Ethane: A Protection Architecture for Enterprise Networks

September 20, 2006
Martin Casado | Stanford University

Connectivity in enterprise networks is provided by technologies not designed to offer protection. As a response to growing security demands, network designers have attempted to retrofit access controls onto an otherwise permissive architecture using various interdiction mechanisms such as ACLs, packet filters, and other middleboxes. This has lead to enterprise networks that are inflexible, fragile, and difficult to manage.

To address these limitations, we offer Ethane, a backwards compatible network architecture where connectivity is restricted by default and only granted to senders on request. All routing and access control decisions are made by a logically-centralized server that grants access to services by explicitly setting up routes, according to declarative access control policies (e.g., “Alice can access http server foo”). Access controls are enforced at each switch, which are simple and only minimally trusted. Ethane offers strong attack resistance and containment in the face of compromise, yet is practical for everyday use.

Speaker Details

Martin Casado is starting his fourth-year as a PhD student in Computer Science at Stanford University. His interests include architectural support for network security policy and developing (and using!) novel measurement techniques to understand the Internet edge. Prior to enlisting in the PhD program, Martin hid from the public to do security research at Lawrence Livermore National Laboratory as a computer scientist in the information operations and assurance group.