SDN End-to-end Application Containment
Healthcare practices are increasingly networked driven as physicians and other healthcare professionals increasingly relying on networked applications for tasks as diverse as accessing patient records, remote diagnoses and consultations, in-home patient monitoring, healthcare related analytics and even remote surgical procedures. Of course, in addition to these domain specific applications, healthcare professionals use all the other more typical vocational applications, often from the same device. This diversity of applications and in particular the fact that the same individual, possibly using the same device, might be concurrently using these different applications, presents a particular challenge to healthcare information technology (IT) operations. For example, accessing patient healthcare records is subject to stringent regulatory privacy and security requirements; in-home patient monitoring would require different privacy and security guarantees, while also requiring reliability and soft realtime guarantees from the network; while browsing the Web might not have any particular requirements by itself, there is a clear requirement that such browsing should not have any impact on other applications that have more stringent requirements. Unfortunately, state-of-the-art network and device abstractions do not provide network and IT operators the means to efficiently manage (or to manage at all) such role-based policies.
To address these shortcomings we are developing an SDN End-to-end Application Containment ArchitecTure (SeaCat). Our specific focus is on realizing end-to-end application containment in a health care setting, ensuring both the security and the performance of health care applications.
We demostrated our architecure at the 2014 US Ignite Application Summit.
Materials from the summit: