Ying Zhang

PGA: Using Graphs to Express and Automatically Reconcile Network Policies

By: 
Chaithan Prakash, Jeongkeun Lee, Yoshio Turner, Joon-Myung Kang, Aditya Akella, Sujata Banerjee, Charles Clark, Yadi Ma, Puneet Sharma, Ying Zhang
Appears in: 
CCR August 2015

Software Defined Networking (SDN) and cloud automation enable a large number of diverse parties (network operators, application admins, tenants/end-users) and control programs (SDN Apps, network services) to generate network policies independently and dynamically. Yet existing policy abstractions and frameworks do not support natural expression and automatic composition of high-level policies from diverse sources. We tackle the open problem of automatic, correct and fast composition of multiple independently specified network policies.

Network Policy Whiteboarding and Composition

By: 
Jeongkeun Lee, Joon-Myung Kang, Chaithan Prakash, Sujata Banerjee, Yoshio Turner, Aditya Akella, Charles Clark, Yadi Ma, Puneet Sharma, Ying Zhang
Appears in: 
CCR August 2015

We present Policy Graph Abstraction (PGA) that graphically expresses network policies and service chain requirements, just as simple as drawing whiteboard diagrams. Different users independently draw policy graphs that can constrain each other. PGA graph clearly captures user intents and invariants and thus facilitates automatic composition of overlapping policies into a coherent policy.

SENSS: observe and control your own traffic in the internet

By: 
Abdulla Alwabel, Minlan Yu, Ying Zhang, Jelena Mirkovic
Appears in: 
CCR August 2014

We propose a new software-defined security service – SENSS – that enables a victim network to request services from remote ISPs for traffic that carries source IPs or destination IPs from this network’s address space. These services range from statistics gathering, to filtering or quality of service guarantees, to route reports or modifications. The SENSS service has very simple, yet powerful, interfaces. This enables it to handle a variety of data plane and control plane attacks, while being easily implementable in today’s ISP.

iSPY: Detecting IP Prefix Hijacking on My Own

By: 
Zheng Zhang, Ying Zhang, Y. Charlie Hu, Z. Morley Mao, and Randy Bush
Appears in: 
CCR October 2008

IP prefix hijacking remains a major threat to the security of the Internet routing system due to a lack of authoritative prefix ownership information. Despite many efforts in designing IP prefix hijack detection schemes, no existing design can satisfy all the critical requirements of a truly effective system: real-time, accurate, light-weight, easily and incrementally deployable, as well as robust in victim notification.

Syndicate content