计算机学院学术论坛报告
Academic Forum on Computer Science and Technology
特邀报告 第 61 期(总第 175 期)
主题报告: 面向数据中心网络的混合安全架构
报 告 人: 席康 副教授(纽约大学理工学院电气与计算机工程系)
报告时间: 2011年7月 22日(周五)14:00~15:00
报告地点: 上海大学 延长校区 行健楼734室
邀 请 人: 钱权 副研究员
Abstract:
Recent years have seen rapid growth of data centers in two particular aspects. On one hand, a data center can scale to host hundreds of thousands of servers. On the other hand, a single data center can support a variety of applications. Accordingly, it is desired that the network security services can scale up to meet these demands. Conventional schemes place security devices (middleboxes) at a few choke points (e.g., core routers) and rely on routing policy to guarantee middlebox traversal. Coupling routing and security services together complicates troubleshooting and failure recovery since routing and security are operated by different teams. When network scales, the middleboxes can create bottlenecks and have to be upgraded to high-performance yet high-cost devices.
Since data centers have rich computing resources, why not create a large number of software middleboxes to achieve scalability and cost efficiency? We present hybrid security architecture (HSA), a design to decouple security services from routing and allow the integration of hardware and software middleboxes in a complementary way. HSA is more cost-effective and flexible compared to solely using hardware middleboxes. It allows topology and routing changes with minimal impact to security services, and vice versa, thus improving operation and resilience. In particular, HSA does not require modifications to switches and routers. I will explain the framework of HSA, describe the key techniques, present a testbed that is used to validate the design, and discuss future research directions.
Biography:
Kang Xi is Industry Associate Professor in the Department of Electrical and Computer Engineering at Polytechnic Institute of New York University. His research interests include high-speed networks, network resilience, routing, and network security. He received his BS, MS and Ph.D. from Tsinghua University in 1998, 2000 and 2003, respectively, all in Electrical Engineering. Before joining Poly in 2005, he first worked in Huahua Electronics (Beijing, China) as senior design engineer and then worked in Osaka University (Osaka, Japan) as research associate. He owns four US patents and received the ICCCN 2010 best paper award for his work on network resilience.