836d-86e93a7355b75002018-09-27T16:37:24Z2018-09-27T16:37:24Z2016http://hdl.handle.net/1992/7741u754170.pdfinstname:Universidad de los Andesreponame:Repositorio Institucional Sénecarepourl:https://repositorio.uniandes.edu.co/Software-Defined Networking (SDN) is a technology to develop communications networks that separates the network control layer from the data layer (packet forwarding). This separation allows greater flexibility when establishing new configurations. Thus, administrators can control the network through software without the need to access the physical configuration of each device. SDN networks have become important today due to the rapid growth of computer and network virtualization. Furthermore, this technology quickly responds to changes that may occur in the network due to its operation, failures or security incidents. That is, the network can be reprogrammed to respond to dynamic circumstances. Moreover, network functionalities such as load balancers, firewalls and intrusion detection systems can be programmed as logical rules of traffic. However, this technology is in continuous development and still faces interesting challenges for us. One of the challenge that generate high impact is errors in programming and configuration. These types of errors are the most common and account for between 50% and 80% of network failures. This dissertation seeks to contribute to verification mechanisms, based on logical techniques for specifying and verifying network functions as SDN applications. This thesis is focused on verifying the availability and network management based policies, and these policies are used for the specification and validation configurations. This research focuses on four aspects: 1) verification of invariants to validate network topologies, 2) network security by verifying firewall functions, 3) auditing of network settings against high-level policies, and 4) the validation of a SDN model as interdependent networks that suffers a sequential targeted attackLas redes definidas por software o Software-Defined Networking (SDN) son una tecnología para elaborar redes de comunicaciones que separa la capa de control de red de la capa de datos (reenvío de paquetes). Esta separación permite mayor flexibilidad al momento de establecer nuevas configuraciones. De esta forma, los administradores de red pueden controlar la red por medio de software sin necesidad de acceder a la configuración física de cada dispositivo. Las redes SDN han cobrado mayor importancia en la actualidad debido al crecimiento acelerado de virtualización en computación. Por otro lado, este tipo de tecnología responde rápidamente a los cambios que se pueden presentar en la red debido a su funcionamiento, fallas de seguridad o incidentes. Es decir, la red puede ser reprogramada para responder ante la dinámica de las circunstancias. Funciones de red como balanceadores de carga, firewalls, y sistemas de detección de intrusos pueden ser programados como reglas de tráfico. Sin embargo, esta tecnología se encuentra en una etapa de desarrollo temprana y aún enfrenta interesantes desafíos para su utilización. Uno de los que genera más impacto son los errores en la programación y configuración. Este tipo de errores son los más comunes y representan entre el 50% y el 80% de los fallos de red. Esta tesis de doctorado busca contribuir en mecanismos de verificación, basados en técnicas matemáticas para la especificación y verificación de funciones de red como aplicaciones para SDN. Esta tesis está orientada a la administración de redes basada en políticas, y dichas políticas son usadas para la especificación y validación de las configuraciones. Esta investigación se enfoca en tres aspectos: la verificación de invariantes de red para validar topologías, seguridad en redes mediante la verificación de funciones de firewall y una auditoría sobre las configuraciones dadas políticas de red de alto nivelDoctor en IngenieríaDoctorado192 hojasapplication/pdfengUniandesDoctorado en IngenieríaFacultad de Ingenieríainstname:Universidad de los Andesreponame:Repositorio Institucional SénecaValidation of availability and policy based management for programmable networksTrabajo de grado - Doctoradoinfo:eu-repo/semantics/doctoralThesishttp://purl.org/coar/resource_type/c_db06http://purl.org/coar/version/c_970fb48d4fbd8a85Texthttp://purl.org/redcol/resource_type/TDRedes definidas por software (Tecnología en redes de computador) - InvestigacionesRedes de computadores - Control de acceso - InvestigacionesRedes de computadores - Medidas de seguridad - InvestigacionesIngenieríaPublicationORIGINALu754170.pdfapplication/pdf3611952https://repositorio.uniandes.edu.co/bitstreams/74a25604-b4de-4865-97fb-e2b81a5c2040/download74a5d306908d5b3327e27690d69c8342MD51THUMBNAILu754170.pdf.jpgu754170.pdf.jpgIM Thumbnailimage/jpeg6170https://repositorio.uniandes.edu.co/bitstreams/81dbab80-671d-46a6-aa2f-bc1f703f652c/download45e3cf5ab74b542d72458c204393db89MD55TEXTu754170.pdf.txtu754170.pdf.txtExtracted texttext/plain405509https://repositorio.uniandes.edu.co/bitstreams/39f977e3-8b61-4a5f-a830-b95770532f0e/downloadde8b0aeead7764531eb95df23d520252MD541992/7741oai:repositorio.uniandes.edu.co:1992/77412023-10-10 17:58:38.4https://repositorio.uniandes.edu.co/static/pdf/aceptacion_uso_es.pdfopen.accesshttps://repositorio.uniandes.edu.coRepositorio institucional Sénecaadminrepositorio@uniandes.edu.co |