a hypothesis testing framework for network security
play

A Hypothesis Testing Framework for Network Security P. Brighten - PowerPoint PPT Presentation

Mar 02, 2023 •432 likes •939 views

A Hypothesis Testing Framework for Network Security P. Brighten Godfrey University of Illinois at Urbana-Champaign TSS Seminar, September 15, 2015 Part of the SoS Lablet with David Nicol Kevin Jin Matthew Caesar Bill Sanders Work with

  1. A Hypothesis Testing Framework for Network Security P. Brighten Godfrey University of Illinois at Urbana-Champaign TSS Seminar, September 15, 2015

  2. Part of the SoS Lablet with David Nicol Kevin Jin Matthew Caesar Bill Sanders

  3. Work with… Anduo Wang Wenxuan Zhou Dong Jin Jason Croft Matthew Caesar with Ahmed Khurshid Haohui Mai Xuan Zhou Rachit Agarwal Sam King

  4. References to papers in this talk Haohui Mai, Ahmed Khurshid, Rachit Agarwal, Matthew Caesar, P . Brighten Godfrey, and Samuel T. King. Debugging the Data Plane with Anteater. ACM SIGCOMM, August 2011. Ahmed Khurshid, Xuan Zou, Wenxuan Zhou, Matthew Caesar, and P . Brighten Godfrey. VeriFlow: Verifying Network-Wide Invariants in Real Time. 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI), April 2013. Wenxuan Zhou, Dong Jin, Jason Croft, Matthew Caesar, and P . Brighten Godfrey. Enforcing Customizable Consistency Properties in Software-Defined Networks. 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI), April 2015. Anduo Wang, Brighten Godfrey, and Matthew Caesar. Ravel: Orchestrating Software-Defined Networks. Demo in SOSR’15.

  5. Background: Network Verification

  6. Networks are complex 89% of operators never sure that config changes are bug-free 82% concerned that changes would cause problems with existing functionality – Survey of network operators: [Kim, Reich, Gupta, Shahbaz, Feamster, Clark, USENIX NSDI 2015]

  7. Understanding your network Configuration Flow monitoring verification Screenshot from Scrutinizer NetFlow & sFlow analyzer, snmp.co.uk/scrutinizer/ e.g.: RCC for BGP [Feamster & Balakrishnan, NSDI’05]

  8. Configuration verification Input device software Predicted device software device software protocols device software protocols protocols device software protocols device software protocols protocols

  9. Data plane verification Verify the network as close as possible to its actual behavior Input data plane state Predicted

  10. Data plane verification • (Checks current snapshot) Verify the network • Insensitive to control protocols as close as possible to • Accurate model its actual behavior Input data plane state Predicted

  11. Architecture “Service S reachable Diagnosis only through firewall?” “Is segment isolated?” Verifier

  12. Building It

  13. Verification is nontrivial Packet: x[0] x[1] x[2] … x[n] x[4] = 1 x[7] = 1 A B x[1] = 0 ( x 4 ∨ x 7 ∨ ¯ x 1 ) ∧ ( . . . ) ∧ ( . . . ) ∧ ( . . . ) NP-complete!

  14. Anteater’s solution Express data plane and invariants as SAT • ...up to some max # hops Check with off-the-shelf SAT solver (Boolector)

  15. Data plane as boolean functions Define P(u, v) as the expression for packets Destination Action traveling from u to v 10.1.1.0/24 Fwd to v • A packet can flow over (u, v) if and only if it satisfies u v P(u, v) P(u, v) = dst_ip ∈ 10.1.1.0/24

  16. Reachability as SAT solving Goal: reachability from u to w u v w == C = (P(u, v) ∧ P(v,w)) is satisfiable • SAT solver determines the satisfiability of C • Problem: exponentially many paths - Solution: Dynamic programming (a.k.a. loop unrolling) - Intermediate variables: “Can reach x in k hops?” - Similar to [Xie, Zhan, Maltz, Zhang, Greenberg, Hjalmtysson, Rexford, INFOCOM’05]

  17. Packet transformation Essential to model MPLS, dst_ip ∈ label = 5? 0.1.1.0/24 QoS, NAT, etc. u v w • Model the history of packets: vector over time • Packet transformation ⇒ boolean constraints over adjacent packet versions ( p i .dst ip ∈ 0 . 1 . 1 . 0 / 24) ∧ ( p i +1 .label = 5) More generally: p i +1 = f ( p i )

  18. Experience with an operational network

  19. Experiences with real network Evaluated Anteater with operational network • 〜⦅ 178 routers supporting >70,000 machines • Predominantly OSPF, also uses BGP and static routing • 1,627 FIB entries per router (mean) • State collected using operator’s SNMP scripts Revealed 23 bugs with 3 invariants in 2 hours Loop Packet loss Consistency Being fixed 9 0 0 Stale config. 0 13 1 Total alerts 9 17 2

  20. Forwarding loops IDP was overloaded, building operator introduced IDP bypass Bypass routed campus traffic to IDP through static routes … Introduced 9 loops bypass Backbone

  21. Bugs found by other invariants Packet loss Consistency Admin. X u u interface u’ 12.34.56.0/24 • Blocking compromised machines at IP level • One router exposed web • Stale configuration admin interface in FIB From Sep, 2008 • Different policy on private IP address range

  22. Can we verify networks in real time?

  23. Not so simple Challenge #1: Obtaining real time view of network Challenge #2: Verification speed

  24. Architecture “Service S reachable Diagnosis only through firewall?” Verifier

  25. VeriFlow architecture app app software abstractions Logically centralized controller Thin, standard interface to data plane (e.g. OpenFlow)

  26. VeriFlow architecture app app software abstractions VeriFlow Logically centralized controller Thin, standard interface to data plane (e.g. OpenFlow)

  27. Verifying invariants quickly Veriflow Generate Updates Equivalence Classes 64.0.0.0/3 0.0.0.0/1 Fwd’ing rules Equiv classes Find only equivalence classes affected by the update via a multidimensional trie data structure

  28. Verifying invariants quickly Veriflow Generate Generate Updates Equivalence Forwarding Classes Graphs All the info to answer queries!

  29. Verifying invariants quickly Veriflow Generate Generate Updates Equivalence Forwarding Run Queries Classes Graphs Good rules Bad rules Diagnosis report • Type of invariant violation • Affected set of packets

  30. Evaluation Simulated network • Real-world BGP routing tables (RIBs) from RouteViews totaling 5 million RIB entries • Injected into 172-router network (AS 1755 topology) Measure time to process each forwarding change • 90,000 updates from Route Views • Check for loops and black holes

  31. Microbenchmark latency 97.8% of updates verified within 1 ms

  32. Towards a Science of Security: Network Hypothesis Testing

  33. SoS: Network Hypothesis Testing Modeling dynamic networks 1 2 Networks as databases Provably correct virtual networks 3

  34. Modeling dynamic networks

  35. Timing uncertainty Controller Remove rule 1 Install rule 2 (delayed) Possible network states: Rule 1 Rule 2 Switch A Switch B One solution: “consistent updates” [Reitblatt, Foster, Rexford, Schlesinger, Walker, “Abstractions for Network Update”, SIGCOMM 2012]

  36. Uncertainty-aware verification

  37. Update synthesis via verification 1 mod A->C to A->F 2 add F->G Controller 3 add G->H Stream of Updates 4 add H->B 2 1 3 4 CCG Verifier Update queue Verification No Engine A should reach B Safe? Network Model Yes Confirmations C E D A B F H G Enforcing dynamic correctness with heuristically maximized parallelism

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hypothesis Testing for Network Security Philip Godfrey, Matthew Caesar, David Nicol, William H.

Hypothesis Testing for Network Security Philip Godfrey, Matthew Caesar, David Nicol, William H.

Hypothesis Testing for Network Security Philip Godfrey, Matthew Caesar, David Nicol, William H. Sanders, Dong Jin INFORMATION TRUST INSTITUTE University of Illinois at Urbana-Champaign We need a science of security Practice of doing

373 views • 24 slides
Hypothesis Testing for a Proportion August 21, 2019 August 21, 2019 1 / 64 Hypothesis Testing

Hypothesis Testing for a Proportion August 21, 2019 August 21, 2019 1 / 64 Hypothesis Testing

Hypothesis Testing for a Proportion August 21, 2019 August 21, 2019 1 / 64 Hypothesis Testing Framework Suppose were interested in examining how people perform on a multiple choice question related to world health. We might like to

1.37k views • 64 slides
Hypothesis Testing and statistical preliminaries Stony Brook University CSE545, Spring 2019

Hypothesis Testing and statistical preliminaries Stony Brook University CSE545, Spring 2019

Hypothesis Testing and statistical preliminaries Stony Brook University CSE545, Spring 2019 Hypothesis Testing: Random Variables Distributions Hypothesis Testing Framework Comparing Variables: Simple Linear Regression,

1.37k views • 105 slides
Gov 2000: 6. Hypothesis Testing Matthew Blackwell October 11, 2016 1 / 55 1. Hypothesis

Gov 2000: 6. Hypothesis Testing Matthew Blackwell October 11, 2016 1 / 55 1. Hypothesis

Gov 2000: 6. Hypothesis Testing Matthew Blackwell October 11, 2016 1 / 55 1. Hypothesis Testing Examples 2. Hypothesis Test Nomenclature 3. Conducting Hypothesis Tests 4. p-values 5. Power Analyses 6. Exact Inference* 7. Wrap up 2 / 55

929 views • 63 slides
Chapter 6 Hypothesis Testing What is Hypothesis Testing? the use of statistical

Chapter 6 Hypothesis Testing What is Hypothesis Testing? the use of statistical

Chapter 6 Hypothesis Testing What is Hypothesis Testing? the use of statistical procedures to answer research questions Typical research question (generic): For hypothesis testing, research questions are statements: This is

770 views • 50 slides
Chapter 6 Hypothesis Testing What is Hypothesis Testing? the use of statistical

Chapter 6 Hypothesis Testing What is Hypothesis Testing? the use of statistical

Chapter 6 Hypothesis Testing What is Hypothesis Testing? the use of statistical procedures to answer research questions Typical research question (generic): For hypothesis testing, research questions are statements: This is

243 views • 22 slides
Testing 6.1 Specification testing Michel Bierlaire A short reminder on hypothesis testing

Testing 6.1 Specification testing Michel Bierlaire A short reminder on hypothesis testing

Testing 6.1 Specification testing Michel Bierlaire A short reminder on hypothesis testing Hypothesis testing is a method to contradict a theoretical assumption using data. In his seminal book on design of experiments, Fisher (1937) uses

526 views • 3 slides
Statistics'and' Hypothesis'Testing

Statistics'and' Hypothesis'Testing

Statistics'and' Hypothesis'Testing NENS230:DataAnalysisfortheBiosciencesusingMATLAB EddyAlbarran November3,2015 AnalysisMethodology Data Exploratory Hypothesis DataAnalysis Testing

985 views • 61 slides
STAT 113 Hypothesis Testing I Colin Reimer Dawson Oberlin College October 5, 2017 1 / 17

STAT 113 Hypothesis Testing I Colin Reimer Dawson Oberlin College October 5, 2017 1 / 17

Hypothesis Testing Null Hypothesis Testing Formulating Statistical Hypotheses Preview: Quantifying Evidence STAT 113 Hypothesis Testing I Colin Reimer Dawson Oberlin College October 5, 2017 1 / 17 Hypothesis Testing Null Hypothesis

321 views • 17 slides
3. The Central Limit Theorem (2.5) 2/5/2020 Quiz 3 - Hypothesis Testing Recap from last time 1.

3. The Central Limit Theorem (2.5) 2/5/2020 Quiz 3 - Hypothesis Testing Recap from last time 1.

Unit 2: Foundations for Inference 3. The Central Limit Theorem (2.5) 2/5/2020 Quiz 3 - Hypothesis Testing Recap from last time 1. Null hypothesis testing is a framework for quantifying evidence 2. Whenever we pick a standard of evidence that

320 views • 15 slides
Hypothesis testing get data that differ from the null hypothesis. If the data would be quite

Hypothesis testing get data that differ from the null hypothesis. If the data would be quite

Hypothesis testing asks how unusual it is to Hypothesis testing get data that differ from the null hypothesis. If the data would be quite unlikely under H 0 , we reject H 0 . So we need to know how good the sample is, and how likely it is that

334 views • 14 slides
STAT 215 Hypothesis Testing I Colin Reimer Dawson Oberlin College September 7, 2017 1 / 14

STAT 215 Hypothesis Testing I Colin Reimer Dawson Oberlin College September 7, 2017 1 / 14

Inference Goals Hypothesis Testing Philosophy of Null Hypothesis Testing Formulating Statistical Hypotheses STAT 215 Hypothesis Testing I Colin Reimer Dawson Oberlin College September 7, 2017 1 / 14 Inference Goals Hypothesis Testing

251 views • 14 slides
Sequential techniques for Hypothesis testing & Change detection George V. Moustakides

Sequential techniques for Hypothesis testing & Change detection George V. Moustakides

Sequential techniques for Hypothesis testing & Change detection George V. Moustakides University of Patras Outline Sequential hypothesis testing The Sequential Probability Ratio Test (SPRT) for optimum hypothesis testing

393 views • 27 slides
SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS Few Security Breaches Date: 2013-14 September 2016, while in negotiations to

404 views • 18 slides
Hypothesis Testing Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical

Hypothesis Testing Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical

Hypothesis Testing Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay August 22, 2012 1 / 23 Basics of Hypothesis Testing What is a Hypothesis? One situation among a set of

501 views • 23 slides
Testing Specification testing Michel Bierlaire Introduction to choice models Differences from

Testing Specification testing Michel Bierlaire Introduction to choice models Differences from

Testing Specification testing Michel Bierlaire Introduction to choice models Differences from classical hypothesis testing Classical hypothesis testing: example Null hypothesis ( H 0 ) A simple hypothesis contradicting a theoretical

516 views • 33 slides
Formal Verification of Computer Switch Networks Sharad Malik ; Department of Electrical

Formal Verification of Computer Switch Networks Sharad Malik ; Department of Electrical

Formal Verification of Computer Switch Networks Sharad Malik ; Department of Electrical Engineering; Princeton Univeristy (with Shuyuan Zhang (Princeton), Rick McGeer (HP Labs)) 1 SDN: So what changes for verification? SDN: So what changes for

665 views • 34 slides
Data Plane Verification and Anteater Brighten Godfrey University of Illinois Work with Haohui

Data Plane Verification and Anteater Brighten Godfrey University of Illinois Work with Haohui

Data Plane Verification and Anteater Brighten Godfrey University of Illinois Work with Haohui Mai, Ahmed Khurshid, Rachit Agarwal, Matthew Caesar, and Sam King Summer School on Formal Methods and Networks Cornell University, June 11, 2013

482 views • 36 slides
Ant-immigrant populism is not really a recent phenomenon Didier Ruedin University of the

Ant-immigrant populism is not really a recent phenomenon Didier Ruedin University of the

Ant-immigrant populism is not really a recent phenomenon Didier Ruedin University of the Witwatersrand & University of Neuchtel Contestng the Populist Challenge Malm, 17 November 2017 immigraton is increasingly politcized Share of all

561 views • 10 slides
Build Build Build Build System building The process of compiling and linking software

Build Build Build Build System building The process of compiling and linking software

Build Build Build Build System building The process of compiling and linking software components into an executable system Different systems are built from different combinations of components Invariably supported by automated

557 views • 20 slides
Making Teaching a Shared Brian Sato Office of the Vice Provost of Teaching and Learning

Making Teaching a Shared Brian Sato Office of the Vice Provost of Teaching and Learning

Making Teaching a Shared Brian Sato Office of the Vice Provost of Teaching and Learning Responsibility through Ray Vadnais Departmental Reports Office of Information Technology UCI Strategic Plan First in Class - Elevating the student

1.32k views • 25 slides
Model Checking Dynamic Datapaths Aurojit Panda, Katerina Argyraki, Scott Shenker UC Berkeley,

Model Checking Dynamic Datapaths Aurojit Panda, Katerina Argyraki, Scott Shenker UC Berkeley,

Model Checking Dynamic Datapaths Aurojit Panda, Katerina Argyraki, Scott Shenker UC Berkeley, ICSI, EPFL Networks: Not Just for Delivery Enforce a variety of invariants: Packet Isolation: Packets from A can not reach B Content

585 views • 42 slides
Expressions Holism vs. Reductionism In his Pulitzer-prizewinning book, Expressions computer

Expressions Holism vs. Reductionism In his Pulitzer-prizewinning book, Expressions computer

Eric Roberts Handout #15 CS 106A January 13, 2010 Expressions Holism vs. Reductionism In his Pulitzer-prizewinning book, Expressions computer scientist Douglas Hofstadter identifies two concepts holism and reductionism that turn out

87 views • 4 slides
Oryx: Emerging Python-based Web Platform for Antelope Dr.

Oryx: Emerging Python-based Web Platform for Antelope Dr.

Oryx: Emerging Python-based Web Platform for Antelope Dr. Kent Lindquist Lindquist Consulting, Inc. August 7, 2011 Taipei, Taiwan Lindquist

421 views • 28 slides

More recommend