SARNET: Security Autonomous Response with programmable NETworks.


2015-04-29 I2 Global summit, Washington, 16h30 - 17h30.

Session: "Creating a SARNET Alliance", TIME 04/29/15 04:30PM-05:30PM, ROOM Meeting Room 12/13/14
16h30 Cees de Laat University of Amsterdam Opening  and introduction
16h35 Leon Gommans AirFrance/KLM Creating a SARNET alliance: Applying the Service Provider Group Framework
16h55 Rodney Wilson CIENA SARNET testbed
17h05 Cees de Laat University of Amsterdam Panel introduction
17h06 Chip Elliot BBN The GENI perspective
17h10 Ken Klingenstein Internet2 Lessons learned on Trust
17h14 Inder Monga ESnet Learning to trust is one of life's most difficult tasks.
17h18 Jerry Sobieski NORDUnet Flow (DDOS) Security in Emerging Internets: How to create Peaceful Domains (unbaked arbitrary musings)
17h22 Panel

Panel discussion moderated by Cees de Laat
17h30 Cees de Laat University of Amsterdam end


In RFC1958 "Architectural principles of the Internet", Brian Carpenter states that : Endpoints should not depend on the confidentiality or integrity of the carriers. Carriers may choose to provide some level of protection, but this is secondary to the primary responsibility of the end users to protect themselves. Several cyber-security incidents showed that end users are not always able to implement the stated responsibility. Also, end-user availability is increasingly being affected by cyber attacks such as (D)DoS attacks. All such events justify the question if the statement regarding the expected protection of carriers, should be revisited, in particular when answering the question what it means to allow carriers to provide some level of protection. As the Internet is constructed using many infrastructures from different carriers, finding answers to such a question is not trivial. Important sub-questions would be:
  • What incentives would drive the need to have carriers collaborate to provide protection?
If such need can be identified, an important other sub-questions would be
  • What is needed to have carriers and end user networks collaborate?
  • How can carriers and end user networks trust each other when detecting incidents and providing protective responses in an automated way?
Above questions are part of a Dutch research project, headed by University of Amsterdam involving TNO, Ciena and Air France - KLM, called "Security Autonomous Response NETwork" (SARNET). This project investigates how detection and protection concepts, using SDN / NFV based technologies, can provide autonomous protection against various types of cyber attacks. Part of this research considers what it would need to organize a SARNET as an alliance of collaborating carrier and end user networks. This working meeting will present and discuss the SARNET concepts and will subsequently focus on the question how to organize a SARNET Alliance, where participating community partners form a Service Provider Group creating the necessary trust enabling collaboration.

This meeting basically is a follow up on our previous session at the Internet2 2012 spring meeting [3].
[1] Leon Gommans, John Vollbrecht, Betty Gommans - de Bruijn, Cees de Laat, "The Service Provider Group Framework; A framework for arranging trust and power to facilitate authorization of network services.", Future Generation Computer Systems, (Accepted paper), June 2014
[2] Leon Gommans, "Multi-Domain Authorization for e-Infrastructures", UvA, Dec 2014.
[3] Internet2 2012 spring meeting: speakers: Leon Gommans , John Vollbrecht, chair:  Cees de Laat, "Trust Framework for Multi-Domain Authorization"

The projects:

  • Security Autonomous Response with programmable NETworks.

    • Investigates questions on best ways to provide autonomous responses to cyber-security threats by automated security state monitoring using software defined, virtualized detection & defense mechanisms.
    • [2 PhD students, collaboration: Air France KLM, CIENA, TNO, UvA]
  • Creating a SARNET Alliance

    • Investigates questions on how to organize SARNET functionalities across multiple Service Provider- and Enterprise Networks, where each participant must trust other participants to correctly detect and mitigate cyber threats, whilst authorizing each other to be involved. [1 PhD student, collaboration: Air France - KLM, COMMIT, UvA CS + Legal faculty]