Enforcing context-aware BYOD policies with in-network security

Adam Morrison; Lei Xue; Ang Chen; Xiapu Luo

Enforcing context-aware BYOD policies with in-network security

Adam Morrison, Lei Xue, Ang Chen, Xiapu Luo

Research output: Unpublished conference presentation (presented paper, abstract, poster) › Conference presentation (not published in journal/proceeding/book) › Academic research › peer-review

6 Citations (Scopus)

Abstract

Bring Your Own Device, or BYOD, has become the new norm for many enterprise networks; but it also raises security concerns. We present our vision of programmable in-network security, and sketch an initial system design, Poise. Poise has a high-level policy language that can express a wide range of existing and new security policies. These policies can then be compiled to device configurations to collect device/apps information, as well as switch programs in P4 that enforce security inside the network. Our initial results seem promising—Poise runs with reasonable overhead, and it successfully detects policy violations for seven useful BYOD policies.

Original language	English
Pages	1-7
Number of pages	7
Publication status	Published - 2018
Event	10th USENIX Workshop on Hot Topics in Cloud Computing, HotCloud 2018 - Boston, United States Duration: 9 Jul 2018 → …

Conference

Conference	10th USENIX Workshop on Hot Topics in Cloud Computing, HotCloud 2018
Country/Territory	United States
City	Boston
Period	9/07/18 → …

Keywords

BYOD
Network Security

ASJC Scopus subject areas

Computer Networks and Communications
Software

Cite this

@conference{eced1c7b127146ae85040314bb3cfc44,

title = "Enforcing context-aware BYOD policies with in-network security",

abstract = "Bring Your Own Device, or BYOD, has become the new norm for many enterprise networks; but it also raises security concerns. We present our vision of programmable in-network security, and sketch an initial system design, Poise. Poise has a high-level policy language that can express a wide range of existing and new security policies. These policies can then be compiled to device configurations to collect device/apps information, as well as switch programs in P4 that enforce security inside the network. Our initial results seem promising—Poise runs with reasonable overhead, and it successfully detects policy violations for seven useful BYOD policies.",

keywords = "BYOD, Network Security",

author = "Adam Morrison and Lei Xue and Ang Chen and Xiapu Luo",

note = "Funding Information: Acknowledgements We thank Ryan Beckett for his feedback on the policy language, and the anonymous reviewers for their insightful comments; we acknowledge support from the Hong Kong GRF (152279/16E) and the Hong Kong RGC Project (CityU C1008-16G). Publisher Copyright: {\textcopyright} 2018 USENIX Association. All rights reserved. Copyright: Copyright 2020 Elsevier B.V., All rights reserved.; 10th USENIX Workshop on Hot Topics in Cloud Computing, HotCloud 2018 ; Conference date: 09-07-2018",

year = "2018",

language = "English",

pages = "1--7",

}

Enforcing context-aware BYOD policies with in-network security. / Morrison, Adam; Xue, Lei; Chen, Ang et al.
2018. 1-7 Paper presented at 10th USENIX Workshop on Hot Topics in Cloud Computing, HotCloud 2018, Boston, United States.

Research output: Unpublished conference presentation (presented paper, abstract, poster) › Conference presentation (not published in journal/proceeding/book) › Academic research › peer-review

TY - CONF

T1 - Enforcing context-aware BYOD policies with in-network security

AU - Morrison, Adam

AU - Xue, Lei

AU - Chen, Ang

AU - Luo, Xiapu

N1 - Funding Information: Acknowledgements We thank Ryan Beckett for his feedback on the policy language, and the anonymous reviewers for their insightful comments; we acknowledge support from the Hong Kong GRF (152279/16E) and the Hong Kong RGC Project (CityU C1008-16G). Publisher Copyright: © 2018 USENIX Association. All rights reserved. Copyright: Copyright 2020 Elsevier B.V., All rights reserved.

PY - 2018

Y1 - 2018

N2 - Bring Your Own Device, or BYOD, has become the new norm for many enterprise networks; but it also raises security concerns. We present our vision of programmable in-network security, and sketch an initial system design, Poise. Poise has a high-level policy language that can express a wide range of existing and new security policies. These policies can then be compiled to device configurations to collect device/apps information, as well as switch programs in P4 that enforce security inside the network. Our initial results seem promising—Poise runs with reasonable overhead, and it successfully detects policy violations for seven useful BYOD policies.

AB - Bring Your Own Device, or BYOD, has become the new norm for many enterprise networks; but it also raises security concerns. We present our vision of programmable in-network security, and sketch an initial system design, Poise. Poise has a high-level policy language that can express a wide range of existing and new security policies. These policies can then be compiled to device configurations to collect device/apps information, as well as switch programs in P4 that enforce security inside the network. Our initial results seem promising—Poise runs with reasonable overhead, and it successfully detects policy violations for seven useful BYOD policies.

KW - BYOD

KW - Network Security

UR - https://www.scopus.com/pages/publications/85077285388

M3 - Conference presentation (not published in journal/proceeding/book)

AN - SCOPUS:85077285388

SP - 1

EP - 7

T2 - 10th USENIX Workshop on Hot Topics in Cloud Computing, HotCloud 2018

Y2 - 9 July 2018

ER -

Enforcing context-aware BYOD policies with in-network security

Abstract

Conference

Keywords

ASJC Scopus subject areas

Other files and links

Fingerprint

Cite this