Hypothesis Testing for Network Security

Similar documents
The Internet: A Remarkable Story. Inside the Net: A Different Story. Networks are Hard to Manage. Software Defined Networking Concepts

SDN AND SECURITY: Why Take Over the Hosts When You Can Take Over the Network

How To Understand The Power Of The Internet

On the effect of forwarding table size on SDN network utilization

Software Defined Networking & Openflow

Internet Packets. Forwarding Datagrams

Question 1. [7 points] Consider the following scenario and assume host H s routing table is the one given below:

Software Defined Networks

From Active & Programmable Networks to.. OpenFlow & Software Defined Networks. Prof. C. Tschudin, M. Sifalakis, T. Meyer, M. Monti, S.

Network-Wide Class of Service (CoS) Management with Route Analytics. Integrated Traffic and Routing Visibility for Effective CoS Delivery

MPLS Layer 2 VPNs Functional and Performance Testing Sample Test Plans

Network Security Topologies. Chapter 11

SOFTWARE DEFINED NETWORKS REALITY CHECK. DENOG5, Darmstadt, 14/11/2013 Carsten Michel

Internet Protocol: IP packet headers. vendredi 18 octobre 13

IP addressing. Interface: Connection between host, router and physical link. IP address: 32-bit identifier for host, router interface

Network Virtualization Network Admission Control Deployment Guide

HOW TO PREVENT DDOS ATTACKS IN A SERVICE PROVIDER ENVIRONMENT

How To Make A Network Secure

WAN Topologies MPLS. 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr Cisco Systems, Inc. All rights reserved.

VXLAN: Scaling Data Center Capacity. White Paper

An Introduction to Software-Defined Networking (SDN) Zhang Fu

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

MPLS is the enabling technology for the New Broadband (IP) Public Network

Software Defined Networking What is it, how does it work, and what is it good for?

Network Security: Network Flooding. Seungwon Shin GSIS, KAIST

Troubleshooting and Maintaining Cisco IP Networks Volume 1

SDN Programming Languages. Programming SDNs!

How Routers Forward Packets

MPLS Layer 3 and Layer 2 VPNs over an IP only Core. Rahul Aggarwal Juniper Networks. rahul@juniper.net

MPLS WAN Explorer. Enterprise Network Management Visibility through the MPLS VPN Cloud

MPLS over Various IP Tunnels. W. Mark Townsley

Introducing Basic MPLS Concepts

Internet Firewall CSIS Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS net15 1. Routers can implement packet filtering

Network Management: - SNMP - Software Defined networking

Cross-layer Optimisation and Traffic Control for Delivering Super High Definition Video

The State of OpenFlow: Advice for Those Considering SDN. Steve Wallace Executive Director, InCNTRE SDN Lab Indiana University

ISTANBUL. 1.1 MPLS overview. Alcatel Certified Business Network Specialist Part 2

Business Case for NFV/SDN Programmable Networks

Scalable Extraction, Aggregation, and Response to Network Intelligence

VeriFlow: Verifying Network-Wide Invariants in Real Time

ETHERNET WAN ENCRYPTION SOLUTIONS COMPARED

A Coordinated. Enterprise Networks Software Defined. and Application Fluent Programmable Networks

Application Note. Stateful Firewall, IPS or IDS Load- Balancing

Virtual Private LAN Service (VPLS) Conformance and Performance Testing Sample Test Plans

Software Defined Networking

IP Office Technical Tip

Enhancing Cisco Networks with Gigamon // White Paper

SDN CONTROLLER. Emil Gągała. PLNOG, , Kraków

Network layer" 1DT066! Distributed Information Systems!! Chapter 4" Network Layer!! goals: "

IPv4 and IPv6 Integration. Formation IPv6 Workshop Location, Date

MPLS for ISPs PPPoE over VPLS. MPLS, VPLS, PPPoE

Software Defined Networking (SDN)

Configuring the Transparent or Routed Firewall

A Case for Overlays in DCN Virtualization Katherine Barabash, Rami Cohen, David Hadas, Vinit Jain, Renato Recio and Benny Rochwerger IBM

Exterior Gateway Protocols (BGP)

Data Communication Networks and Converged Networks

Network layer: Overview. Network layer functions IP Routing and forwarding

IP Switching: Issues and Alternatives

Achieving Low-Latency Security

Software Defined Networking

Redefine Network Visibility in the Data Center with the Cisco NetFlow Generation Appliance

Software-Defined Networking for the Data Center. Dr. Peer Hasselmeyer NEC Laboratories Europe

CSCI-1680 So ware-defined Networking

OVERLAYING VIRTUALIZED LAYER 2 NETWORKS OVER LAYER 3 NETWORKS

Routing Protocols (RIP, OSPF, BGP)

Inter-domain Routing Basics. Border Gateway Protocol. Inter-domain Routing Basics. Inter-domain Routing Basics. Exterior routing protocols created to:

Polycom. RealPresence Ready Firewall Traversal Tips

Certes Networks Layer 4 Encryption. Network Services Impact Test Results

NetFlow/IPFIX Various Thoughts

- Multiprotocol Label Switching -

M.Sc. IT Semester III VIRTUALIZATION QUESTION BANK Unit 1 1. What is virtualization? Explain the five stage virtualization process. 2.

PRASAD ATHUKURI Sreekavitha engineering info technology,kammam

Description: Objective: Upon completing this course, the learner will be able to meet these overall objectives:

(MPLS) MultiProtocol Labling Switching. Software Engineering 4C03 Computer Network & Computer Security Dr. Kartik Krishnan Winter 2004.

Recommended IP Telephony Architecture

Mobile IP Part I: IPv4

Software Defined Networking A quantum leap for Devops?

Defining SDN. Overview of SDN Terminology & Concepts. Presented by: Shangxin Du, Cisco TAC Panelist: Pix Xu Jan 2014

Quality of Service using Traffic Engineering over MPLS: An Analysis. Praveen Bhaniramka, Wei Sun, Raj Jain

Carrier/WAN SDN. SDN Optimized MPLS Demo

NAT and Firewall Traversal with STUN / TURN / ICE

EECS 489 Winter 2010 Midterm Exam

Cisco Network Foundation Protection Overview

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP

How To Make A Vpc More Secure With A Cloud Network Overlay (Network) On A Vlan) On An Openstack Vlan On A Server On A Network On A 2D (Vlan) (Vpn) On Your Vlan

Network performance in virtual infrastructures

Tackling the Challenges of MPLS VPN Testing. Todd Law Product Manager Advanced Networks Division

EE627 Lecture 22. Multihoming Route Control Devices

Security in IPv6. Basic Security Requirements and Techniques. Confidentiality. Integrity

Firewalls P+S Linux Router & Firewall 2013

SIMPLE NETWORKING QUESTIONS?

CS 5480/6480: Computer Networks Spring 2012 Homework 4 Solutions Due by 1:25 PM on April 11 th 2012

Transcription:

Hypothesis Testing for Network Security Philip Godfrey, Matthew Caesar, David Nicol, William H. Sanders, Dong Jin INFORMATION TRUST INSTITUTE University of Illinois at Urbana-Champaign

We need a science of security Practice of doing cyber-security research needs to change Attempts based on reaction to known/imagined threats Too often applied in ad-hoc fashion SoS program: move security research beyond ad-hoc reactions Need a principled and rigorous framework Need a scientific approach 2

sci ence noun \ˈsī-ən(t)s\ What is science? : the systematic study of the structure and behavior of the natural and physical world through observation and experiment The scientific method 1. Ask a question 2. Formulate a hypothesis 3. Design and conduct an experiment 4. Analyze results 3

Towards a science of security Can we apply the scientific method to the domain of cybersecurity? Challenges: complex, large scale+dynamic environments, many protocols/mechanisms Opportunities: isolation, rigorous analyses, formal models, automation Can we develop a methodology for science of security? 4

Our work NetHTM: a methodology for science of security Techniques for performing/integrating security analyses to rigorously answer hypotheses about end to end security of a network Core: hypothesis evaluation engine Input: testable hypotheses, formal model of system Automatically designs and conducts experiments to evaluate veracity of hypotheses Our focus: Network data flow security Builds upon our prior work in formal network modeling 5

Overall System Architecture Security Scientist Hypotheses All network paths traverse a firewall Fraction of CRE vulnerabilities in network, given set of deployed ACLs, is less than 1% NetHTM Hypothesis Testing Platform System under evaluation Results 6

Active sub-tasks and Status Task 1: Methodologies for modeling and analyzing networks Core Network Model Modeling virtualized networks [best paper award, HotSDN 2014] Task 2: Automated techniques for hypothesis testing Automated experiment construction algorithm Database model of network behavior Task 3: Realizing a practical system Modeling dynamic behaviors [NSDI 2015] 7

Let s start with a router Configuration Control Plane Data Plane Network Forwarding 8

One approach: Build a model of the router Configuration Control Plane Data Plane Network Forwarding Input Predicted Pros: Can test prior to deployment Cons: Modeling is complex Prediction misses bugs in control plane Requires vendor support 9

Our approach: Just model the data plane Configuration Control Plane Data Plane Network Forwarding Input Predicted Pros: Checks as close as possible to network behavior Unified analysis for multiple protocols Catches implementation bugs 10

Our approach: Data-plane modeling Challenge: need some general way to express complex forwarding behavior Solution: Represent data plane as boolean functions Can leverage well-understood approaches to SAT solving, to check hypotheses against data plane Translate SAT results to report hypothesis veracity along with diagnostic information 11

Examples Packet Filtering Destination Interface 10.1.1.0/24 v Drop port 80 to v Longest Prefix Matching Destination Interface 10.1.1.0/24 v 10.1.1.128/25 w u v u v w Similar approaches to handle NAT, multicast, ACLs, encapsulation, MPLS label swapping, OpenFlow, etc. P(u,v) = IP dest 10.1.1.0/24 ^ Port dest 80 P(u,v) = IP dest 10.1.1.0/24 ^ IP dest 10.1.1.128/25 12

Automating Hypothesis Testing Could directly extend existing techniques (e.g., SAT solvers) Problem: not very scalable Alternative solution: represent and test Boolean functions as graph traversals Main idea: Represent network state as a forwarding graph Translate hypothesis tests into graph traversals 13

Limiting the Search Space Hypothesis Testing Engine Updates Generate Equivalence Classes Equivalence class: Packets experiencing the same forwarding actions throughout the network. Fwd ing rules Equiv. classes 0.0.0.0/1 64.0.0.0/3 0.0.0.0/0 1 2 3 4 14

Limiting the Search Space Hypothesis Testing Engine Updates Generate Equivalence Classes Generate Forwarding Graphs Forwarding graphs: All the info to answer hypotheses 15

Limiting the Search Space Hypothesis Testing Engine Updates Generate Equivalence Classes Generate Forwarding Graphs Run Experiments Correct Hypotheses Black holes, Routing loops, Isolation of multiple VLANs, Access control policies Incorrect Hypotheses Result report Experimental step that violates hypothesis Affected set of packets 16

Evaluation Simulated an IP network using a Rocketfuel topology Replayed Route Views BGP traces 172 routers, 90K BGP updates Microbenchmarked each phase of HTE s operation 17

Single-Hypothesis Testing Speed 97.8% of experiments concluded within 1 millisecond 18

Dealing with System Dynamics Challenge: Networks are Dynamic and Nondeterministic May not always know what will happen given an input May not always have up to date state May not be fully deployed Solution approach: dealing with uncertainty Explicitly model uncertainty in network s current state 19

Should I send B [nh=c] now? Motivating example I want to shift traffic from S1 to S2. Case 1: update [nh=d received Case 2: update not yet received S1 S1 B C S2? B C S2? Change your next hop to C Controller Change your next hop to S2 nh=c nh=s2 B C S1 S2 20

Uncertainty-aware modeling: Approach uncertain links certain links 1. Derive possible network states, given inputs 2. Represent possible states using symbolic uncertainty graph 3. Traverse graph to test hypotheses 4. Update graph as information comes in Network changes, acks from network, certain delays pass 21

Technical approach Controller Update GCC Network Model Stream of Updates Update Pending Updates Update Pass Analysis Engine Fail Network Confirm 22

Hypothesis Testing Time in Dynamic Networks 80% of the hypotheses tested within 10 microseconds 23

Conclusion We are constructing a hypothesis testing engine for SoS Analysis methodology for reasoning about science of security of networks Adds to theoretical underpinnings of SoS, supports practice of SoS Early results indicate feasibility Experiments run in milliseconds on complex networks Interested in working with you My contact info: caesar@illinois.edu 24

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information