Back to Table of contents

Primeur weekly 2015-03-02

Special

ASCETiC project to reduce energy consumption of Cloud platforms ...

Focus

2014 Another year on the road to Exascale - An Interview with Satoshi Matsuoka and Thomas Sterling - Part II ...

Mont Blanc vision complements On the Road to Exascale interview ...

The Cloud

ISC Cloud & Big Data is now open for research paper submission ...

EuroFlash

Stalprodukt S.A. selects Cray XC30 supercomputer for modelling steel designs ...

Bright Cluster Manager now supports SUSE Linux Enterprise Server 12 ...

Asetek announces global OEM purchase agreement with Fujitsu ...

ADVA Optical Networking to demonstrate virtualization in radio access backhaul networks at Mobile World Congress ...

TDC deploys Oscilloquartz synchronization technology in National Danish Network ...

Queen's researchers in bid to develop world's fastest supercomputers ...

Supermicro expands embedded computing solutions with new wireless IoT gateway at Embedded World, Nürnberg ...

Ensuring security for networks of the future ...

USFlash

Cirrascale announces rackmount multi-device peering platform for highly parallel applications ...

Penguin Computing announces Scyld ClusterWare for Hadoop ...

Adaptive Computing appoints Marty Smuin as CEO ...

Innovative AMD FirePro server GPU supports intense compute workloads on HP ProLiant DL380 Gen9 servers ...

Mellanox ConnectX-4 100Gb/s Interconnect adapter delivers record performance results ...

Tohoku University and Fujitsu succeed in real-time flood analysis using supercomputer-based high-resolution tsunami modelling ...

Fujitsu M10 UNIX server achieves world-record performance once again on two-tier SAP SD standard application benchmark with 20% less CPU resources ...

Fujitsu develops column-oriented data-processing engine enabling fast, high-volume data analysis in database systems ...

AMD discloses architecture details of high-performance, energy-efficient "Carrizo" System-on-Chip ...

Undergraduate OSC researcher heading to UK ...

IBM and Juniper Networks partner to build smarter networks with predictive analytics ...

MySQL Cluster 7.4 now generally available ...

Intersect360 Research releases predictions for HPC in 2015 ...

Ensuring security for networks of the future


Fraunhofer AISEC
27 Feb 2015 Garching - Today's company networks comprise hundreds of devices: routers for directing data packets to the right receiver, firewall components for protecting internal networks from the outside world, and network switches. Such networks are extremely inflexible because every component, every router and every switch can carry out only the task it was manufactured for. If the network has to be expanded, the company has to integrate new routers, firewalls or switches and then program them by hand. That's why experts worldwide have been working on flexible networks of the future for the last five years or so, developing what is known as software-defined networking (SDN). It presents one disadvantage, however; it is susceptible to hacker attacks.

Researchers from the Fraunhofer Institute for Applied and Integrated Security AISEC in Garching, near Munich, will be showing how to make SDN secure at the CeBIT trade fair in Hannover, March 16-20, 2015. A demonstrator at the Fraunhofer exhibition stand (Hall 9, Booth E40) will show how SDN and all related components can be monitored. One of these components is visualization software, which displays the network's individual components and depicts in real time how the various applications are communicating with the controller. "We can show how software influences the behaviour of different components using the controller, or, in the case of an attack, how it disrupts them", stated Christian Banse, a security expert at AISEC.

But how exactly does SDN work, and why is it so vulnerable to attack? "In the future, the plan is for a central control unit to tell the many network components what to do. To put it simply, routers, firewalls and switches lose their individual intelligence - they only follow orders from the controller", stated Christian Banse. This makes a network much more flexible, because the controller can allocate completely new tasks to a router or switch that were not intended when the component was manufactured. Plus, the tedious task of manually configuring components during installation is eliminated because components no longer need to be assigned to a specific place in the network - the controller simply uses them as needed at the moment.

Manufacturers have begun offering the first routers and switches that are SDN-compatible and have the necessary flexibility. "With all the hype surrounding the new adaptability made possible by a central control unit, SDN security has been neglected", warned Christian Banse. "That's why we're developing solutions to make SDN more secure from the outset, before such systems become firmly established." In the future, networks will be controlled solely by a central controller - Christian Banse sees this as a problem, because it might provide the perfect loophole for attackers to access the entire network. "On top of that, a whole set of new applications are being developed for SDN - for instance for firewall components or routing", stated Christian Banse. "We have make sure that these applications are reliable." It would be disastrous if, for example, outsiders were able to gain access to the company network using software installed accessing the controller.

That's why Christian Banse and his colleagues started off by analyzing the interaction of all SDN components to identify vulnerabilities. "You have to precisely define how deep into the network a new application is allowed to go, for example. Otherwise the stability and security of the network is not guaranteed." So far, there are no sufficient security standards for communication among individual SDN components, but AISEC researchers are lobbying hard for an international standard. In addition to their visualization solution, at CeBIT Christian Banse and his team will also present technical means for preventing unauthorized applications or malware from gaining access to SDN systems. They are developing ways to monitor if an app really carries out only the task for which it was intended. If it performs unplanned or undesirable activities, i.e. malware, it is rejected and blocked by the system.
Source: Fraunhofer Gesellschaft

Back to Table of contents

Primeur weekly 2015-03-02

Special

ASCETiC project to reduce energy consumption of Cloud platforms ...

Focus

2014 Another year on the road to Exascale - An Interview with Satoshi Matsuoka and Thomas Sterling - Part II ...

Mont Blanc vision complements On the Road to Exascale interview ...

The Cloud

ISC Cloud & Big Data is now open for research paper submission ...

EuroFlash

Stalprodukt S.A. selects Cray XC30 supercomputer for modelling steel designs ...

Bright Cluster Manager now supports SUSE Linux Enterprise Server 12 ...

Asetek announces global OEM purchase agreement with Fujitsu ...

ADVA Optical Networking to demonstrate virtualization in radio access backhaul networks at Mobile World Congress ...

TDC deploys Oscilloquartz synchronization technology in National Danish Network ...

Queen's researchers in bid to develop world's fastest supercomputers ...

Supermicro expands embedded computing solutions with new wireless IoT gateway at Embedded World, Nürnberg ...

Ensuring security for networks of the future ...

USFlash

Cirrascale announces rackmount multi-device peering platform for highly parallel applications ...

Penguin Computing announces Scyld ClusterWare for Hadoop ...

Adaptive Computing appoints Marty Smuin as CEO ...

Innovative AMD FirePro server GPU supports intense compute workloads on HP ProLiant DL380 Gen9 servers ...

Mellanox ConnectX-4 100Gb/s Interconnect adapter delivers record performance results ...

Tohoku University and Fujitsu succeed in real-time flood analysis using supercomputer-based high-resolution tsunami modelling ...

Fujitsu M10 UNIX server achieves world-record performance once again on two-tier SAP SD standard application benchmark with 20% less CPU resources ...

Fujitsu develops column-oriented data-processing engine enabling fast, high-volume data analysis in database systems ...

AMD discloses architecture details of high-performance, energy-efficient "Carrizo" System-on-Chip ...

Undergraduate OSC researcher heading to UK ...

IBM and Juniper Networks partner to build smarter networks with predictive analytics ...

MySQL Cluster 7.4 now generally available ...

Intersect360 Research releases predictions for HPC in 2015 ...