The paper chronicling our adventures with Bro IDS on home routers just got published in the latest issue of SIGCOMM CCR. Here’re the details:
Abstract: With only access billing no longer ensuring profits, an ISP’s growth now relies on rolling out new and differentiated services. However, ISPs currently do not have a well-defined architecture for rapid, cost-effective, and scalable dissemination of new services. We present iSDF, a new SDN-enabled framework that can meet an ISP’s service delivery constraints concerning cost, scalability, deployment flexibility, and operational ease. We show that meeting these constraints necessitates an SDN philosophy for a centralized management plane, a decoupled (from data) control plane, and a programmable data plane at customer premises. We present an ISP service delivery framework (iSDF) that provides ISPs a domain-specific API for network function virtualization by leveraging a programmable middlebox built from commodity home-routers. It also includes an application server to disseminate, configure, and update ISP services. We develop and report results for three diverse ISP applications that demonstrate the practicality and flexibility of iSDF, namely distributed VPN (control plane decisions), pay-per-site (rapid deployment), and BitTorrent blocking (data plane processing).
Published in: ACM SIGCOMM Computer Communication Review (Volume 44 Issue 3, July 2014)
Combined with the paper in IEEE COMST about botnet detection that was published last year, this yields a grand-total of 2 publications more than I thought would ever bear my name. In any case, my former colleagues are continuing their excellent work on the project which can be tracked at the iSDF wiki-page.Tags: ACM, Bro IDS, Code, IEEE, Linux, Open Source, OpenWRT, Publication, Security, Shrimp, SysNet, Technology