JavaScript is disabled for your browser. Some features of this site may not work without it.
| dc.contributor.author | Zeineddine, Ali Haidar, |
| dc.date.accessioned | 2018-10-11T11:37:00Z |
| dc.date.available | 2018-10-11T11:37:00Z |
| dc.date.issued | 2018 |
| dc.date.submitted | 2018 |
| dc.identifier.other | b21047406 |
| dc.identifier.uri | http://hdl.handle.net/10938/21385 |
| dc.description | Thesis. M.S. American University of Beirut. Department of Computer Science, 2018. T:6715$Advisor : Dr. Wassim El Hajj, Associate Professor, Computer Science ; Committee members : Dr. Ayman Kayssi, Professor, Electrical and Computer Engineering ; Dr. Ahmad Dhaini, Assistant Professor, Computer Science. |
| dc.description | Includes bibliographical references (leaves 130-137) |
| dc.description.abstract | Software-defined networking (SDN) is a newly emerging approach in computer networking which abstracts network control functionalities and enables its direct programmability at the management plane. The fundamental difference between software-defined networks and traditional networks is in the network architecture itself. In SDN, the data-plane is separated from the control-plane. The former is composed of SDN dummy switches that are directly programmable with flow-based rules by a logically centralized controller that resides at the control plane. SDN has evolved tremendously throughout the last few years. Although the two main approaches, proactive approach and reactive approach, were being widely addressed as a framework of communication between the control-plane and the data-plane, a new hybrid approach is emerging which combines the advantages of the proactive approach, in pre-installing the flow rules in the data-plane, and the advantages of the reactive approach, in its ability to dynamically react to network events. This hybrid approach utilizes the potential of the SDN switches to recognize and host state machines. While the trending success of SDN is set to continue, this evolving network paradigm requires a new set of tools and strategies to secure the network elements against intrusions and at the same time maintain its efficiency and reliability. In this text, we take advantage of the hybrid approach of network controllability and management to offload the processing of stateful applications from the control-plane to the data-plane and propose our framework, Stateful Distributed Firewall as a Service in SDN (SDFS), that optimizes a distributed stateful application in the data-plane to transform the SDN network into a one big firewall. While maintaining modularity of the framework, SDFS offers an optimized processing burden distribution of the stateful application in the data-plane among the switches in the network with inherent fault-tolerance mechanisms that eliminate the need for immediate controll |
| dc.format.extent | 1 online resource (xi, 137 leaves) : color illustrations |
| dc.language.iso | eng |
| dc.subject.classification | T:006715 |
| dc.subject.lcsh | Firewalls (Computer security)$Software-defined networking (Computer network technology)$Computer networks -- Security measures.$Computer algorithms.$Mathematical optimization. |
| dc.title | Stateful distributed firewall as a service in SDN - |
| dc.type | Thesis |
| dc.contributor.department | Faculty of Arts and Sciences.$Department of Computer Science, |
| dc.contributor.institution | American University of Beirut. |
