Skip to Main Content
Frequently Asked Questions
Submit an ETD
Global Search Box
Need Help?
Keyword Search
Participating Institutions
Advanced Search
School Logo
Files
File List
Thesis_final.pdf (1.16 MB)
ETD Abstract Container
Abstract Header
SECURE MIDDLEWARE FOR FEDERATED NETWORK PERFORMANCE MONITORING
Author Info
Kulkarni, Shweta Samir
Permalink:
http://rave.ohiolink.edu/etdc/view?acc_num=osu1366333088
Abstract Details
Year and Degree
2013, Master of Science, Ohio State University, Computer Science and Engineering.
Abstract
Multi-domain Network performance monitoring (NPM) frameworks such as perfSONAR are being widely deployed in high-performance computing and other communities that support large-scale data movements. These frameworks allow end-to-end performance monitoring across domains. Collected measurements can be queried through web-service interfaces to analyze network paths for the purposes of diagnosing performance bottleneck issues, anomaly event detection and network weather forecasting. Due to a massive surge in use-cases such as big-data analytics, enterprises are increasingly supporting large-scale data movements as well. With mounting data movements across enterprises, troubleshooting network problems across domains has become even more complex. Deploying a multi-domain NPM framework such as perf-SONAR could therefore greatly benefit enterprise environments. perfSONAR services and the measurements data have been made publicly accessible so as to benefit the networking research communities. However, this renders current implementation of perfSONAR inapt to be hosted in an enterprise environment from a security point of view. In an enterprise environment, security mechanisms such as policy-driven access to related performance monitoring services are important to protect measurement resources and data. This thesis presents a secure middleware framework with a policy-engine which leverages Shibboleth, an open-source identity management implementation for user-to-service authentication. The authentication scheme is coupled with a novel approach of using an "Entitlement service" for federated authorization decisions to enforce access policies for network performance monitoring services. The policy-engine further interfaces with a meta-scheduler for prioritization of measurement requests when there is contention for measurement resources. This thesis also features a service-to-service mutual authentication capability realized using RESTful API. We validate our secure middleware in a federated multi-domain NPM infrastructure involving resources from three institutions and their users. Lastly, we perform threat-modeling and security risk assessment of the multi-domain deployment following National Institute of Standards and Technology (NIST) standards.
Committee
Rajiv Ramnath (Advisor)
Prasad Calyam (Committee Member)
Jayashree Ramanathan (Committee Member)
Pages
64 p.
Subject Headings
Computer Engineering
Keywords
multi-domain measurements, secure middleware
;
federated identity
;
entitlement service
;
enterprise access policy
Recommended Citations
Refworks
EndNote
RIS
Mendeley
Citations
Kulkarni, S. S. (2013).
SECURE MIDDLEWARE FOR FEDERATED NETWORK PERFORMANCE MONITORING
[Master's thesis, Ohio State University]. OhioLINK Electronic Theses and Dissertations Center. http://rave.ohiolink.edu/etdc/view?acc_num=osu1366333088
APA Style (7th edition)
Kulkarni, Shweta.
SECURE MIDDLEWARE FOR FEDERATED NETWORK PERFORMANCE MONITORING.
2013. Ohio State University, Master's thesis.
OhioLINK Electronic Theses and Dissertations Center
, http://rave.ohiolink.edu/etdc/view?acc_num=osu1366333088.
MLA Style (8th edition)
Kulkarni, Shweta. "SECURE MIDDLEWARE FOR FEDERATED NETWORK PERFORMANCE MONITORING." Master's thesis, Ohio State University, 2013. http://rave.ohiolink.edu/etdc/view?acc_num=osu1366333088
Chicago Manual of Style (17th edition)
Abstract Footer
Document number:
osu1366333088
Download Count:
675
Copyright Info
© 2013, all rights reserved.
This open access ETD is published by The Ohio State University and OhioLINK.