Skip to Main Content
 

Global Search Box

 
 
 
 

Files

File List


Thesis_final.pdf (1.16 MB)

ETD Abstract Container

Abstract Header

SECURE MIDDLEWARE FOR FEDERATED NETWORK PERFORMANCE MONITORING

Kulkarni, Shweta Samir
http://rave.ohiolink.edu/etdc/view?acc_num=osu1366333088

Abstract Details

2013, Master of Science, Ohio State University, Computer Science and Engineering.
Multi-domain Network performance monitoring (NPM) frameworks such as perfSONAR are being widely deployed in high-performance computing and other communities that support large-scale data movements. These frameworks allow end-to-end performance monitoring across domains. Collected measurements can be queried through web-service interfaces to analyze network paths for the purposes of diagnosing performance bottleneck issues, anomaly event detection and network weather forecasting. Due to a massive surge in use-cases such as big-data analytics, enterprises are increasingly supporting large-scale data movements as well. With mounting data movements across enterprises, troubleshooting network problems across domains has become even more complex. Deploying a multi-domain NPM framework such as perf-SONAR could therefore greatly benefit enterprise environments. perfSONAR services and the measurements data have been made publicly accessible so as to benefit the networking research communities. However, this renders current implementation of perfSONAR inapt to be hosted in an enterprise environment from a security point of view. In an enterprise environment, security mechanisms such as policy-driven access to related performance monitoring services are important to protect measurement resources and data. This thesis presents a secure middleware framework with a policy-engine which leverages Shibboleth, an open-source identity management implementation for user-to-service authentication. The authentication scheme is coupled with a novel approach of using an "Entitlement service" for federated authorization decisions to enforce access policies for network performance monitoring services. The policy-engine further interfaces with a meta-scheduler for prioritization of measurement requests when there is contention for measurement resources. This thesis also features a service-to-service mutual authentication capability realized using RESTful API. We validate our secure middleware in a federated multi-domain NPM infrastructure involving resources from three institutions and their users. Lastly, we perform threat-modeling and security risk assessment of the multi-domain deployment following National Institute of Standards and Technology (NIST) standards.
Rajiv Ramnath (Advisor)
Prasad Calyam (Committee Member)
Jayashree Ramanathan (Committee Member)
64 p.
Computer Engineering
multi-domain measurements, secure middleware; federated identity; entitlement service; enterprise access policy

Recommended Citations

Citations

  • Kulkarni, S. S. (2013). SECURE MIDDLEWARE FOR FEDERATED NETWORK PERFORMANCE MONITORING [Master's thesis, Ohio State University]. OhioLINK Electronic Theses and Dissertations Center. http://rave.ohiolink.edu/etdc/view?acc_num=osu1366333088

    APA Style (7th edition)

  • Kulkarni, Shweta. SECURE MIDDLEWARE FOR FEDERATED NETWORK PERFORMANCE MONITORING. 2013. Ohio State University, Master's thesis. OhioLINK Electronic Theses and Dissertations Center, http://rave.ohiolink.edu/etdc/view?acc_num=osu1366333088.

    MLA Style (8th edition)

  • Kulkarni, Shweta. "SECURE MIDDLEWARE FOR FEDERATED NETWORK PERFORMANCE MONITORING." Master's thesis, Ohio State University, 2013. http://rave.ohiolink.edu/etdc/view?acc_num=osu1366333088

    Chicago Manual of Style (17th edition)

osu1366333088
675
© 2013, all rights reserved.
This open access ETD is published by The Ohio State University and OhioLINK.