For the next Trusted CI webinar, Duke University's Jeff Chase and RENCI's Paul Ruth are presenting the talk, "Toward Security-Managed Virtual Science Networks" on April 23, 2018, at 11 am (Eastern).
Data-intensive science collaborations increasingly provision dedicated network circuits to share and exchange datasets securely at high speed, leveraging national-footprint research fabrics such as ESnet or I2/AL2S. This talk first gives an overview of new features to automate circuit interconnection of science resources across campuses and in network cloud testbeds, such as GENI (e.g., ExoGENI) and NSFCloud (e.g., Chameleon). Taken together, these tools can enable science teams to deploy secure bandwidth-provisioned virtual science networks that link multiple campuses and/or virtual testbed slices, with integrated in-network processing on virtual cloud servers.
Next, we outline a software framework to address security issues arising in these virtual science networks. We show how to deploy virtual science networks with integrated security management programmatically, using software-defined networking and network function virtualization (SDN/NFV). As an example, we describe a prototype virtual Network Service Provider that implements SDX-like functionality for policy-based interconnection of its customers and incorporates out-of-band monitoring of permitted flows using Bro intrusion detection instances hosted on cloud VMs. We also describe how to use a new logical trust system called SAFE to express and enforce access policies for edge peering and permitted flows and to validate IP prefix ownership and routing authority (modeling RPKI and BGPSEC protocols) in virtual science networks.
You can learn more about the presenters and register here (please be sure to check spam/junk folder for registration confirmation email).