Collaborative Research: CICI: Secure and Resilient Architecture: NetSecOps - Policy-driven, Knowledge-centric, Holistic Network Security Operations Architecture



Period of Performance:


9/01/2016 8/31/2019




University campus infrastructures count among the most complex and sophisticated information technology (IT) deployments; often combining a mix of enterprise, academic, research, and healthcare environments, each having their own distinct security, privacy, and priority policies. Dealing with the security of this complex and highly dynamic environment is extremely challenging, particularly since Campus IT infrastructures are increasingly under attack both from external Internet sources, and often unknowingly, from internal campus devices. Different segments of the campus have very different policies and regulations that govern its treatment of sensitive data (e.g., private student/employee information, health care data, financial transactions etc.). Further, the unique requirements of data-intensive scientific research traffic often require exceptions to conventional IT policies, which typically result in ad-hoc solutions that bypass standard operational methods and procedures, thus leaving both the scientific workflow and the campus as a whole vulnerable to attack. In short, state-of-the-art campus security operations still heavily rely on human domain experts to interpret high level policy documents, attempt to implement those policies through low level mechanisms, manually implement exceptions to these policies to accommodate scientific workflow requirements, interpret reports and alerts from a variety of security point solutions, and be able to react to security events in near real time on a 24-by-7 basis. This state of affairs is clearly untenable.


Research questions

How can we realize the NETSECOPS Knowledge and Control Framework?

Can NETSECOPS be used for knowledge capture and knowledge discovery?

Can high level security policies be systematically captured?

Are low level mechanisms accurately enforcing high level policies?

- our work falls here

Can systematic policies be auto-generated?

- our work falls here

Can general campus access and connectivity control be policy-driven?


Can policy exceptions be made for traffic used in (scientific) research computing?


Exemplary products: