Grants and Contributions:

Back to search

Title:

Secure Deployment of Network Configuration

Agreement Number:

RGPIN

Agreement Value:

$100,000.00

Agreement Date:

May 10, 2017 -

Organization:

Natural Sciences and Engineering Research Council of Canada

Location:

Quebec, CA

Reference Number:

GC-2017-Q1-03408

Agreement Type:

Grant

Report Type:

Grants and Contributions

Additional Information:

Grant or Award spanning more than one fiscal year. (2017-2018 to 2022-2023)

Recipient's Legal Name:

Atwood, John (Concordia University)

Program:

Discovery Grants Program - Individual

Program Purpose:

Secure deployment of configuration information for network devices has been possible for a long time, but is relatively little used, because almost all of the management of Internet security has to be done manually. The security aspect is particularly difficult to retrofit to legacy equipment, especially in industries that use equipment with long expected lifetimes. Using a combination of novel intermediaries, careful assessment of management needs, and concepts from autonomic networks, we will investigate ways to reduce the initial and on-going costs of security enforcement, in ways that "play well" with existing operational practices.
Our long-term objective is to formulate secure methods to manage the deployment of network configuration that are sufficiently automated that they will actually be deployed in operational networks, thus providing effective security for these networks.
The research program will encompass four main areas of activity:
1) Development and validation of methods for managing the security of routing protocols, without requiring manual intervention by networking staff;
2) Exploration and validation of methods for managing mixed deployments of legacy devices and modern devices, while minimizing the disruption and maximizing the security during the transitioning of the control paradigm, thus encouraging the adoption of more up-to-date control and performance-assessment technologies, without requiring the de-commissioning of legacy equipment;
3) Demonstration of the utility of our security-management approach in the area of Software-Defined Networking, specifically on the control path between the controller and the switches, which will make it easier to ensure the security of the managed objects;
4) Assessment of selected application areas, such as power grids and industrial plants, as candidates for secure management of legacy devices, using our mixed-deployment solution.
The lack of deployment for security solutions is based on an assessment (by network management executives) that the potential cost of security breaches is smaller than the cost of installing and maintaining the security solutions. The novelty of our work comes from the fact that we expect to be able to substantially lower the recurring costs of security management, to the point where the expected cost of maintaining (real) security is attractive (or at least acceptable). Governmental mandates will increase the desirability of these approaches, as they will increase the cost of not complying.
The proposed areas of study will facilitate increased security in the Internet, which in turn responds to the statement by the Internet Engineering Task Force (the Standards Development Organization for the Internet) that "pervasive surveillance is an attack", which can only be mitigated by pervasive security.