Software-defined security for next generation networks

Date and time: 
Thursday, April 4, 2019 - 11:00
220 Deschutes
Vyas Sekar

The state of network security today is quite abysmal. Security breaches and downtime of critical infrastructures continue to be the norm rather than the exception, despite the dramatic rise in spending on network security. Attackers today can easily leverage a distributed and programmable infrastructure of compromised machines (or botnets) to launch large-scale and sophisticated attacks. In contrast, the defenders of our critical infrastructures are crippled as they rely on fixed capacity, inflexible, and expensive hardware appliances. This forces them into adopting weak and static security postures, as they face unpleasant tradeoffs between false positives and false negatives. Continuing along this trajectory means that attackers will always hold the upper hand as defenders are stifled by the inflexible and impotent tools in their arsenal. The goal of this project is to reverse this long-standing asymmetry and fundamentally change the dynamics of this attack- defense equation. Instead of developing attack-specific defenses, we focus on empowering defenders with the right tools and abstractions to tackle the constantly evolving attack landscape. To this end, we envision a new software-defined approach to network security, where we can rapidly develop and deploy novel in-depth defenses and dynamically customize the network’s security posture to the current operating context. Realizing this vision raises fundamental challenges that transcend conventional networking and security technologies and necessitates a radical rethink across the entire "stack”.


Vyas Sekar is the Angel Jordan Early Career Chair Associate Professor in the ECE Department at Carnegie Mellon University, with a courtesy appointment in the Computer Science Department. His research is in the area of networking, security, and systems and spans network appliances or middleboxes, network management, network security, Internet video, and datacenter networks. Vyas received a B.Tech from the Indian Institute of Technology, Madras where he was awarded the President of India Gold Medal, and a Ph.D from Carnegie Mellon University. He is the recipient of the NSF CAREER award and the ACM SIGCOMM Rising Star Award. His work has received best paper awards at ACM Sigcomm, ACM CoNext, and ACM Multimedia, the NSA Science of Security prize, the CSAW Applied Security Research Prize. His work has also been fast-tracked and invited for publication in the Communications of the ACM and the IEEE Transactions on Networking. He has published papers in top-tier networking/systems/security conferences such as SIGCOMM, NSDI, IEEE Security and Privacy, SIGMETRICS, IMC, CoNext and 60+ peer-reviewed papers overall. He has served on numerous program committees including SIGCOMM, NSDI, IEEE Symposium on Security and Privacy, ACM CCS, ACM Internet Measurement Conference, ISOC NDSS, co-chaired the ACM CoNext Student Workshop, and has served on the organization committees of ACM SIGCOMM and ACM CoNext.