towards sdn defined programmable byod bring your own
play

Towards SDN-Defined Programmable BYOD (Bring Your Own Device) - PowerPoint PPT Presentation

Jun 02, 2023 •153 likes •481 views

Towards SDN-Defined Programmable BYOD (Bring Your Own Device) Security Sungmin Hong , Robert Baykov, Lei Xu, Srinath Nadimpalli, Guofei Gu SUCCESS Lab Texas A&M University Outline Introduction & Motivation Related Work

  1. Towards SDN-Defined Programmable BYOD (Bring Your Own Device) Security Sungmin Hong , Robert Baykov, Lei Xu, Srinath Nadimpalli, Guofei Gu SUCCESS Lab Texas A&M University

  2. Outline • Introduction & Motivation • Related Work • Challenges • Our Solution PBS (Programmable BYOD Security) • Evaluation • Conclusion 2

  3. Bring Your Own Device • BYOD is the new paradigm in the workplace • 44% of users in developed countries and 75% in developing countries are now utilizing BYOD in the workplace 1 • The adoption rate shows no signs of slowing • Surveys have indicated that businesses are unable to stop employees from bringing personal devices into the workplace 2 Image source: www.itproportal.com 1 Logicalis, http://cxounplugged.com/2012/11/ovum byod research-findings-released/ 3 2 Wikipedia, https://en.wikipedia.org/wiki/Bring_your_own_device

  4. Admins’ Headache But during Apply it for Allow an email Anywhere the whole I need to set any one? I app any time in the work what apps want to and facebook workplace? are allowed hours? restrict the at lunch time? at work rule by role What if an I want to let a employee turn visitor access off WiFi and turn to the Internet on LTE to enjoy through Twitter at the different VLAN I need to bathroom What if the monitor what policy is apps access to changed ? our database Sigh… 4

  5. Admins’ Concerns • Ideally , • Manage & control BYOD devices easily, efficiently, and securely • Less budget expense • However , • Management of dynamic BYOD-enabled devices become significantly more complex • Diverse (biz/non-biz) apps to monitor • Network itself needs more security and management capabilities to protect enterprise resource • Additional infrastructure required 5

  6. Motivation of Our Work • Application Awareness & Network Visibility • App-aware network information & user/device contexts are invisible to traditional tools/infra. • App may send data through other network interfaces (e.g., 3G/4G) equipped in the device • Correlating app’s network activities with the contexts is not easy • Dynamic Policy Programming • Static access/policy control is not sufficient for network/BYOD dynamics for finer-grained management 6

  7. Outline • Introduction & Motivation • Related Work • Challenges • Our Solution PBS (Programmable BYOD Security) • Evaluation • Conclusion 7

  8. Related Work • Google • Android Device Administration (ADA) • Device-level control on password, remote device wiping, etc. • Limited interfaces and features • Android for Work (AFW) • “WorkProfile” to separate enterprise and personal app data • OS-level encryption and additional management APIs to third- party MDM/Enterprise Mobility Management (EMM) partners • Focus on device/app data control and protection • Limited functionalities to support dynamic context-aware policy enforcement • Samsung KNOX • Enterprise container to separate enterprise and personal app data • H/W-level encryption and management APIs to EMM partners • Dedicated device only • Limited functionalities to support dynamic context-aware policy enforcement 8

  9. Related Work • Mobile Device Management (MDM) • Provide additional granularity and complexity in management capabilities through ADA (normally through proprietary hardware) • Requires additional infrastructure and network reconfiguration • Android research • DeepDroid • Enforce app & context-aware policies to protect sensitive on-device resource by tracking the system APIs • Less fine-grained policy configuration • Lack programmable interfaces for dynamic, reactive policy enforcement è We provide a solution in our work to these shortcomings 9

  10. Outline • Introduction & Motivation • Related Work • Challenges • Our Solution PBS (Programmable BYOD Security) • Evaluation • Conclusion 10

  11. Research Challenges • Can we use traditional security solutions? • Difficult and inflexible for dynamic, N/W- and app-aware security policy enforcement (e.g., ACLs/firewalls) • Typically coupled with physical devices/resources instead of applications • Can we apply the legacy SDN infrastructure? • Additional cost to build/manage the infrastructure (e.g., OpenFlow- enabled switches) • Lack of BYOD specifics • App & context unaware • Loss of global visibility from other on-device network interfaces (3G/4G, BT, etc.) • How much granularity we should provide? • The finer granularity (from layer 2, app & context-aware), the more useful to security policy enforcement 11

  12. Outline • Introduction & Motivation • Related Work • Challenges • Our Solution PBS (Programmable BYOD Security) • Evaluation • Conclusion 12

  13. PBS (SDN-Defined Programmable BYOD Security) • Goals and Contributions • Fine-grained Access Control • Application & context-aware access control with layer2 and above granularity • Dynamic Policy Enforcement • Dynamic, reactive policy enforcement at run-time based on application-specific policy and network behavior • Network-wide Programmability • Programmable network-wide policy enforcement system to enterprise admin • Minor Performance Overhead • Minimize performance overhead and resource consumption for mobile devices • No Additional Infrastructure • On-device SDN-based solution without deploying additional OpenFlow switches 13

  14. Basic Idea (1/2) • Abstraction inside the device • App & Context awareness + Visibility • SDN-transparent flow management • No infrastructure required Mobile Device App A App B Host A Host B vport2 vport1 eth1 eth2 PBS Software Hardware HW v.s. SW Switch Client Switch vport4 vport3 eth3 eth4 … 3G/4 WiFi G Host C Server PBS Model Inside the Device Traditional SDN Data Plane 14

  15. Basic Idea (2/2) • Dynamic Programmability • SDN-based Network Programming Capabilities with: • App & Context awareness + Visibility • Policy language + Context Policy by App A App B Policy Language PBS (BYOD) Applications vport1 vport2 Software PBS Switch Programming Interface Client vport3 vport4 … App-aware Policy Manager 3G/4 WiFi Flow Manager Context G PBS Client PBS Controller (SDN-based) 15

  16. Operations • Application-aware flow control … Enterprise Mobile Facebook Email App App PBS App-aware Policy Engine User Client Flow Control Context PBS App … Net Inf. WiFi 3G/4G BT PBS Controller PBS WiFi Internet Business Enterprise Network Server Security BT 3G/4G Middlebox 16

  17. Operations • Visibility (No hidden network) … Enterprise Mobile Facebook Email App App PBS App-aware Policy Engine User Client Flow Control Context PBS App … Net Inf. WiFi 3G/4G BT PBS Controller PBS WiFi Internet Business Enterprise Network Server Security BT 3G/4G Middlebox 17

  18. Operations • Proactive Policy Enforcement … Enterprise Mobile Facebook Email App App Policy New Flow PBS App-aware Policy Engine User Action Policy Client Flow Control Context Policy PBS App … Net Inf. WiFi 3G/4G BT PBS Controller PBS WiFi Internet Business Enterprise Network Server Security BT 3G/4G Middlebox 18

  19. Operations • Dynamic & Reactive Policy Enforcement … Enterprise Mobile Facebook Email App App Policy Stats PBS Context App-aware Policy Engine User Action Client Flow Control Context Policy Policy BYOD Logic PBS App … Net Inf. WiFi 3G/4G BT PBS Controller PBS WiFi Internet Business Enterprise Network Server Security BT 3G/4G Middlebox 19

  20. Operations • Real-time Context … Mobile Enterprise Facebook Email App App Policy Stats PBS Context App-aware Policy Engine User Action Event Policy Client Flow Control Context Policy BYOD Logic PBS App … Net Inf. WiFi 3G/4G BT PBS Controller PBS WiFi Internet Business Enterprise Network Server Security BT 3G/4G Middlebox 20

  21. Operations • Tailored to Mobile Environment • Minimize the controller intervention • Optimize app & context aware flow management … Mobile Enterprise Facebook Email App App PBS … Message Two-tiered Short-circuit Client PushDown Programming PBS App … Net Inf. WiFi 3G/4G BT PBS Controller PBS WiFi Internet Business Enterprise Network Server Security BT 3G/4G Middlebox 21

  22. Operations • High-level Policy Language • Makes policy definition simple without requiring expert knowledge on SDN. Policy BYOD PBS App Logic PBS Controller 22

  23. Operations • Policy Example1 • Policy Example2 23

  24. Outline • Introduction & Motivation • Related Work • Challenges • Our Solution PBS (Programmable BYOD Security) • Evaluation • Conclusion 24

  25. Evaluation • Performance Overhead • Testing Environment • LG Nexus 5 with a Qualcomm MSM8974Snapdragon 800 CPU • Asus Nexus 7 tablet with an ARM Cortex-A9 • Both run Android system version 4.4 (KitKat) • Controller runs on Ubuntu Linux x64 with a Quad Core CPU with 8 GB RAM • Benchmark tools used for the evaluation: • Iperf, Antutu, Geekbench, Vellamo, and PCMark 25

  26. Performance • Network Throughput Benchmark • Test duration as 10 minutes with a two-second interval between periodic bandwidth reports. 90 80 Bandwidth (Mbps) ≈ 9% 70 60 50 W/O PBS 40 W/ PBS 30 ≈ 7% 20 10 0 NX5 NX7 • Battery Overhead (PCMark) ( Note that lower is better ) 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

BYOD Informational Session Why BYOD? What is BYOD? BYOD is Bring Your Own Device. It is a Wake

BYOD Informational Session Why BYOD? What is BYOD? BYOD is Bring Your Own Device. It is a Wake

BYOD Informational Session Why BYOD? What is BYOD? BYOD is Bring Your Own Device. It is a Wake County initiative to assist students in integrating technology with learning. It will enable our students to become future- ready,

415 views • 18 slides
Bring Your Own Device (BYOD) 4 October 2016 What is BYOD? Define the characteristics of

Bring Your Own Device (BYOD) 4 October 2016 What is BYOD? Define the characteristics of

Bring Your Own Device (BYOD) 4 October 2016 What is BYOD? Define the characteristics of todays students Explore BYOD in the classroom Any Questions pollev.com/bishpoll Student Feedback BYOD Survey for Years 10 - 13. Student

474 views • 43 slides
2019 For Years 11 & 12 in 2019 BYOd Bring Your Own device Why BYOd? To sustain the

2019 For Years 11 & 12 in 2019 BYOd Bring Your Own device Why BYOd? To sustain the

BYOd at Tully SHS 2019 For Years 11 & 12 in 2019 BYOd Bring Your Own device Why BYOd? To sustain the success of the Tully SHS 1:1 mobile devices policy in years 11 & 12. This policy has allowed each senior student to have a mobile

202 views • 16 slides
Lower Moreland Township School District What is BYOD? Bring your own device (BYOD) Embraces

Lower Moreland Township School District What is BYOD? Bring your own device (BYOD) Embraces

Lower Moreland Township School District What is BYOD? Bring your own device (BYOD) Embraces devices students already own Students bring their device to school to assist their learning in the classroom Student devices access

528 views • 32 slides
Bring Your Own Device (BYOD) Information Session Tue 30 th October 2018 3:20pm & 5:00pm

Bring Your Own Device (BYOD) Information Session Tue 30 th October 2018 3:20pm & 5:00pm

Bring Your Own Device (BYOD) Information Session Tue 30 th October 2018 3:20pm & 5:00pm Welcome Mr Anthony Lanskey Principal Topics covered during this session 1. The what, how and why of BYOD and online learning 2. Responsibilities of

394 views • 22 slides
What is BYOD? Bring your own device (BYOD) refers to students bringing a personally

What is BYOD? Bring your own device (BYOD) refers to students bringing a personally

What is BYOD? Bring your own device (BYOD) refers to students bringing a personally owned device to school for the purpose of learning. A personally owned device is any technology device brought into the school and is owned by a

683 views • 26 slides
www.georgetownisd.org/byod What is BYOD? B ring Y our O wn D evice www.georgetownisd.org/byod

www.georgetownisd.org/byod What is BYOD? B ring Y our O wn D evice www.georgetownisd.org/byod

B ring Y our O wn D evice Photo Source: http://commons.wikimedia.org/wiki/File:Mobile_Ger%C3%A4te.jpg Information for Parents & Guardians Check Out Our BYOD Resources Online! This presentation is an overview of the BYOD program. For

742 views • 26 slides
BYOD and The AUP Bring Your Own Device The Acceptable Use Policy Some Information You Need to

BYOD and The AUP Bring Your Own Device The Acceptable Use Policy Some Information You Need to

BYOD and The AUP Bring Your Own Device The Acceptable Use Policy Some Information You Need to Know The Acceptable Use Policy TCDSB Students and Staff must adhere to the Electronic Communications System - Acceptable Use Policy (AUP) All

110 views • 9 slides
BYOD (Bring Your Own Device): Employee-owned Technology in the Workplace MCHRMA Spring

BYOD (Bring Your Own Device): Employee-owned Technology in the Workplace MCHRMA Spring

BYOD (Bring Your Own Device): Employee-owned Technology in the Workplace MCHRMA Spring Conference April 4, 2014 MINNESOTA COUNTIES INTERGOVERNMENTAL TRUST PRESENTED BY: Sonya Guggemos MCIT Staff Counsel for Risk Control sguggemos@mcit.org

734 views • 42 slides
PARENT INFORMATION EVENING BRING YOUR OWN DEVICE (BYOD) PROGRAM 2019 - 2020 WELCOME Mr Chris

PARENT INFORMATION EVENING BRING YOUR OWN DEVICE (BYOD) PROGRAM 2019 - 2020 WELCOME Mr Chris

PARENT INFORMATION EVENING BRING YOUR OWN DEVICE (BYOD) PROGRAM 2019 - 2020 WELCOME Mr Chris Van Maanen Associate Principal Mr Shaq Herath ICT Manager Mr John Agostinelli Teacher and the former ICT Director Brian

546 views • 19 slides
Assessing BYOD with the Smarthpone Pentest Framework Georgia

Assessing BYOD with the Smarthpone Pentest Framework Georgia

Assessing BYOD with the Smarthpone Pentest Framework Georgia Weidman BYOD Is Not New Contractor Laptop Rogue Access Point Gaming Console Tradi>onal Vulnerability Scanning

1.28k views • 95 slides
2019 Sheryl Carr, IT Services Manager scarr25@eq.edu.au Background Story Bring Your Own

2019 Sheryl Carr, IT Services Manager scarr25@eq.edu.au Background Story Bring Your Own

One 2 One Laptop Program @ HSHS 2019 Sheryl Carr, IT Services Manager scarr25@eq.edu.au Background Story Bring Your Own Device (BYOD) Our future and where we are heading o Financial member of Student Resource Scheme (SRS) o Annual fee

801 views • 15 slides
Bring Your Own Device IAPP KnowledgeNet Detroit November 5, 2013 Purpose Provide a forum to

Bring Your Own Device IAPP KnowledgeNet Detroit November 5, 2013 Purpose Provide a forum to

Bring Your Own Device IAPP KnowledgeNet Detroit November 5, 2013 Purpose Provide a forum to discuss implications of use of employee owned devices BYOD in the workplace Discuss competing priorities and concerns in creating and

669 views • 54 slides
LimeNET Open-Source Field Programmable RF Technology Driving Innovation in Wireless Networks From

LimeNET Open-Source Field Programmable RF Technology Driving Innovation in Wireless Networks From

LimeNET Open-Source Field Programmable RF Technology Driving Innovation in Wireless Networks From Field Programmable RF to Software Defined Networks Confidential Confidential 1 The FPRF Company Ultra flexible RF solutions Table of

285 views • 24 slides
Field Programmable Gate Arrays by Ketil Red Field Programmable Gate Array Integrated

Field Programmable Gate Arrays by Ketil Red Field Programmable Gate Array Integrated

A brief introduction to Field Programmable Gate Arrays by Ketil Red Field Programmable Gate Array Integrated circuit including a matrix of general-purpose programmable logic I I I I I I I I I I I I I I I I I I I I

439 views • 14 slides
PROGRAMMABLE LOGIC CONTROLLER Control Systems Types Programmable Logic Controllers

PROGRAMMABLE LOGIC CONTROLLER Control Systems Types Programmable Logic Controllers

PROGRAMMABLE LOGIC CONTROLLER Control Systems Types Programmable Logic Controllers Distributed Control System PC- Based Controls Programmable Logic Controllers PLC Sequential logic solver PID Calculations. Advanced

292 views • 27 slides
Birthdays! The published graphs show data from 30 days in the year Chris Mulligans data graph:

Birthdays! The published graphs show data from 30 days in the year Chris Mulligans data graph:

Birthdays! The published graphs show data from 30 days in the year Chris Mulligans data graph: all 366 days Matt Stiless heatmap Aki Vehtaris decomposition The blessing of dimensionality We learned by looking at 366 questions at

595 views • 44 slides
Representation of a dissimilarity matrix using reticulograms Pierre Legendre Universit de

Representation of a dissimilarity matrix using reticulograms Pierre Legendre Universit de

Representation of a dissimilarity matrix using reticulograms Pierre Legendre Universit de Montral and Vladimir Makarenkov Universit du Qubec Montral DIMACS Workshop on Reticulated Evolution, Rutgers University, September 20-21,

657 views • 32 slides
GekoCloud DevOps & Cloud Solution Provider Who we are? The cloud consulting that you need

GekoCloud DevOps & Cloud Solution Provider Who we are? The cloud consulting that you need

GekoCloud DevOps & Cloud Solution Provider Who we are? The cloud consulting that you need Geko provide solutions that helps companies with the cloud adoption, hybrid computing, container artifact development and all the DevOps methodology

417 views • 21 slides
Magnetic Fields Wei Pan Sandia National Labs Sandia is a multi-mission laboratory operated by

Magnetic Fields Wei Pan Sandia National Labs Sandia is a multi-mission laboratory operated by

Quantum Hall Effect in Vanishing Magnetic Fields Wei Pan Sandia National Labs Sandia is a multi-mission laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energys National Nuclear Sandia

900 views • 57 slides
The United States: The Most Vibrant Wireless Market in the World Ralph de la Vega President and

The United States: The Most Vibrant Wireless Market in the World Ralph de la Vega President and

CTIA Wireless I.T. & Entertainment The United States: The Most Vibrant Wireless Market in the World Ralph de la Vega President and CEO, AT&T Mobility and Consumer Markets Fact 1 U.S. Is Most Competitive Wireless Market Most Carriers

530 views • 14 slides
CONTENTS BUSINESS EXECUTIVES PUBLIC OFFICIALS Problems with presentations POLITICIANS Layout

CONTENTS BUSINESS EXECUTIVES PUBLIC OFFICIALS Problems with presentations POLITICIANS Layout

HOW TO PRESENT R&D ACTIVITIES TO: CONTENTS BUSINESS EXECUTIVES PUBLIC OFFICIALS Problems with presentations POLITICIANS Layout of a presentation (Stockholm, 4th December 2001 ) How to prepare the content of a presentation What Business

496 views • 6 slides
reproductive isolation in Eucalyptus Matthew Larcombe, Dorothy Steane , Rebecca Jones, Dean

reproductive isolation in Eucalyptus Matthew Larcombe, Dorothy Steane , Rebecca Jones, Dean

Phylogenetic patterns of reproductive isolation in Eucalyptus Matthew Larcombe, Dorothy Steane , Rebecca Jones, Dean Nicolle, Barbara Holland, Ren Vaillancourt, Brad Potts Modes of Reproductive Isolation 1. Pre- mating (e.g., species dont

544 views • 26 slides
MOL2NET, 2017 , 3, doi:10.3390/mol2net-03-xxxx 2 Materials and Methods The hardware composes a

MOL2NET, 2017 , 3, doi:10.3390/mol2net-03-xxxx 2 Materials and Methods The hardware composes a

MOL2NET, 2017 , 3, doi:10.3390/mol2net-03-xxxx 1 MOL2NET, International Conference Series on Multidisciplinary Sciences MDPI http://sciforum.net/conference/mol2net-03 Optimizing queries via search server ElasticSearch: a study applied to large

558 views • 3 slides

More recommend