Search for: All records

Computer networks often serve as the first line of defense against malicious attacks. Although there are a growing number of software defined networking (SDN) tools for defining and enforcing security policies, most assume a single administrative domain and are unable to handle the challenges that arise in networks that could beneficially be programmed by multiple administrative domains. For example, consumers may want want to allow their home IoT networks to be configured by device vendors, which raises security and privacy concerns. In this paper we propose a framework called Proof Carrying Network Code (PCNC) for specifying and enforcing security in SDNs with interacting administrative domains. Like Proof Carrying Authorization (PCA), PCNC provides methods for authorization domains for network reprogramming, and like Proof Carrying Code (PCC), PCNC provides methods for enforcing desired behavior of network programs. We develop theoretical foundations for PCNC and evaluate it in simulated and real network settings, in a case study that considers security in IoT networks for at-home health monitoring.