Enforcing Context-Aware BYOD Policies with In-Network Security


Adam Morrison, Rice University; Lei Xue, The Hong Kong Polytechnic University; Ang Chen, Rice University; Xiapu Luo, The Hong Kong Polytechnic University


Bring Your Own Device, or BYOD, has become the new norm for many enterprise networks; but it also raises security concerns. We present our vision of programmable in-network security, and sketch an initial system design, Poise. Poise has a high-level policy language that can express a wide range of existing and new security policies. These policies can then be compiled to device con- figurations to collect device/apps information, as well as switch programs in P4 that enforce security inside the network. Our initial results seem promising — Poise runs with reasonable overhead, and it successfully detects policy violations for seven useful BYOD policies.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {216853,
author = {Adam Morrison and Lei Xue and Ang Chen and Xiapu Luo},
title = {Enforcing Context-Aware {BYOD} Policies with In-Network Security},
booktitle = {10th {USENIX} Workshop on Hot Topics in Cloud Computing (HotCloud 18)},
year = {2018},
address = {Boston, MA},
url = {https://www.usenix.org/conference/hotcloud18/presentation/morrison},
publisher = {{USENIX} Association},
month = jul,