A Framework for Security Policy Definition and Enforcement in Database-Defined Networks
PhDs and postgraduate research
Self-funded PhD students only
School of Computing
Applications accepted all year round
The work on this project will:
- Define a theory composing network architectures and information flow policies in a DDN model of networks
- Demonstrate how traditional information flow policies can be transformed into this model
- Validate the theoretical model based on an implementation of a DDN
In recent years, a new approach to the implementation of Software-Defined Networks has emerged that aims at simplifying the task of network administration through the introduction of further data-based abstractions of the control and data planes. This approach, known as Database-Defined Networking (DDNs), represents the entire network through standard relational databases that can be monitored and controlled using a simple SQL-based interface. A network is hence defined in terms of configuration, topological and reachability information. This new representation, architecture-as-a-database, was first introduced in the RAVEL system, as a solution to the problems of complexity and robustness in network management.
This project will aim at defining a framework for the management of security policies in DDNs. The project will comprise a theoretical logic-based model that defines how information flow security policies can be expressed, refined and enforced in a relational database. It will define an analysis of such policies in order to demonstrate that certain desirable security properties related to information flows, e.g. continuous control of information flows, can be maintained as invariants of the system. The theory will then be validated as an implementation developed within the RAVEL platform, where various policies will be transformed and enforced in this platform.
The outcome of this 3-year project will be a framework that couples information flow-theoretic security and static analysis methods that ensure changes to network architectures and policies are performed in a secure manner, on one side, and a validation that will demonstrate how such security can be enforced within a DDN system.
Fees and funding
Funding availability: Self-funded PhD students only.
PhD full-time and part-time courses are eligible for the UK Government Doctoral Loan (UK and EU students only).
2020/2021 fees (applicable for October 2020 and February 2021 start)
Home/EU/CI full-time students: £4,407 p/a*
Home/EU/CI part-time students: £2,204 p/a*
International full-time students: £16,400 p/a*
International part-time students: £8,200 p/a*
*All fees are subject to annual increase
You'll need a good first degree from an internationally recognised university or a Master’s degree in an appropriate subject. In exceptional cases, we may consider equivalent professional experience and/or qualifications. English language proficiency at a minimum of IELTS band 6.5 with no component score below 6.0.
- Interest in the following: network architectures and models, security policies, theoretical computer science
- Good familiarity with the Linux environment
- Analytical skills and knowledge of foundations of computer science
- Ability to think independently, including the formulation of research problems
- Strong verbal and written communication skills, both in plain English and scientific language for publication in relevant journals and presentation at conferences
How to apply
We’d encourage you to contact Dr Benjamin Aziz (firstname.lastname@example.org) to discuss your interest before you apply, quoting the project code.
When you are ready to apply, you can use our online application form. Make sure you submit a personal statement, proof of your degrees and grades, details of two referees, proof of your English language proficiency and an up-to-date CV. Our ‘How to Apply’ page offers further guidance on the PhD application process.
If you want to be considered for this PhD opportunity you must quote project code COMP4990220 when applying.