SeaCat: and SDN End-to-end Application Containment ArchitecTure a presentation by Jacobus Van der Merwe, U. Utah at US Ignite ONF GENI workshop on October 8, 2013

1. SeaCat: an SDN End-to-end
Application Containment ArchitecTure
Enabling Secure Role Based Network Access in Healthcare
- US Ignite Project -
Kobus Van der Merwe
and Brent Elieson

2. Motivation
• “Everything” is networked
– Nearly all business applications assume network
availability
• Also true in healthcare
– Accessing patient records
– Remote diagnoses and consultation
– In-home monitoring
– Healthcare analytics
– Plus “regular” vocational applications
• HR/payroll functions, accessing domain specific literature
– Plus non vocational use
• Browsing the web, social networking etc.

3. Motivation cont.
• Problem:
– Same individual, using same device potentially
using several of these applications simultaneously
– Applications have very different security and
performance constraints:
• Healthcare records: stringent regulatory privacy and
security requirements
• In-home patient monitoring: different privacy and
security needs + reliability and soft real time
guarantees
• Web use: no impact on core healthcare applications

4. Motivation cont.
• Current approaches, combinations of:
– Devices scans when new devices attach to network
– Run applications on application servers with thin clients on
devices
– Complex network and server access control polices
• Inadequate:
– Device with up-to-date patch levels might still contain
malware
– Application servers with thin clients constrain the type of
applications that can be used
– Access control policies only deal with access. Provide no
protection once data is accessed

5. SeaCat Approach
• Combine SDN and
application
containment:
– End-to-end application
containment
• Non-healthcare app:
– default context
• Healthcare app:
– dynamic app specific
context
– from server, through
network, into device
– app and data contained in
this context
– protect against data leakage
and malicious actors

6. Threat Model
• Concerned with security and performance of health care
applications used from variety of devices in a health care
environment
• Assume healthcare applications can be trusted
– different from conventional threat model where device needs to be
protected against untrusted applications
• Specific concerns:
– Unauthorized access
• role based authentication and policies
– Data leakage
• end-to-end application containment
– Resource guarantees
• context based resource allocation with preemption
– Denial of service
• resource guarantees plus separation of resources

7. SeaCat Architecture
• SDN to create
contexts for
apps
• Extend contexts
into endpoint:
– Controller
creates virtual
interfaces on
host switch
– Bind
applications to
these interfaces

8. SeaCat Architecture
Default context to bootstrap:
1. App uses default
context ->
authentication and
policy entity
2. Request: create
network context
3. Create context in
network and host SDN
4. Application gets
credentials to bind to
virtual NIC (unbind from
default NIC/context)
5. Traffic constrained to
dedicated context

9. Challenges and status
• Create secure end-to-end contexts
– Network and host SDN as basis
– Authentication and policy driven control framework
– Host application containment
– Secure binding mechanisms
– Need for encryption
• Status and plans
– Just got started
• Work in progress
– Explore architecture with specific healthcare apps
• Electronic health records (EHR)
• Medical imaging