SyNeRCyS@Illinois

[Sibin Mohan]

Systems Security Research Group at the University of Illinois


Resilient Real-Time Networks with QoS Guarantees using NFV

Team Members

Collaborators

Overview

Software defined Networking (SDN), a paradigm for separating control plane from the forwarding plane is a standard today in Enterprise and Data Center Networks. In addition to a global view, SDN offers increased programmability and control over the control plane of the network.

We propose the use of SDNs for industrial and control networks. However, there are still gaps in SDN before they can be used for critical networks. For example, there are concerns about network consistency during security-incident induced updates (e.g., redirecting flows around areas of a network thought to be compromised, or under DDoS attack.) Further, SDNs still do not support provision of end-to-end real-time quality-of-service (QoS) that is needed to ensure on-time delivery of real-time messaging. Existing real-time QoS mechanisms in literature do not have the manageability that SDNs bring. Current state of the practice for ensuring reliable and timely delivery of critical control packets is mostly achieved through over-provisioning. In this activity, we aim to design and develop dynamic real-time QoS mechanisms for energy delivery control networks that are using SDN. Hence, we will develop mechanisms, algorithms and protocols for achieving QoS with real-time (i.e. end-to-end delay) guarantees and prioritization. Further, we will also investigate how to maintain isolation guarantees, especially among critical and non-critical flows during changes in the network (disruptions, failures, configuration changes etc.) These are essential for network resiliency, where non-critical connectivity services gracefully degrade in the face of security disruptions, but the network provides essential functions throughout the security incident.

In addition to programmable control planes provided by SDN, we would be moving to the a framework for Network Function Virtualization (NFV) by moving switch and network design decisions from the Chip/ASIC designer to the programmer. This enables more control over the data plane as well. Using switches supporting the P4 programming language, the designer would be able to debug and optimize networks by answering questions such as:

These design choices enable the programmers have more control over the network, a crucial property to make a case for using NFV’s in critical infrastructure networks.

Funding

Cyber Resilient Energy Delivery Consortium (CREDC)