firenet phd semester project
play

Firenet PhD semester project Jingyue Zhao Supervisors: Prof. Bryan - PowerPoint PPT Presentation

Dec 04, 2023 •40 likes •340 views

Firenet PhD semester project Jingyue Zhao Supervisors: Prof. Bryan Ford, Prof. Katerina Argyraki Network Management 1 Network Management 2 Network Management 3 Motiv ivation Long-term goal: a transparent and secure decentralized

  1. Firenet – PhD semester project Jingyue Zhao Supervisors: Prof. Bryan Ford, Prof. Katerina Argyraki

  2. Network Management 1

  3. Network Management 2

  4. Network Management 3

  5. Motiv ivation • Long-term goal: a transparent and secure decentralized network management scheme for large-scale networks. • Decisions of each administrator  direct or indirect impacts on other parts of network. • Admins can be compromised  disaster of the entire network. 4

  6. System Model • A single small group of administrators make network policies together. • Follower routers correspond to SDN controllers which deploy the network policies. • Each network policy needs to be checked and approved by a threshold of admins to avoid careless or malicious actions. Follower routers Admins 5

  7. System Model • A single small group of administrators make network policies together. • Follower routers correspond to SDN controllers which deploy the network policies. • Each network policy needs to be checked and approved by a threshold of admins to avoid careless or malicious actions. Follower routers How to make the policy making process transparent and secure? Admins 6

  8. System Model • A single small group of administrators make network policies together. • Follower routers correspond to SDN controllers which deploy the network policies. • Each network policy needs to be checked and approved by a threshold of admins to avoid careless or malicious actions. Follower routers Cothority Admins 7

  9. Cothority • Collective authority: a set of witness servers called conodes that collectively execute decentralized protocols • Provide services: collective signing (CoSi [1]), Byzantine agreement, or generation of public-randomness Cothority [1] Syta E, Tamas I, Visher D, et al. Keeping authorities" honest or bust" with decentralized witness cosigning[C]//Security and Privacy (SP), 2016 IEEE Symposium on. Ieee, 2016: 526-545. 8

  10. Threat Model • Network administrators: make and approve network policies • Malicious: propose or approve bad policies; only a threshold of admins can be compromised by an attacker • Cothority (witness servers): check and track admins’ p olicy making process • Honest • Follower routers: pull and deploy the network policies periodically • Honest Follower routers Cothority Admins 9

  11. Design of f Fir irenet Step 1: admins’ approval Key 1 Follower routers Key 2 Network policy Key 3 Key 4 Admins 10

  12. Design of f Fir irenet Step 1: admins’ approval Key 1 Follower routers Key 2 Network policy Admin signatures Key 3 Key 4 Admins 11

  13. Design of f Fir irenet Step 1: admins’ approval Key 1 Follower routers Network policy Key 2 Config file Admin signatures Key 3 Key 4 Admins 12

  14. Design of f Fir irenet Step 1: admins’ approval Key 1 Follower routers Network policy Key 2 Config file Admin signatures Key 3 Verify admins’ Key 4 signatures & Admins deploy the policy 13

  15. Design of f Fir irenet Step 2: cothority’s approval check and collective signing Follower routers Network policy Config file Admin signatures Cothority Admins For now, the check is done by one server in the cothority, and we can design a protocol to distribute the workload. 14

  16. Design of f Fir irenet Step 2: cothority’s approval check and collective signing (using CoSi [1]) Follower routers Network policy Network policy Config file Config file Admin signatures Collective signature Cothority Admins [1] Syta E, Tamas I, Visher D, et al. Keeping authorities" honest or bust" with decentralized witness cosigning[C]//Security and Privacy (SP), 2016 IEEE Symposium on. Ieee, 2016: 526-545. 15

  17. Design of f Fir irenet Step 2: cothority’s approval check and collective signing Follower routers Network policy Network policy Config file Config file Admin signatures Collective signature Verify one single co-signature & Cothority deploy the policy Admins 16

  18. Design of f Fir irenet Step 3: cothority’s appending the new policy to the chain (using Skipchain[2]) 2 1 Block hash Block hash Network policy Config file Network policy Network policy Network policy Config Config Config Previous block hash Collective signature Collective signature Collective signature Admin signatures Random ID Previous block hash Cothority Admins Follower routers [2] Nikitin K, Kokoris-Kogias L, Jovanovic P, et al. CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds[J]. 2017. 17

  19. Design of f Fir irenet Step 3: cothority’s appending the new policy to the chain 2 1 Block hash Block hash Network policy Network policy Network policy Config Config Config Collective signature Collective signature Collective signature Random ID Previous block hash Cothority Admins Follower routers 3 Block hash Network policy Config Collective signature Previous block hash 18

  20. Design of f Fir irenet Step 3: cothority’s appending the new policy to the chain 2 1 Block hash Block hash 3 Block hash Network policy Network policy Network policy Network policy Config Config Config Config Collective signature Collective signature Collective signature Collective signature Random ID Previous block hash Previous block hash Cothority Admins Follower routers 19

  21. Design of f Fir irenet Step 3: cothority’s appending the new policy to the chain 2 1 Block hash Block hash 3 Block hash Network policy Network policy Network policy Network policy Config Config Config Config Collective signature Collective signature Collective signature Collective signature Random ID Previous block hash Previous block hash Cothority Admins Follower routers 20

  22. Fir irenet in 1 slide 2 1 Block hash Block hash 3 Block hash Network policy Config file Network policy Network policy Network policy Network policy Config Config Config Config Previous block hash Collective signature Collective signature Collective signature Collective signature Admin signatures Random ID Previous block hash Previous block hash Step 1: Admins’ Step 3: Step 2: policy proposal Cothority’s appending Cothority’s approval & approval Cothority check & co-signature new policy to the chain Admins Follower routers Step 4: Follower routers’ downloading, verifying & deploying the latest policy periodically 21

  23. Network Policy Description Language • Based on Linux iptables • One network policy consists of several network rules • One policy is self-sufficient • JSON object Network rule Property Value Network policy Matches Chain INPUT, OUTPUT, FORWARD Protocol TCP, UDP, ICMP, ALL Property Value Source IP/network x.x.x.x, x.x.x.x/x, ALL Policy description string Source ports Port number(s) Number of network rules int Destination x.x.x.x, x.x.x.x/x, ALL An array of network rules Network rule 1 IP/network Network rule 2 Destination ports Port number(s) … Action ACCEPT, DROP, REJECT Network rule n 22

  24. Im Implementation • Firenet is implemented in Go • Based on the Cothority framework, using CoSi and Skipchain • 1.3kLOC • Main functions with APIs • Genesis Policy Request • New Policy Request • Get Policy Request • Verify Policy Request 23

  25. Evaluation Testbed: 32-core Intel Xeon CPU at 2.6 GHz with 66GB of RAM (one server of IC cluster) Maximum 0.18 sec for 100 admins Maximum 20.8 sec for 128 conodes 24

  26. Evaluation Time cost component Genesis policy CPU time component (50 admins, 128 conodes) New policy CPU time component (50 admins, 128 conodes) ApprovalCheck CoSign CoSign ApprovalCheck 0% 8% 20% 0% others 0% CreateBlock others 0% 0% StoreBlock 92% CreateBlock 80% ApprovalCheck CoSign CreateBlock others ApprovalCheck CoSign CreateBlock StoreBlock others 25

  27. Compared to SDN • Follower routers can be seen as SDN controllers • Security-enhanced SDN application layer • Easy to rollback to a previous correct network configuration 26 [3] https://www.sdxcentral.com/sdn/definitions/inside-sdn-architecture/

  28. Future Work • Performance evaluation & analysis • Tendency and limit • Bandwidth • Time cost vs number of policies • Protocol improvement • Multiple groups of admins • Hierarchical network policy 27

  29. Thank you! 28

  30. Im Implementation Return the latest policy & Validate the new policy block & validate its co-signature append it to the chain NM NM NM NM NM FR APP service APP service service service Genesis Policy Request, NM APP New Policy Request FR APP (leader) Get Policy Request, Calling Cosi + Skipchain API Verify Policy Request NM FR APP Protocols APP pull push admins follower routers Network policy skipchain conodes 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

INTERNATIONAL SEMESTER @HOWEST - BELGIUM TOURISM, PROJECT MANAGEMENT & STORYTELLING

INTERNATIONAL SEMESTER @HOWEST - BELGIUM TOURISM, PROJECT MANAGEMENT & STORYTELLING

INTERNATIONAL SEMESTER @HOWEST - BELGIUM TOURISM, PROJECT MANAGEMENT & STORYTELLING INTERNATIONAL SEMESTER @HOWEST - BELGIUM Number of students: +- 6000 -> 4 campuses in Bruges 4 in Kortrijk Education programmes: Social worker

373 views • 34 slides
Class 9 Review; questions Discussion of Semester Project Arbitrary interprocedural

Class 9 Review; questions Discussion of Semester Project Arbitrary interprocedural

Class 9 Review; questions Discussion of Semester Project Arbitrary interprocedural control flow Assign (see Schedule for links) Readings on pointer analysis Problem Set 5: due 9/22/09 Project proposal

303 views • 17 slides
X-ray micro-CT based 3D structure Semester project Final presentation Olivier Schpfer

X-ray micro-CT based 3D structure Semester project Final presentation Olivier Schpfer

Modelling the deformation of an X-ray micro-CT based 3D structure Semester project Final presentation Olivier Schpfer EPFL GC MA3 Project objective From an existing sample to a numerical model to use with the software

840 views • 61 slides
Why? Not always lots of RA opportunities in our laboratory from semester to semester.

Why? Not always lots of RA opportunities in our laboratory from semester to semester.

Why? Not always lots of RA opportunities in our laboratory from semester to semester. Provide opportunity for awesome students who applied or from recent classes to gain some experiences. To translate some cognitive science into

219 views • 10 slides
Semester projects Semester projects Semester projects Semester projects Principles of Complex

Semester projects Semester projects Semester projects Semester projects Principles of Complex

PoCS | @pocsvox PoCS | @pocsvox Semester projects Semester projects Semester projects Semester projects Principles of Complex Systems | @pocsvox The Plan The Plan CSYS/MATH 300, Fall, 2013 | #FallPoCS2013 Suggestions for Suggestions for

319 views • 10 slides
Main Semester-Long Project Problem Interesting to you Some prospect of being useful

Main Semester-Long Project Problem Interesting to you Some prospect of being useful

Projects Main Semester-Long Project Problem Interesting to you Some prospect of being useful broadly Neednt be new but may have a new twist on an old problem Envisioned software artifacts Underlying sources of knowledge

73 views • 5 slides
Presentation of Final Year Project Semester 2 Session 20192020 19 May 2020 Introduction This

Presentation of Final Year Project Semester 2 Session 20192020 19 May 2020 Introduction This

Presentation of Final Year Project Semester 2 Session 20192020 19 May 2020 Introduction This document outlines the presentation for both PSM1 and PSM2, and the hardbound thesis submission for PSM2 for Semester 2 of Session 20192020. This

243 views • 3 slides
Project Ideas Semester long projects of medium scope TAs presenting project ideas today

Project Ideas Semester long projects of medium scope TAs presenting project ideas today

Project Ideas Semester long projects of medium scope TAs presenting project ideas today Students can submit their own ideas Send to cs161projectidea@gmail.com To be approved by staff Short presentation of approved ideas this

355 views • 31 slides
CSE 416, Section 1 Semester Project Discussion Session Objectives Understand issues and

CSE 416, Section 1 Semester Project Discussion Session Objectives Understand issues and

Session 2 Project Overview CSE 416, Section 1 Semester Project Discussion Session Objectives Understand issues and terminology used in US congressional redistricting and voting analysis Understand data requirements to support voting

608 views • 14 slides
SEMESTER PROJECT Design and implementation of a force/torque sensor for a quadruped robot

SEMESTER PROJECT Design and implementation of a force/torque sensor for a quadruped robot

SEMESTER PROJECT Design and implementation of a force/torque sensor for a quadruped robot Supervisers : Rico Mckel Alexander Sproewitz Prof. : Auke Jan Ijspeert Nicolas Sommer, master MT 14/04/2011 PRESENTATION OUTLINE Cheetah

342 views • 13 slides
SEMESTER PROJECT Design and implementation of a force/torque sensor for a quadruped robot

SEMESTER PROJECT Design and implementation of a force/torque sensor for a quadruped robot

SEMESTER PROJECT Design and implementation of a force/torque sensor for a quadruped robot Supervisers : Alexander Sprwitz Rico Mckel Prof. : Auke Jan Ijspeert Nicolas Sommer, master MT 20/06/2011 PRESENTATION OUTLINE Introduction

630 views • 15 slides
Modular Exponentiation In the browser !? P.h.D. semester project, 2017. Supervised by Bryan Ford

Modular Exponentiation In the browser !? P.h.D. semester project, 2017. Supervised by Bryan Ford

Modular Exponentiation In the browser !? P.h.D. semester project, 2017. Supervised by Bryan Ford (DEDIS) and Thomas Hofer (DGSI). 1 Background The digital world takes an overwhelming part in our daily life. Voting is still paper-based and

215 views • 19 slides
Semester Project COOLANT FLOW SYSTEM Design- Preliminary Preliminarily the design had the

Semester Project COOLANT FLOW SYSTEM Design- Preliminary Preliminarily the design had the

Semester Project COOLANT FLOW SYSTEM Design- Preliminary Preliminarily the design had the pumps located above the tanks which caused cavitation issues. We started with fill rates that were way too fast using pipes that were extremely

450 views • 10 slides
Improvements to DKG for use in a real-world setting An EPFL IN Semester Project 23.01.2018

Improvements to DKG for use in a real-world setting An EPFL IN Semester Project 23.01.2018

Improvements to DKG for use in a real-world setting An EPFL IN Semester Project 23.01.2018 Student: Cedric Cook Lab: DEDIS - EPFL Supervisor: Nicolas Gailly Professor: Bryan Ford 1 Outline Motivation Problem Statement Setting Solution

325 views • 20 slides
CSE 416, Section 1 Semester Project Approach Session Objectives Understand the analysis

CSE 416, Section 1 Semester Project Approach Session Objectives Understand the analysis

Session 3 Project Approach CSE 416, Section 1 Semester Project Approach Session Objectives Understand the analysis approach taken by MGGG in their analysis of the effects of racial Gerrymandering in the Virginia House of Delegates

774 views • 9 slides
MSc Project Presentation, TEZPUR UNIVERSITY MSc 4th Semester, 2017(January - May) Presentation

MSc Project Presentation, TEZPUR UNIVERSITY MSc 4th Semester, 2017(January - May) Presentation

See discussions, stats, and author profiles for this publication at: https://www.researchgate.net/publication/327765023 MSc Project Presentation, TEZPUR UNIVERSITY MSc 4th Semester, 2017(January - May) Presentation September 2018 CITATIONS

688 views • 20 slides
I-Refi Presentation IHDA Team 2 Offers up to $50,000 in refinance assistance 3 U P TO

I-Refi Presentation IHDA Team 2 Offers up to $50,000 in refinance assistance 3 U P TO

1 I-Refi Presentation IHDA Team 2 Offers up to $50,000 in refinance assistance 3 U P TO $50,000 FOR PRINCIP AL CUR TAILMENT AND REFINANCE 3- YEAR FORGIVENESS PERIOD TE AND TERM REFINANCED TO 30 YEAR FIXED 1 ST R A MOR TGAGE

205 views • 19 slides
Sanofi eContract A new tool developed by Icer1s allowing to elaborate, approve, sign and store

Sanofi eContract A new tool developed by Icer1s allowing to elaborate, approve, sign and store

Sanofi eContract A new tool developed by Icer1s allowing to elaborate, approve, sign and store contracts, but also a new process built around the role of Contract Specialist 2 years ago, Sanofi decided to launch an ambitious transformation

105 views • 8 slides
To enhance compliance and help providers reduce the risk of receiving an overpayment. Objectives

To enhance compliance and help providers reduce the risk of receiving an overpayment. Objectives

2/25/2020 Provider Webinar, February 12, 2019 Joy Chestnut, Program Integrity Investigator 1 To enhance compliance and help providers reduce the risk of receiving an overpayment. Objectives Where do I find the rules for service notes?

344 views • 8 slides
Interim Results Presentation 6 Months to 31 December 2006 Tuesday 6 March 2007 Robert Jones

Interim Results Presentation 6 Months to 31 December 2006 Tuesday 6 March 2007 Robert Jones

Interim Results Presentation 6 Months to 31 December 2006 Tuesday 6 March 2007 Robert Jones Chairman Agenda Introduction Robert Jones Strategy for Growth Neil Fitzsimmons H1 06/07 Financials David Arnold Markets and

749 views • 60 slides
Workflow Plus Signature Capture Tool for Synergy Enterprise What is This Tool ? This tool

Workflow Plus Signature Capture Tool for Synergy Enterprise What is This Tool ? This tool

Workflow Plus Signature Capture Tool for Synergy Enterprise What is This Tool ? This tool allows 10 signatures to be captured within a single workflow request Example How Can I Use This Tool ? Create a workflow, and in the definition

247 views • 8 slides
Measure N High School Signature Projects Staff Recommendation 1 Tonights Agenda

Measure N High School Signature Projects Staff Recommendation 1 Tonights Agenda

Measure N High School Signature Projects Staff Recommendation 1 Tonights Agenda Signature Project process Forums Identifying No. 1 projects & cost estimates Recommendation factors 4-Phase approach 2 Measure N

488 views • 14 slides
Signature Resources Ltd. TSXV - SGU OTCQB - SGGTF Corporate Presentation Historic Lingman Lake

Signature Resources Ltd. TSXV - SGU OTCQB - SGGTF Corporate Presentation Historic Lingman Lake

Signature Resources Ltd. TSXV - SGU OTCQB - SGGTF Corporate Presentation Historic Lingman Lake HIGH GRADE Gold Mine; Now Under Development January 2019 2019 1 High Grade Gold Exploration in Canada Signature Resources Ltd. OPPORTUNITY TSXV

634 views • 31 slides
UPDATED ELECTRONIC CLAIM FORM PROCESS UPDATED ELECTRONIC CLAIM FORM PROCESS Paperless

UPDATED ELECTRONIC CLAIM FORM PROCESS UPDATED ELECTRONIC CLAIM FORM PROCESS Paperless

UPDATED ELECTRONIC CLAIM FORM PROCESS UPDATED ELECTRONIC CLAIM FORM PROCESS Paperless Claimants Attorneys complete and submit entry of appearance along with the C-1 form. This MUST MUST be done by logging into WFMS as a subscribing

482 views • 12 slides

More recommend