home

SARNET: Security Autonomous Response with programmable NETworks.

http://sne.science.uva.nl/ http://uva.nl/







Introduction:

In RFC1958 "Architectural principles of the Internet", Brian Carpenter states that : Endpoints should not depend on the confidentiality or integrity of the carriers. Carriers may choose to provide some level of protection, but this is secondary to the primary responsibility of the end users to protect themselves. Several cyber-security incidents showed that end users are not always able to implement the stated responsibility. Also, end-user availability is increasingly being affected by cyber attacks such as (D)DoS attacks. All such events justify the question if the statement regarding the expected protection of carriers, should be revisited, in particular when answering the question what it means to allow carriers to provide some level of protection. As the Internet is constructed using many infrastructures from different carriers, finding answers to such a question is not trivial. Important research question would be:
  • What incentives would drive the need to have carriers collaborate to provide protection?
    If such need can be identified, important sub-questions are:
    • What is needed to have carriers and end user networks collaborate?
    • How can carriers and end user networks trust each other when detecting incidents and providing protective responses in an automated way?
  • What are the best defence tactics given the policies, motivations, costs, benefits of the carriers and the observations and capabilities of the infrastructure?
  • How can Software Defined Networks and enhanced observation techniques help to mitigate attacks in a distributed setting?

Questions are part of a Dutch research project, headed by University of Amsterdam involving TNO, Ciena and Air France - KLM, called "Security Autonomous Response NETwork" (SARNET). This project investigates how detection and protection concepts, using SDN / NFV based technologies, can provide autonomous protection against various types of cyber attacks. Part of this research considers what it would need to organize a SARNET as an alliance of collaborating carrier and end user networks. This working meeting will present and discuss the SARNET concepts and will subsequently focus on the question how to organize a SARNET Alliance, where participating community partners form a Service Provider Group creating the necessary trust enabling collaboration [3]. The project consists of two subprojects:
  • Security Autonomous Response with programmable NETworks.
    • Investigates questions on best ways to provide autonomous responses to cyber-security threats by automated security state monitoring using software defined, virtualized detection & defense mechanisms.
    • 2 PhD students, programmer, collaboration: Air France KLM, CIENA, TNO, UvA
  • Creating a SARNET Alliance
    • Investigates questions on how to organize SARNET functionalities across multiple Service Provider- and Enterprise Networks, where each participant must trust other participants to correctly detect and mitigate cyber threats, whilst authorizing each other to be involved.
    • 1 PhD student, collaboration: Air France – KLM, COMMIT, UvA CS + Legal faculty

Structure of the project:

Project Structure


Status


Lab Environment

FieldLab - KLM - SURFnet - UvA first light Feb 2, 2017 DTN @ KLM enabled by CIENA photonics OpenLab @ UvA CIENA 8700 & photonics



References:

  1. Leon Gommans, John Vollbrecht, Betty Gommans - de Bruijn, Cees de Laat, "The Service Provider Group Framework; A framework for arranging trust and power to facilitate authorization of network services.", Future Generation Computer Systems, (Accepted paper), June 2014
  2. Leon Gommans, "Multi-Domain Authorization for e-Infrastructures", UvA, Dec 2014.
  3. Internet2 2012 session: "Trust Framework for Multi-Domain Authorization".
    • speakers: Leon Gommans , John Vollbrecht, chair:  Cees de Laat.

Outcome:


2017-10-17 Lightning talk @ Internet2 TechEx, San Francisco: "Data Logistics for Logistic Data, Moving from Internet Exchanges to Data Exchanges."

2017-10-16 Presentation & demo @ Internet2 TechEx, San Francisco by Marc Lyonnais, Gauravdeep Shami, Cees de Laat: "SARNET: Secure Autonomous Response Networks".

2017-10-05 Presentation at Big-Data congress TNO by Ameneh Deljoo, Seats2Meet, Utrecht: "Secure Trustworthy Digital Market Places (STDMPs)."

2017-10-04 Presentation at dcypher congress, MediaPlaza Utrecht (NL): "Secure Big Data Processing."

2017-08-28
Industrial event: The Air Force Information Technology & Cyberpower Conference, August 28-30 2017, Montgomery, Alabama USA

2017-08-08 Presentation for the National Research Platform, Bozeman (MT), USA: "Global Collaborative Research Groups (CRGs); The Dutch Big Data Hub infrastructure inspired by PRP as model for European Open Science Cloud".

2017-08-07
Industrial event: TechNet Augusta, August 7-11 2017 Augusta, Georgia USA

2017-07-03 Presentation: Ralph Koning at IEEE Conference on Network Softwarization (Netsoft 2017 - SNS 2017), Bologna, Italy, "Measuring the effectiveness of SDN mitigations against cyber attacks".

2017-06-23 Data Logistics 4 Logistics Data project approved by NWO, June 23, 2017. Here the NWO Dutch press release.

2017-06-16 SARNET progress session June 16, 2017.

2017-06-13
Industrial event: Defensive Cyber Operations Symposium (DISA) June 13-15 2017, Baltimore, Maryland USA

2017-05-31
Short paper: Nick Buraglio, Ralph Koning, Cees de Laat, Paola Grosso, "Enriching network and security events for event detection", Conference proceedings TNC2017, https://tnc17.geant.org/core/presentation/30.

2017-05-31
Presentation at TNC2017 "Securing the Infrastructure" session by Nick Burlagio, ESnet on: "Enriching network and security events for event detection".

2017-05-04
Paper: Ralph Koning, Ben de Graaff, Robert Meijer, Cees de Laat, Paola Grosso, "Measuring the effectiveness of SDN mitigations against cyber attacks",  IEEE Conference on Network Softwarization (Netsoft 2017 - SNS 2017), Bologna, Italy, July 3-7, 2017.

2017-05-03
Industrial event: Enterprise Innovation Symposium May 3-4, 2017, Atlanta, Georgia USA

2017-04-25 Session organized by Cees de Laat (chair), Rodney Wilson and Leon Gommans at Internet2 Summit, Washington, April 25 2017; "Distributed Big Data Assets Sharing & Processing."

2017-04-24
Industrial event: NATO Industry Conference & TechNet International (NITEC) 2017, 24-26 April, Ottawa, Ontario Canada

2017-04-10 Paper: Ralph Koning, Nick Buraglio, Cees de Laat, Paola Grosso, "CoreFlow: Enriching Bro security events using network traffic monitoring data.", Special section on high-performance networking for distributed data-intensive science, SC16", Future Generation Computer Systems, <accepted for publication>

2017-03-22 Presentation @ ICT.OPEN by Ralph Koning: "Determining the effectiveness of countermeasures against cyber attacks."

2017-03-22 Poster @ ICT.OPEN: Ralph Koning, Ben de Graaff, Robert Meijer, Cees de Laat, Paola Grosso, "Determining the effectiveness of countermeasures against cyber attacks."
Won best poster presentation award!

2017-03-21 Invited talk: OSA Optical Fiber Communication Conference and Exposition, 19-23 March 2017, Los Angeles, California, session 16:30–18:30, Room 406AB, Tu3E • Networks Operating in Challenging Environment: "Enabling E-Science Applications with Dynamic Optical Networks: Secure Autonomous Response Networks."

2017-03-21
Paper: R. Koning, A. Deljoo, S. Trajanovski, B. de Graaff, P. Grosso, L. Gommans, T. van Engers, F. Fransen, R. Meijer, R. Wilson, and C. de Laat, "Enabling E-Science Applications with Dynamic Optical Networks: Secure Autonomous Response Networks",  OSA Optical Fiber Communication Conference and Exposition, 19-23 March 2017, Los Angeles, California.

2017-02-24 Report from NWO/STW Workshop “ICT with Industry 2016” Lorenz Centre Leiden, Nov. 7-11th 2016; Prof. dr. Tom M. van Engers (UvA), Prof. dr. Robert Meijer (UvA, TNO), Dr. ing. Leon Gommans (Air France KLM Group ICT Technology Office R&D, UvA), Dr. Kees Nieuwenhuis (Thales Nederland B.V., CTO Office), "Trusted Big Data Sharing for Aircraft MRO using a Secure Digital Market Place mechanism."

2017-02-23 Presentation by Cees de Laat at On*Vector workshop, UCSD, San Diego, Feb 22-23, 2017, "Smart and Secure Cyber Infrastructure."

2017-02-22 Presentation: Leon Gommans: "Trusted Sharing of Big Data Assets in Cooperative Working Groups", On*Vector workshop, UCSD, San Diego, Feb 22-23, 2017.

2017-02-21 Presentation: Leon Gommans: "Trusted Sharing of Big Data Assets in Cooperative Working Groups", Pacific Research Platform workshop, UCSD, San Diego, Feb 21, 2017.

2017-02-05
Presentation: Tom van Engers: "What is Going on: Utility-based Plan Selection in BDI Agents", KnowProS 2017 workshop, AAAI-17, San Francisco feb 5, 2017.

2017-02-05
Paper: Ameneh Deljoo, Tom van Engers, Leon Gommans and Cees de Laat, "What is Going on: Utility-based Plan Selection in BDI Agents", KnowProS 2017 workshop, AAAI-17, San Francisco feb 5, 2017.

2016-12-14
Poster @ JURIX 2016, 14-16 december 2016, Nice: Robert van Doesburg  and Tom van Engers, "Perspectives on the Formal Representation of the Interpretation of Norms".

2016-12-08 DoE workshop on Smart High-Performance Networks – Towards a New Generation of Intelligent Networking Infrastructure for Distributed Science Environment, Rockville MD, USA, Keynote by Cees de Laat: "Smart Networks and Smart Applications; where we are today, role of SDN, emphasis on cross discipline integration."

2016-11-14 Presentation at Dutch Research Consortium booth by Leon Gommans: Leon Gommans, Ameneh Deljoo, Ralph Koning, Ben de Graaff, Tristan Suerink, Gerben van Malenstein, Axel Berg, Erik Huizer, Rob Meijer, Tom van Engers, Cees de Laat, "Trusted Big Data Sharing; Researching alliances and infrastructure models across multiple autonomous organizations".

2016-11-14 SC16 poster: Ameneh Deljoo, Leon Gommans, Ralph Koning, Tom van Engers (UvA), Cees de Laat, "Simulating a SARNET Alliance Using ABM".

2016-11-14 SC16 poster: Ralph Koning, Ben de Graaff, Paola Grosso, Robert Meijer, Cees de Laat. "Autonomous mitigation of Cyber Attacks".

2016-11-14 SC16 poster: Ralph Koning, Ameneh Deljoo, Robert Meijer, Leon Gommans, Tom van Engers, Rodney Wilson, Cees de Laat, "SARNET - Secure Autonomous Response Networks".

2016-11-14 SC16 poster: Leon Gommans, Ameneh Deljoo, Ralph Koning, Ben de Graaff, Tristan Suerink, Paola Grosso, Gerben van Malenstein, Axel Berg, Erik Huizer, Rob Meijer, Tom van Engers, Cees de Laat, "Trusted Multidomain Big Data Sharing using HPCN Researching the value of future Internet capabilities".

2016-11-14 SC16 demo: SARNET Autonomous Mitigation of Cyber Attacks.

2016-11-13 Paper: Ralph Koning, Nick Buraglio, Cees de Laat, Paola Grosso, "CoreFlow: Enriching Bro security events using network traffic monitoring data", SC16 Salt Lake City, INDIS workshop, Nov 13, 2016.

2016-11-13 Presentation at SC16 Salt Lake City, INDIS workshop by Ralph Koning: "CoreFlow Enriching Bro security events using network traffic monitoring data".

2016-10-05 KLM-Amsterdam, SARNET workshop: "Autonomous Management of Cyber Threats and Attacks."

2016-10-04 Presentation at NWO stakeholdermeeting for Big Data in logistics ", Utrecht, Leon Gommans: "Value of Future Internet capabilities: Multi-domain (Big-) Data Sharing Models".

2016-10-03 Presentation at "Data & City", City Hall, Amsterdam, Leon Gommans: "Value of Future Internet capabilities: Multi-domain Big Data Sharing Models".

2016-09-20 Presentation at "Complexity and Law workshop" at CCS16 Ameneh Deljoo, Tom van Engers, Leon Gommans, Cees de Laat, "Regulating Complex Adaptive Systems: Towards a Computational Model for Simulating the Effects of Rules".

2016-09-19 Short paper: Ameneh Deljoo, Tom van Engers, Leon Gommans, Cees de Laat, "Regulating Complex Adaptive Systems: Towards a Computational Model for Simulating the Effects of Rules", short paper to "Complexity and Law workshop" at CCS16 (The Conference on Complex Systems 2016), see http://www.ccs2016.org/.

2016-08-24 Presentation by Ralph Koning at Lawrence Berkeley National Lab for the ESNET team: "CoreFlow: Enriching Bro security events using network traffic monitoring data".

2016-06-13 Presentation at KLM and Poalo Alto Network company: Ameneh Deljoo, "SARNET Alliance".

2016-06-10 Paper: Ralph Koning, Ben de Graaff, Cees de Laat, Robert Meijer, Paola Grosso, "Analysis of Software Defined Networking defences against Distributed Denial of Service attacks", The IEEE International Workshop on Security in Virtualized Networks (Sec-VirtNet 2016) at the 2nd IEEE International Conference on Network Softwarization (NetSoft 2016), Seoul Korea, June 10, 2016.

2016-06-10 Presentation at Sec-VirtNet at NetSoft, June 10 2016, Seoul: Ralph Koning, Ben de Graaff, Cees de Laat, Robert Meijer, Paola Grosso, "Interactive Analysis of SDN-driven defence against Distributed Denial of Service attacks".

2016-04-22 Presentation at NWO workshop “Big Data Small World” on April 22, 2016 in the Amsterdam ArenA: Leon Gommans, "Organizing Trust to enable Big Data Sharing".

2016-04-15 Presentation at ADS Coffee and Data Event at the VU on April 15, 2016: Leon Gommans, "Smart Industry Future Internet: The Fieldlab approach to explore its value".

2016-02-24 Poster at the 8th International Conference on Agents and Artificial Intelligence ICAART 2016: Ameneh Deljoo, Leon Gommans, Tom van Engers, Cees de Laat, "An Agent-Based Framework for Multi-Domain service networks: Eduroam case study".

2016-02-24 Paper: Ameneh Deljoo, Leon Gommans, Tom van Engers, Cees de Laat, "An Agent-Based Framework for Multi-Domain service networks: Eduroam case study", In Proceedings of the 8th International Conference on Agents and Artificial Intelligence ICAART 2016 - Volume 1, pages 275-280.

2016-02-24
ICT.Open Poster: Ameneh Deljoo, Leon Gommans, Tom van Engers, Cees de Laat, "An Agent-Based Framework for Multi-Domain service networks: Eduroam case study".

2016-02-04 Position paper at NSF Workshop on Software-defined Infrastructure and Software-defined Exchanges, Feb 4-5, Washington DC: Ameneh Deljoo, Leon Gommans, Cees de Laat, "The Service Provider Group Framework.".

2016-01-27 Position paper at NSF workshop on Applications and Services in the year 2021, Jan 27-27, Washington DC: Ameneh Deljoo, Leon Gommans, Cees de Laat, "The Service Provider Group Framework.".

2016-01-14 Presentation at KLM and CGI: Ameneh Deljoo, "Creating a SARNET Alliance by applying the Service Provider Group Framework and using the Ciena/GENI testbed".

2015-11-16 SC15 Poster: Ralph Koning, Ameneh Deljoo, Robert Meijer, Leon Gommans, Tom van Engers, Rodney Wilson, Cees de Laat, "SARNET Secure Autonomous Response Networks".

2015-11-16 SC15 Poster: Ralph Koning, Ben de Graaff, Paola Grosso, Robert Meijer, Cees de Laat, "Interactive Analysis of Cyber Defence Mechanisms Against DDoS Attacks".

2015-11-16
SC15 demo: SARNET Interactive touchtable SDN demonstration: https://sarnet.uvalight.net

2015-12-11
CineGrid 2015 workshop, UCSD, Qualcomm Institute, San Diego: "SARNET: Security Autonomous Response with programmable NETworks."

2015-10-16 Presentation at Pacific Research Platform (PRP) workshop, UCSD, Qualcomm Institute, San Diego: Leon Gommans, "Researching Future Networking".

2015-10-15
Presentation at Pacific Research Platform (PRP) workshop, UCSD, Qualcomm Institute, San Diego: Cees de Laat, "SARNET: Security Autonomous Response with programmable NETworks."

2015-08-01 Presentation by dr. Leon Gommans at KLM kennis session, "Applying the Service Provider Group Framework to Future Inter-Networking".

2015-08-01
Presentation at KLM, Amsterdam (NL), knowledge session SARNET: Cees de Laat, "Smart Cyber Infrastructure for Big Data Processing."

2015-07-01 Interview door Leendert van der Ent met Leon Gommans, Cees de Laat in IPN I/O Magazine juni 2015, "Het netwerk als zwaarddanser".

2015-04-29 Session at I2 Global summit, Washington, chaired by Cees de Laat: "Creating a SARNET Alliance".

2015-02-01 Paper: Leon Gommans, John Vollbrecht, Betty Gommans - de Bruijn, Cees de Laat, "The Service Provider Group Framework; A framework for arranging trust and power to facilitate authorization of network services.", Future Generation Computer Systems, Vol.45, pp 176-192, Mar 2015.
_ __________