Net Security

Agile & Adaptive Network Security for Edge Cloud Networks — Researcher Amr Osman (PhD Student)

Motivation

  • Future-generation networks are increasingly expanding to include untrusted edge devices. Thus, the security parameter is dynamically changing. How can we adapt the network isolation & security mechanisms in real-time with minimal impact on utility and performance?
  • Current network attacks and Advanced Persistent Threats (APTs) have shifted from automated attacks to highly-targeted multi-stage attacks with adaptive strategies and stealthy lateral movements that originate internally. How can we perform defense-in-depth, localize and isolate such attackers?

Use-case

  • Smart home and IoT networks
  • Microservice networks in edge clouds

Methods

  • Leveraging softwarized networks and programmable networking to reduce the attack surface, and analyze network security metrics.
  • Develop new approaches to approximate the origins and targets of stealthy polymorphic attacks that evade traditional IPS/IDS.

Future

  • Develop & Improve zero-trust networking strategies and their incremental deployment.
  • Develop dynamic end-to-end segmentation across multiple administrative domains in a way that is transparent to end devices.
smartphonesegment Amr Osman
Smarthome Network Microsegmentation
architecture Amr Osman
Mitigating Stealthy Network Attacks

Publications on this topic


Mitigating Internal, Stealthy DoS Attacks in Microservice Networks
Osman, A.; Born, J.; Strufe, T.
2021. Stabilization, Safety, and Security of Distributed Systems : 23rd International Symposium, SSS 2021, Virtual Event, November 17–20, 2021, Proceedings. Ed.: C. Johnen, 500–504, Springer. doi:10.1007/978-3-030-91081-5_37
Security for mobile edge cloud
Hanisch, S.; Osman, A.; Li, T.; Strufe, T.
2020. Computing in Communication Networks. Ed.: F.H.P. Fitzek, 371–385, Academic Press. doi:10.1016/B978-0-12-820488-7.00038-4
Transparent Microsegmentation in Smart Home IoT Networks
Osman, A.; Wasicek, A.; Köpsell, S.; Strufe, T.
2020. 3rd USENIX Workshop on Hot Topics in Edge Computing (HotEdge 20), USENIX Association
SeCoNetBench: A modular framework for Secure Container Networking Benchmarks
Osman, A.; Hanisch, S.; Strufe, T.
2019. IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Stockholm, Sweden, 17-19 June 2019, 21–28, Institute of Electrical and Electronics Engineers (IEEE). doi:10.1109/EuroSPW.2019.00009
Sandnet: Towards High Quality of Deception in Container-Based Microservice Architectures
Osman, A.; Bruckner, P.; Salah, H.; Fitzek, F. H. P.; Strufe, T.; Fischer, M.
2019. ICC 2019 - 2019 IEEE International Conference on Communications (ICC), Shanghai, China, 20-24 May 2019, 1–7, Institute of Electrical and Electronics Engineers (IEEE). doi:10.1109/ICC.2019.8761171