Here are various overview descriptions and demonstration videos we have developed to illustrate our research projects.


An Introduction to OpenFlow Security Mediation:   June 2012

An Overview of the FortNOX Security Kernel

11 minutes

We present the motivation and design of an OpenFlow security mediation kernel.   We consider how to reconcile the dynamic nature of flow policy specification in the SDN paradigm against our traditional notions of network perimeter defense.   We then  FortNOX Security Kernel.


Demonstration Videos

May  2012

A Demonstration of Inline Constraints Policy Enforcement

5:55 minutes

FortNOX is an extension to the NOX OpenFlow controller.  We present an example of how FortNOX imposes strong non-bypassable security policy enforcement.    We demonstrate how OpenFlow applications can establish virtual tunnels that can bypass the restrictions of firewalls or conflicting block rules.  We then demonstrate FortNOX’s inline conflict detection and security constraints enforcement that prevents the virtual from bypassing our block rules.

April 2013

Dynamic Threat Containment Using


3:55 minutes

We present a demonstration of SE-Floodlight using SE-Floodlight.    SE-Floodlight is our latest integration of a security mediation kernel into the BigSwitch Floodlight OpenFlow controller.

Here, we demonstrate the dynamic containment of a spambot outbreak using OpenFlow BotHunter with SE-Floodlight.

May  2012

An OpenFlow Reflector Net for Shielding Production Networks from Malicious Attacks

5:26 minutes

We present an example of dynamic flow redirection using FortNOX.  Here, and adversary is detected attacking our production network, causing OpenFlow BotHunter to dynamically shunt the attacker’s flows into a honeynet to validate the threat and collect counter intelligence information.

May  2012

Malware Quarantine - Automatically Removing Infected Hosts from OpenFlow-Enabled Networks

4:45 minutes

We present an example of malware quarantine using FortNOX.  OpenFlow BotHunter is used to detect and then automatically isolate a local malware infection using FortNOX.    Quarantine involves blocking all communication flows to and from the infected host, with the exception that all HTTP queries from the host are redirected into  a quarantine notification webserver.  Here, a quarantine notification page is returned to the host, informing the user that the host is infected and the system administrator should be contacted as soon as possible.  

April 2013

Vulnerable Port Protection Using


2:16 minutes

Here is a demonstration of incorporating a vulnerability scanner into the dynamic network policy decisions as input to our OpenFlow security actuator.      We show SE-Floodlight redirecting external and internal users away from a server on which a newly discovered vulnerability as been found.  Internal users are shunted to an alternate internal server, while external users are sent to a maintenance page.