Due to the increasing popularity of smartphones and tablets, mobile apps are becoming the preferred portals for users to access various network services in both residential and enterprise environments. Predominantly using generic HTTP or HTTPS protocols, traffic from different mobile apps is largely indistinguishable. This loss of visibility into mobile app traffic brings new challenges to network management and traffic analysis. It has became very hard to implement network policies based on the differentiation between traffic from compliant and non-compliant mobile apps. This paper presents a system that not only provides network administrators the much desired capability of enforcing policies on mobile app traffic, but also does that at a fine per-user granularity. The proposed system takes a Network Functions Virtualization (NFV) approach and virtualizes an edge router into multiple virtual data planes. Specifically, each data plane serves solely to one particular user and consists of user-specific virtualized network functions. The independence of the virtual data planes facilitates enforcing network policies at the per-user level. To enable policy enforcement on mobile apps, our system includes a sophisticated mobile app identification module to recognize traffic from different apps using preloaded traffic signatures. By exploiting TLS proxying, our system can even enforce policies on those mobile apps adopting traffic encryption. We have implemented a prototype of the proposed system as a wireless access point (AP) using a commodity small form factor PC. Our preliminary experimental evaluations show that the system can scale to modest number of users without much impacting user experience in using the network.
Per-user Policy Enforcement on Mobile Apps through Network Functions Virtualization / Sapio, Amedeo; Liao, Y.; Baldi, Mario; Ranjan, G.; Risso, FULVIO GIOVANNI OTTAVIO; Tongaonkar, A.. - STAMPA. - (2014), pp. 37-42. (Intervento presentato al convegno Workshop on Mobility in the Evolving Internet Architecture (MobiArch 2014) tenutosi a Maui, Hawaii, USA nel September 2014) [10.1145/2645892.2645896].
Per-user Policy Enforcement on Mobile Apps through Network Functions Virtualization
SAPIO, AMEDEO;BALDI, MARIO;RISSO, FULVIO GIOVANNI OTTAVIO;
2014
Abstract
Due to the increasing popularity of smartphones and tablets, mobile apps are becoming the preferred portals for users to access various network services in both residential and enterprise environments. Predominantly using generic HTTP or HTTPS protocols, traffic from different mobile apps is largely indistinguishable. This loss of visibility into mobile app traffic brings new challenges to network management and traffic analysis. It has became very hard to implement network policies based on the differentiation between traffic from compliant and non-compliant mobile apps. This paper presents a system that not only provides network administrators the much desired capability of enforcing policies on mobile app traffic, but also does that at a fine per-user granularity. The proposed system takes a Network Functions Virtualization (NFV) approach and virtualizes an edge router into multiple virtual data planes. Specifically, each data plane serves solely to one particular user and consists of user-specific virtualized network functions. The independence of the virtual data planes facilitates enforcing network policies at the per-user level. To enable policy enforcement on mobile apps, our system includes a sophisticated mobile app identification module to recognize traffic from different apps using preloaded traffic signatures. By exploiting TLS proxying, our system can even enforce policies on those mobile apps adopting traffic encryption. We have implemented a prototype of the proposed system as a wireless access point (AP) using a commodity small form factor PC. Our preliminary experimental evaluations show that the system can scale to modest number of users without much impacting user experience in using the network.File | Dimensione | Formato | |
---|---|---|---|
2560941.pdf
accesso aperto
Tipologia:
1. Preprint / submitted version [pre- review]
Licenza:
Pubblico - Tutti i diritti riservati
Dimensione
308.34 kB
Formato
Adobe PDF
|
308.34 kB | Adobe PDF | Visualizza/Apri |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/2560941
Attenzione
Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo