towards sdn defined programmable byod bring your own
play

Towards SDN-Defined Programmable BYOD (Bring Your Own Device) - PowerPoint PPT Presentation

Jun 02, 2023 •153 likes •481 views

Towards SDN-Defined Programmable BYOD (Bring Your Own Device) Security Sungmin Hong , Robert Baykov, Lei Xu, Srinath Nadimpalli, Guofei Gu SUCCESS Lab Texas A&M University Outline Introduction & Motivation Related Work

  1. Towards SDN-Defined Programmable BYOD (Bring Your Own Device) Security Sungmin Hong , Robert Baykov, Lei Xu, Srinath Nadimpalli, Guofei Gu SUCCESS Lab Texas A&M University

  2. Outline • Introduction & Motivation • Related Work • Challenges • Our Solution PBS (Programmable BYOD Security) • Evaluation • Conclusion 2

  3. Bring Your Own Device • BYOD is the new paradigm in the workplace • 44% of users in developed countries and 75% in developing countries are now utilizing BYOD in the workplace 1 • The adoption rate shows no signs of slowing • Surveys have indicated that businesses are unable to stop employees from bringing personal devices into the workplace 2 Image source: www.itproportal.com 1 Logicalis, http://cxounplugged.com/2012/11/ovum byod research-findings-released/ 3 2 Wikipedia, https://en.wikipedia.org/wiki/Bring_your_own_device

  4. Admins’ Headache But during Apply it for Allow an email Anywhere the whole I need to set any one? I app any time in the work what apps want to and facebook workplace? are allowed hours? restrict the at lunch time? at work rule by role What if an I want to let a employee turn visitor access off WiFi and turn to the Internet on LTE to enjoy through Twitter at the different VLAN I need to bathroom What if the monitor what policy is apps access to changed ? our database Sigh… 4

  5. Admins’ Concerns • Ideally , • Manage & control BYOD devices easily, efficiently, and securely • Less budget expense • However , • Management of dynamic BYOD-enabled devices become significantly more complex • Diverse (biz/non-biz) apps to monitor • Network itself needs more security and management capabilities to protect enterprise resource • Additional infrastructure required 5

  6. Motivation of Our Work • Application Awareness & Network Visibility • App-aware network information & user/device contexts are invisible to traditional tools/infra. • App may send data through other network interfaces (e.g., 3G/4G) equipped in the device • Correlating app’s network activities with the contexts is not easy • Dynamic Policy Programming • Static access/policy control is not sufficient for network/BYOD dynamics for finer-grained management 6

  7. Outline • Introduction & Motivation • Related Work • Challenges • Our Solution PBS (Programmable BYOD Security) • Evaluation • Conclusion 7

  8. Related Work • Google • Android Device Administration (ADA) • Device-level control on password, remote device wiping, etc. • Limited interfaces and features • Android for Work (AFW) • “WorkProfile” to separate enterprise and personal app data • OS-level encryption and additional management APIs to third- party MDM/Enterprise Mobility Management (EMM) partners • Focus on device/app data control and protection • Limited functionalities to support dynamic context-aware policy enforcement • Samsung KNOX • Enterprise container to separate enterprise and personal app data • H/W-level encryption and management APIs to EMM partners • Dedicated device only • Limited functionalities to support dynamic context-aware policy enforcement 8

  9. Related Work • Mobile Device Management (MDM) • Provide additional granularity and complexity in management capabilities through ADA (normally through proprietary hardware) • Requires additional infrastructure and network reconfiguration • Android research • DeepDroid • Enforce app & context-aware policies to protect sensitive on-device resource by tracking the system APIs • Less fine-grained policy configuration • Lack programmable interfaces for dynamic, reactive policy enforcement è We provide a solution in our work to these shortcomings 9

  10. Outline • Introduction & Motivation • Related Work • Challenges • Our Solution PBS (Programmable BYOD Security) • Evaluation • Conclusion 10

  11. Research Challenges • Can we use traditional security solutions? • Difficult and inflexible for dynamic, N/W- and app-aware security policy enforcement (e.g., ACLs/firewalls) • Typically coupled with physical devices/resources instead of applications • Can we apply the legacy SDN infrastructure? • Additional cost to build/manage the infrastructure (e.g., OpenFlow- enabled switches) • Lack of BYOD specifics • App & context unaware • Loss of global visibility from other on-device network interfaces (3G/4G, BT, etc.) • How much granularity we should provide? • The finer granularity (from layer 2, app & context-aware), the more useful to security policy enforcement 11

  12. Outline • Introduction & Motivation • Related Work • Challenges • Our Solution PBS (Programmable BYOD Security) • Evaluation • Conclusion 12

  13. PBS (SDN-Defined Programmable BYOD Security) • Goals and Contributions • Fine-grained Access Control • Application & context-aware access control with layer2 and above granularity • Dynamic Policy Enforcement • Dynamic, reactive policy enforcement at run-time based on application-specific policy and network behavior • Network-wide Programmability • Programmable network-wide policy enforcement system to enterprise admin • Minor Performance Overhead • Minimize performance overhead and resource consumption for mobile devices • No Additional Infrastructure • On-device SDN-based solution without deploying additional OpenFlow switches 13

  14. Basic Idea (1/2) • Abstraction inside the device • App & Context awareness + Visibility • SDN-transparent flow management • No infrastructure required Mobile Device App A App B Host A Host B vport2 vport1 eth1 eth2 PBS Software Hardware HW v.s. SW Switch Client Switch vport4 vport3 eth3 eth4 … 3G/4 WiFi G Host C Server PBS Model Inside the Device Traditional SDN Data Plane 14

  15. Basic Idea (2/2) • Dynamic Programmability • SDN-based Network Programming Capabilities with: • App & Context awareness + Visibility • Policy language + Context Policy by App A App B Policy Language PBS (BYOD) Applications vport1 vport2 Software PBS Switch Programming Interface Client vport3 vport4 … App-aware Policy Manager 3G/4 WiFi Flow Manager Context G PBS Client PBS Controller (SDN-based) 15

  16. Operations • Application-aware flow control … Enterprise Mobile Facebook Email App App PBS App-aware Policy Engine User Client Flow Control Context PBS App … Net Inf. WiFi 3G/4G BT PBS Controller PBS WiFi Internet Business Enterprise Network Server Security BT 3G/4G Middlebox 16

  17. Operations • Visibility (No hidden network) … Enterprise Mobile Facebook Email App App PBS App-aware Policy Engine User Client Flow Control Context PBS App … Net Inf. WiFi 3G/4G BT PBS Controller PBS WiFi Internet Business Enterprise Network Server Security BT 3G/4G Middlebox 17

  18. Operations • Proactive Policy Enforcement … Enterprise Mobile Facebook Email App App Policy New Flow PBS App-aware Policy Engine User Action Policy Client Flow Control Context Policy PBS App … Net Inf. WiFi 3G/4G BT PBS Controller PBS WiFi Internet Business Enterprise Network Server Security BT 3G/4G Middlebox 18

  19. Operations • Dynamic & Reactive Policy Enforcement … Enterprise Mobile Facebook Email App App Policy Stats PBS Context App-aware Policy Engine User Action Client Flow Control Context Policy Policy BYOD Logic PBS App … Net Inf. WiFi 3G/4G BT PBS Controller PBS WiFi Internet Business Enterprise Network Server Security BT 3G/4G Middlebox 19

  20. Operations • Real-time Context … Mobile Enterprise Facebook Email App App Policy Stats PBS Context App-aware Policy Engine User Action Event Policy Client Flow Control Context Policy BYOD Logic PBS App … Net Inf. WiFi 3G/4G BT PBS Controller PBS WiFi Internet Business Enterprise Network Server Security BT 3G/4G Middlebox 20

  21. Operations • Tailored to Mobile Environment • Minimize the controller intervention • Optimize app & context aware flow management … Mobile Enterprise Facebook Email App App PBS … Message Two-tiered Short-circuit Client PushDown Programming PBS App … Net Inf. WiFi 3G/4G BT PBS Controller PBS WiFi Internet Business Enterprise Network Server Security BT 3G/4G Middlebox 21

  22. Operations • High-level Policy Language • Makes policy definition simple without requiring expert knowledge on SDN. Policy BYOD PBS App Logic PBS Controller 22

  23. Operations • Policy Example1 • Policy Example2 23

  24. Outline • Introduction & Motivation • Related Work • Challenges • Our Solution PBS (Programmable BYOD Security) • Evaluation • Conclusion 24

  25. Evaluation • Performance Overhead • Testing Environment • LG Nexus 5 with a Qualcomm MSM8974Snapdragon 800 CPU • Asus Nexus 7 tablet with an ARM Cortex-A9 • Both run Android system version 4.4 (KitKat) • Controller runs on Ubuntu Linux x64 with a Quad Core CPU with 8 GB RAM • Benchmark tools used for the evaluation: • Iperf, Antutu, Geekbench, Vellamo, and PCMark 25

  26. Performance • Network Throughput Benchmark • Test duration as 10 minutes with a two-second interval between periodic bandwidth reports. 90 80 Bandwidth (Mbps) ≈ 9% 70 60 50 W/O PBS 40 W/ PBS 30 ≈ 7% 20 10 0 NX5 NX7 • Battery Overhead (PCMark) ( Note that lower is better ) 26

Recommend

BYOD Informational Session Why BYOD? What is BYOD? BYOD is Bring Your Own Device. It is a Wake

BYOD Informational Session Why BYOD? What is BYOD? BYOD is Bring Your Own Device. It is a Wake

BYOD Informational Session Why BYOD? What is BYOD? BYOD is Bring Your Own Device. It is a Wake County initiative to assist students in integrating technology with learning. It will enable our students to become future- ready,

416 views • 18 slides
Bring Your Own Device (BYOD) 4 October 2016 What is BYOD? Define the characteristics of

Bring Your Own Device (BYOD) 4 October 2016 What is BYOD? Define the characteristics of

Bring Your Own Device (BYOD) 4 October 2016 What is BYOD? Define the characteristics of todays students Explore BYOD in the classroom Any Questions pollev.com/bishpoll Student Feedback BYOD Survey for Years 10 - 13. Student

474 views • 43 slides
2019 For Years 11 & 12 in 2019 BYOd Bring Your Own device Why BYOd? To sustain the

2019 For Years 11 & 12 in 2019 BYOd Bring Your Own device Why BYOd? To sustain the

BYOd at Tully SHS 2019 For Years 11 & 12 in 2019 BYOd Bring Your Own device Why BYOd? To sustain the success of the Tully SHS 1:1 mobile devices policy in years 11 & 12. This policy has allowed each senior student to have a mobile

202 views • 16 slides
Lower Moreland Township School District What is BYOD? Bring your own device (BYOD) Embraces

Lower Moreland Township School District What is BYOD? Bring your own device (BYOD) Embraces

Lower Moreland Township School District What is BYOD? Bring your own device (BYOD) Embraces devices students already own Students bring their device to school to assist their learning in the classroom Student devices access

528 views • 32 slides
Bring Your Own Device (BYOD) Information Session Tue 30 th October 2018 3:20pm & 5:00pm

Bring Your Own Device (BYOD) Information Session Tue 30 th October 2018 3:20pm & 5:00pm

Bring Your Own Device (BYOD) Information Session Tue 30 th October 2018 3:20pm & 5:00pm Welcome Mr Anthony Lanskey Principal Topics covered during this session 1. The what, how and why of BYOD and online learning 2. Responsibilities of

394 views • 22 slides
What is BYOD? Bring your own device (BYOD) refers to students bringing a personally

What is BYOD? Bring your own device (BYOD) refers to students bringing a personally

What is BYOD? Bring your own device (BYOD) refers to students bringing a personally owned device to school for the purpose of learning. A personally owned device is any technology device brought into the school and is owned by a

684 views • 26 slides
www.georgetownisd.org/byod What is BYOD? B ring Y our O wn D evice www.georgetownisd.org/byod

www.georgetownisd.org/byod What is BYOD? B ring Y our O wn D evice www.georgetownisd.org/byod

B ring Y our O wn D evice Photo Source: http://commons.wikimedia.org/wiki/File:Mobile_Ger%C3%A4te.jpg Information for Parents & Guardians Check Out Our BYOD Resources Online! This presentation is an overview of the BYOD program. For

742 views • 26 slides
BYOD and The AUP Bring Your Own Device The Acceptable Use Policy Some Information You Need to

BYOD and The AUP Bring Your Own Device The Acceptable Use Policy Some Information You Need to

BYOD and The AUP Bring Your Own Device The Acceptable Use Policy Some Information You Need to Know The Acceptable Use Policy TCDSB Students and Staff must adhere to the Electronic Communications System - Acceptable Use Policy (AUP) All

110 views • 9 slides
BYOD (Bring Your Own Device): Employee-owned Technology in the Workplace MCHRMA Spring

BYOD (Bring Your Own Device): Employee-owned Technology in the Workplace MCHRMA Spring

BYOD (Bring Your Own Device): Employee-owned Technology in the Workplace MCHRMA Spring Conference April 4, 2014 MINNESOTA COUNTIES INTERGOVERNMENTAL TRUST PRESENTED BY: Sonya Guggemos MCIT Staff Counsel for Risk Control sguggemos@mcit.org

735 views • 42 slides
PARENT INFORMATION EVENING BRING YOUR OWN DEVICE (BYOD) PROGRAM 2019 - 2020 WELCOME Mr Chris

PARENT INFORMATION EVENING BRING YOUR OWN DEVICE (BYOD) PROGRAM 2019 - 2020 WELCOME Mr Chris

PARENT INFORMATION EVENING BRING YOUR OWN DEVICE (BYOD) PROGRAM 2019 - 2020 WELCOME Mr Chris Van Maanen Associate Principal Mr Shaq Herath ICT Manager Mr John Agostinelli Teacher and the former ICT Director Brian

546 views • 19 slides
Assessing BYOD with the Smarthpone Pentest Framework Georgia

Assessing BYOD with the Smarthpone Pentest Framework Georgia

Assessing BYOD with the Smarthpone Pentest Framework Georgia Weidman BYOD Is Not New Contractor Laptop Rogue Access Point Gaming Console Tradi>onal Vulnerability Scanning

1.28k views • 95 slides
2019 Sheryl Carr, IT Services Manager scarr25@eq.edu.au Background Story Bring Your Own

2019 Sheryl Carr, IT Services Manager scarr25@eq.edu.au Background Story Bring Your Own

One 2 One Laptop Program @ HSHS 2019 Sheryl Carr, IT Services Manager scarr25@eq.edu.au Background Story Bring Your Own Device (BYOD) Our future and where we are heading o Financial member of Student Resource Scheme (SRS) o Annual fee

801 views • 15 slides
Bring Your Own Device IAPP KnowledgeNet Detroit November 5, 2013 Purpose Provide a forum to

Bring Your Own Device IAPP KnowledgeNet Detroit November 5, 2013 Purpose Provide a forum to

Bring Your Own Device IAPP KnowledgeNet Detroit November 5, 2013 Purpose Provide a forum to discuss implications of use of employee owned devices BYOD in the workplace Discuss competing priorities and concerns in creating and

669 views • 54 slides
LimeNET Open-Source Field Programmable RF Technology Driving Innovation in Wireless Networks From

LimeNET Open-Source Field Programmable RF Technology Driving Innovation in Wireless Networks From

LimeNET Open-Source Field Programmable RF Technology Driving Innovation in Wireless Networks From Field Programmable RF to Software Defined Networks Confidential Confidential 1 The FPRF Company Ultra flexible RF solutions Table of

285 views • 24 slides
Field Programmable Gate Arrays by Ketil Red Field Programmable Gate Array Integrated

Field Programmable Gate Arrays by Ketil Red Field Programmable Gate Array Integrated

A brief introduction to Field Programmable Gate Arrays by Ketil Red Field Programmable Gate Array Integrated circuit including a matrix of general-purpose programmable logic I I I I I I I I I I I I I I I I I I I I

439 views • 14 slides
PROGRAMMABLE LOGIC CONTROLLER Control Systems Types Programmable Logic Controllers

PROGRAMMABLE LOGIC CONTROLLER Control Systems Types Programmable Logic Controllers

PROGRAMMABLE LOGIC CONTROLLER Control Systems Types Programmable Logic Controllers Distributed Control System PC- Based Controls Programmable Logic Controllers PLC Sequential logic solver PID Calculations. Advanced

292 views • 27 slides
Regulatory Guidance on the Use of Field Programmable Gate of Field Programmable Gate Arrays in

Regulatory Guidance on the Use of Field Programmable Gate of Field Programmable Gate Arrays in

Regulatory Guidance on the Use of Field Programmable Gate of Field Programmable Gate Arrays in the U.S. October 13, 2015 Steven A. Arndt, Ph.D., P.E. Office of Nuclear Reactor Regulation The views expressed in this presentation are solely

542 views • 23 slides
ROMs, PLAs and FPGAs October 5, 2006 Typeset by Foil T EX Why Programmable Logic?

ROMs, PLAs and FPGAs October 5, 2006 Typeset by Foil T EX Why Programmable Logic?

ROMs, PLAs and FPGAs October 5, 2006 Typeset by Foil T EX Why Programmable Logic? Programmable logic technologies: Read-Only Memory (ROM) Programmable Logic Array (PLA) Programmable Array Logic (PAL) Field Programmable

283 views • 13 slides
CS 356: Computer Network Architectures Lecture 26: Router hardware, Software defined networking,

CS 356: Computer Network Architectures Lecture 26: Router hardware, Software defined networking,

CS 356: Computer Network Architectures Lecture 26: Router hardware, Software defined networking, and programmable routers [PD] chapter 3.4 Xiaowei Yang xwy@cs.duke.edu Overview Switching hardware Software defined networking

1.07k views • 70 slides
Programmable Switch Hardware ECE/CS598HPN Radhika Mittal Conventional SDN Programmable

Programmable Switch Hardware ECE/CS598HPN Radhika Mittal Conventional SDN Programmable

Programmable Switch Hardware ECE/CS598HPN Radhika Mittal Conventional SDN Programmable control plane . Data plane can support high bandwidth. But has limited flexibility. Restricted to conventional packet protocols. Software

556 views • 40 slides
Programable Logic Devices In the 1970s programmable logic circuits called programmable logic

Programable Logic Devices In the 1970s programmable logic circuits called programmable logic

Programable Logic Devices In the 1970s programmable logic circuits called programmable logic device (PLD) was introduced. They are based on a structure with an AND- OR array that makes it easy to implement SOP expression William Sandqvist

830 views • 64 slides
Flexible Building Blocks for Software Defined Network Function Virtualization

Flexible Building Blocks for Software Defined Network Function Virtualization

Introduction Solution Evaluation Summary Flexible Building Blocks for Software Defined Network Function Virtualization (Tenant-Programmable Virtual Networks) Aryan TaheriMonfared Chunming Rong Department of Electrical Engineering and

1.76k views • 37 slides
Whats the Most Important Thing How to w to Bring Bring Out th t the Best Best in You

Whats the Most Important Thing How to w to Bring Bring Out th t the Best Best in You

Whats the Most Important Thing How to w to Bring Bring Out th t the Best Best in You Your r Mil Millennials 1. Your manager does that allows and/or supports this kind of passion at work? 7 7 Pr Pract actices ices for for Great

412 views • 19 slides
Defined Eliminating barriers to adoption of IT Innovation Agenda t : 3 Keys to enabling

Defined Eliminating barriers to adoption of IT Innovation Agenda t : 3 Keys to enabling

Evolving towards Software Defined Eliminating barriers to adoption of IT Innovation Agenda t : 3 Keys to enabling innovation and transformation al Programmable data plane t Vertical disaggregation of network solutions

798 views • 40 slides

More recommend