verification and synthesis of security chains
play

Verification and Synthesis of Security Chains Stephan Merz joint - PowerPoint PPT Presentation

Feb 24, 2023 •624 likes •863 views

Verification and Synthesis of Security Chains Stephan Merz joint work with N. Schnepf, R. Badonnel, A. Lahmadi Inria & LORIA, Nancy, France IFIP Working Group 2.2 Vienna, September 2019 Stephan Merz Verification and Synthesis of Security

  1. Verification and Synthesis of Security Chains Stephan Merz joint work with N. Schnepf, R. Badonnel, A. Lahmadi Inria & LORIA, Nancy, France IFIP Working Group 2.2 Vienna, September 2019 Stephan Merz Verification and Synthesis of Security Chains WG 2.2, 2019-09 1 / 22

  2. Challenges Mobile equipments as attack platforms ◮ > 3M malicious applications on Google Play (G-Data, 2018) ◮ ubiquity of phones and tablets attracts attackers Safeguarding the network ◮ prevent attacks mounted from mobile terminals ◮ network infrastructure enables protective measures Programmable networks (SDN) ◮ allow for flexible network reconfiguration ◮ virtual routers deployed in a cloud infrastructure ◮ complex configuration rules are error-prone Stephan Merz Verification and Synthesis of Security Chains WG 2.2, 2019-09 2 / 22

  3. SDN Architecture Two layers of processing rules ◮ control plane: rules for forwarding packets to routers ◮ data plane: process packets, mostly based on header information Stephan Merz Verification and Synthesis of Security Chains WG 2.2, 2019-09 3 / 22

  4. Contents Background 1 Formal Verification of SDN Rules 2 Synthesis of Security Chains 3 Optimizing Chains for Deployment 4 Conclusions 5 Stephan Merz Verification and Synthesis of Security Chains WG 2.2, 2019-09 4 / 22

  5. SDN Programming and Verification Pyretic: a DSL for programming SDN controllers [Foster et al. 2013] ◮ higher-level programming abstractions, compiled to OpenFlow ◮ atomic rules: identity, drop, match, modify (plus some operators defined in libraries) ◮ sequential and parallel composition: ≫ , + match(dstip=127.93.256.*) ≫ ((match(port=4000) + match(port=5000)) ≫ drop) Existing work for verifying SDN rules ◮ data plane: Vericon [Ball et al. 2014] , FlowChecker [Shaer et al. 2010] , . . . ◮ control plane: Kinetic [Kim et al. 2015] Stephan Merz Verification and Synthesis of Security Chains WG 2.2, 2019-09 5 / 22

  6. Formal Verification of Control and Data Planes Encoding of Pyretic programs in SMTlib 1 ◮ represent addresses and ports by formal constants ◮ match, modify: equations on header fields ◮ ≫ , + represented as conjunction and disjunction ◮ drop: negate expression describing rejected packets ◮ properties express constraints about accepted / rejected traffic Encoding as nuXmv models 2 ◮ represent control flow as finite state machine ◮ constraints on headers processed in data plane ◮ express properties as LTL or CTL formulas Stephan Merz Verification and Synthesis of Security Chains WG 2.2, 2019-09 6 / 22

  7. Performance evaluation Varying size of control plane Varying width of data plane nuXmv is both expressive and fast Stephan Merz Verification and Synthesis of Security Chains WG 2.2, 2019-09 7 / 22

  8. Contents Background 1 Formal Verification of SDN Rules 2 Synthesis of Security Chains 3 Optimizing Chains for Deployment 4 Conclusions 5 Stephan Merz Verification and Synthesis of Security Chains WG 2.2, 2019-09 8 / 22

  9. Objectives Generate security chains for mobile applications ◮ observe the network traffic that an application generates ◮ represent the network behavior as a Markov chain ◮ synthesize an SDN program enforcing network policies Network traffic represented as flows ◮ information about packets for same destination ◮ ignore packet contents (often encrypted anyway) ◮ useful for detecting attacks (DoS, port scanning, botnets etc.) ◮ collect on device: associate flow with application ◮ existing data sets [CTU 2013, Flowoid] Stephan Merz Verification and Synthesis of Security Chains WG 2.2, 2019-09 9 / 22

  10. From Network Flows to Markov Chains States correspond to network destinations ◮ record which servers an application contacts ◮ aggregate IP addresses according to their orgname Transitions reflect successions of destinations ◮ record in which order destinations are visited ◮ transition probabilities according to frequency of visits Adaptation of techniques for process learning ◮ favorable comparison with existing tools (Synoptic, Invarimint) Stephan Merz Verification and Synthesis of Security Chains WG 2.2, 2019-09 10 / 22

  11. Example: Automaton for Pokemon Go Stephan Merz Verification and Synthesis of Security Chains WG 2.2, 2019-09 11 / 22

  12. Classify Application Behavior Detect potential malicious behavior ◮ basis: network behavior represented by Markov chain ◮ appeal to BGP ranking service: trustworthiness of destinations ◮ operator-defined thresholds for identifying attacks ◮ take into account application permissions (spyware) Encode classification rules as Horn clauses ◮ declarative representation for ease of modification ◮ basis for reasoning about properties of synthesized chains Example of classification rule dos ( a ) ← ∧ f ∈ t app ∧ a = f . dstaddr ∧ ( l f , p , l f ) ∈ T app ∧ p ≥ attack limit ∧ count ( a , l f ) ≥ ip limit ∧ avg interval ( l f ) ≤ min interval ∧ avg size ( l f ) ≤ min size Stephan Merz Verification and Synthesis of Security Chains WG 2.2, 2019-09 12 / 22

  13. Infer High-Level Representation of Security Chains (1) Determine which elementary rules should be deployed ◮ forward, block or limit the number of packets ◮ ensure that packets match protocol type (tcp, udp, http, . . . ) ◮ invoke filtering or deep packet inspection services deploy block ( a , pt ) ← botnet ( a , pt ) deploy limit ( a ) ← dos ( a ) deploy forward ( a ) ← ¬ worm ( a , pt ) ∧ ¬ botnet ( a , pt ) Define the effect of elementary rules on network traffic forward ( a , t ) = restrict ( t , λ pk : pk . dstaddr = a ) block ( a , pt , t ) = restrict ( t , λ pk : pk . dstaddr � = a ∧ pk . dstport � = pt ) limit ( a , t ) = cut ( forward ( a , t ) , ip limit ) Stephan Merz Verification and Synthesis of Security Chains WG 2.2, 2019-09 13 / 22

  14. Infer High-Level Representation of Security Chains (2) Group inferred rules into security functions stateless firewall ( t ) = � { forward ( a , t ) : deploy forward ( a ) , a ∈ A DDR } � { block ( a , pt , t ) : deploy block ( a , pt ) , a ∈ A DDR , pt ∈ P ORT } ⊕ ids ( t ) = � { limit ( a , t ) : deploy limit ( a ) , a ∈ A DDR } stateful firewall ( t ) = . . . Build chains from security functions dos chain = stateless firewall ≫ ids ≫ stateful firewall Properties of chains ensured by construction ◮ absence of loops and black holes ◮ shadowing freedom, coherence of single chains ◮ chains for different applications need not be coherent Stephan Merz Verification and Synthesis of Security Chains WG 2.2, 2019-09 14 / 22

  15. Evaluation of Generated Chains Method of evaluation ◮ 7000 network flows corresponding to 10 applications ◮ use 70% of each flow for generating the chains ◮ inject port scanning attack into remaining 30% application # dests. # rules avg. acc. disneyland 5 44 0.992 dropbox 17 311 0.997 faceswitch 30 425 0.812 lequipe 208 1640 0.518 meteo 90 716 0.837 ninegag 124 930 0.509 pokemongo 24 485 0.743 ratp 3 28 0.940 skype 442 6529 0.998 viber 176 4163 0.683 ⇒ Improve detection for applications whose destinations vary Stephan Merz Verification and Synthesis of Security Chains WG 2.2, 2019-09 15 / 22

  16. Contents Background 1 Formal Verification of SDN Rules 2 Synthesis of Security Chains 3 Optimizing Chains for Deployment 4 Conclusions 5 Stephan Merz Verification and Synthesis of Security Chains WG 2.2, 2019-09 16 / 22

  17. Combine Chains for Different Applications Must handle packets generated from different applications ◮ naive approach: parallel composition or joint learning � large chains, learning effort, risk of incoherence ◮ in practice, many chains have common elements Algorithm for merging security chains ◮ merge functions of same type (firewall, IDS, . . . ) ◮ combine the rules for these functions ◮ identify conflicting rules and choose between them Properties of combined chains ◮ absence of loops and black holes, shadowing freedom ◮ coherence of overall chains, but risk of loss of precision Stephan Merz Verification and Synthesis of Security Chains WG 2.2, 2019-09 17 / 22

  18. Experimental Evaluation Number of rules when composing chains Accuracy of attack detection unchanged ◮ no conflicting rules in our experiments Stephan Merz Verification and Synthesis of Security Chains WG 2.2, 2019-09 18 / 22

  19. Placement of Security Chains Assign rules to switches, forward packets according to chain ◮ preserve the order of rules within a chain ◮ respect capacities of switches and of interconnection network ◮ optimize for network utilization, service congestion, availability Encode the problem using (non-)linear integer programming ◮ aggregate destinations based on channel capacity ◮ aggregate switches into network paths ◮ constraints represent resource requirements of the chain ◮ objective functions express (normalized) optimization criteria ◮ use Simplex, MINLP, and optimizing SMT solvers Stephan Merz Verification and Synthesis of Security Chains WG 2.2, 2019-09 19 / 22

  20. Performance Evaluation Preliminary evaluation over crafted examples ◮ Simplex is robust to the number of destination aggregates . . . ◮ . . . but highly sensitive to number of network paths Stephan Merz Verification and Synthesis of Security Chains WG 2.2, 2019-09 20 / 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Synthesis, Verification, and Synthesis, Verification, and Inductive Learning Inductive Learning

Synthesis, Verification, and Synthesis, Verification, and Inductive Learning Inductive Learning

Synthesis, Verification, and Synthesis, Verification, and Inductive Learning Inductive Learning Sanjit A. Seshia EECS Department UC Berkeley Joint work with Susmit Jha (UTC) Dagstuhl Seminar Verified SW Working Group August 2014 July

661 views • 28 slides
Achieving Food Security in SSA through Food Value Chains Food Value Chains Annual Meeting 21 th

Achieving Food Security in SSA through Food Value Chains Food Value Chains Annual Meeting 21 th

Achieving Food Security in SSA through Food Value Chains Food Value Chains Annual Meeting 21 th - 24 th of September 2015 8th of June IFPRI, Washington GlobE Global Food Security of the German Ministries BMBF and BMZ Regional focus of the six

440 views • 28 slides
Verification and Synthesis of Reactive Programs Overview of System Synthesis. Amir Pnueli

Verification and Synthesis of Reactive Programs Overview of System Synthesis. Amir Pnueli

Lecture 1: Overview of System Synthesis A. Pnueli Lectures Outline Verification and Synthesis of Reactive Programs Overview of System Synthesis. Amir Pnueli Fair Discrete Systems and their Computations. Model Checking Invariance and

309 views • 19 slides
Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of

Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of

Synthesis of Ranking Functions and Synthesis of Inductive Invariants and Synthesis of Recurrence Sets via Constraint Solving Andreas Podelski January 17, 2012 1 Program Verification and Constraints Reasoning about program

422 views • 28 slides
From Program Verification to Program Synthesis Overview Jaak Ristioja March 30, 2010 1 / 91

From Program Verification to Program Synthesis Overview Jaak Ristioja March 30, 2010 1 / 91

From Program Verification to Program Synthesis Overview Jaak Ristioja March 30, 2010 1 / 91 Reference From Program Verification to Program Synthesis. @ POPL10; January 17-23, 2010 Saurabh Srivastava , University of Maryland, College Park

1.21k views • 91 slides
Verilog Synthesis and Formal Verification with Yosys Clifford Wolf Easterhegg 2016 Overview A)

Verilog Synthesis and Formal Verification with Yosys Clifford Wolf Easterhegg 2016 Overview A)

Verilog Synthesis and Formal Verification with Yosys Clifford Wolf Easterhegg 2016 Overview A) Quick introduction to HDLs, digital design flows, ... B) Verilog HDL Synthesis with Yosys 1. OSS iCE40 FPGA Synthesis flow 2. Xilinx

671 views • 55 slides
Open Source HDL Synthesis and Verification with Yosys Clifford Wolf Abstract Yosys (Yosys Open

Open Source HDL Synthesis and Verification with Yosys Clifford Wolf Abstract Yosys (Yosys Open

Open Source HDL Synthesis and Verification with Yosys Clifford Wolf Abstract Yosys (Yosys Open Synthesis Suite) is an open source project aiming at creating a fully-featured HDL synthesis tool, and more. Lately a lot of features related to

302 views • 28 slides
Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal Verification Yosys-STMBMC iCE40 FPGAs Bounded Model Checking (Project IceStorm) Using any SMT-LIB2 solver (using QF_AUFBV logic) Xilinx

706 views • 56 slides
Achieving Food Security in SSA through Food Value Chains Food Value Chains IFPRI Policy Seminar

Achieving Food Security in SSA through Food Value Chains Food Value Chains IFPRI Policy Seminar

Achieving Food Security in SSA through Food Value Chains Food Value Chains IFPRI Policy Seminar 8 th of June 2015 8th of June IFPRI, Washington GlobE Global Food Security of the German Ministries BMBF and BMZ GlobE Global Food Security

478 views • 29 slides
Verification and Synthesis of Symmetric Uni-Rings for Leads-To Properties Ali Ebnenasir

Verification and Synthesis of Symmetric Uni-Rings for Leads-To Properties Ali Ebnenasir

Verification and Synthesis of Symmetric Uni-Rings for Leads-To Properties Ali Ebnenasir aebnenas@mtu.edu Department of Computer Science College of Computing Michigan Technological University Houghton MI 49931 http://asd.cs.mtu.edu/

584 views • 56 slides
Network verification and synthesis CSE 599N1 Sep 25, 2019 Who are we? Ratul Mahajan UW

Network verification and synthesis CSE 599N1 Sep 25, 2019 Who are we? Ratul Mahajan UW

Network verification and synthesis CSE 599N1 Sep 25, 2019 Who are we? Ratul Mahajan UW MSR Intentionet UW One of the first paper was Understanding BGP misconfiguration (2002) Ryan Beckett Princeton MSR

834 views • 23 slides
Syntax-Guided Synthesis Rajeev Alur University of Pennsylvania 1 Program Verification Program

Syntax-Guided Synthesis Rajeev Alur University of Pennsylvania 1 Program Verification Program

Syntax-Guided Synthesis Rajeev Alur University of Pennsylvania 1 Program Verification Program P Specification S Verifier Proof of correctness or Witness of a bug 2 Classical Program Synthesis Specification S High Level WHAT

1.28k views • 59 slides
KAIROS: Incremental Verification in High-Level Synthesis through Latency-Insensitive Design Luca

KAIROS: Incremental Verification in High-Level Synthesis through Latency-Insensitive Design Luca

ACM FMCAD, San Jose, USA KAIROS: Incremental Verification in High-Level Synthesis through Latency-Insensitive Design Luca Piccolboni, Giuseppe Di Guglielmo, and Luca P. Carloni Columbia University, NY, USA High-Level Synthesis (HLS)

838 views • 52 slides
Symbolic verification of cryptographic protocols using Tamarin Part 3 : Security Properties and

Symbolic verification of cryptographic protocols using Tamarin Part 3 : Security Properties and

Symbolic verification of cryptographic protocols using Tamarin Part 3 : Security Properties and Algorithmic Verification David Basin ETH Zurich Summer School on Verification Technology, Systems & Applications Nancy France August 2018

1.23k views • 78 slides
Verification Verification, Performance Performance Analysis Performance Performance Analysis

Verification Verification, Performance Performance Analysis Performance Performance Analysis

Verification Verification, Performance Performance Analysis Performance Performance Analysis Analysis and Analysis and Synthesis Synthesis of Embedd f E E b dd d S b dded Sys ystems t ems Kim G. Larsen Kim G. Larsen Aalborg

1.44k views • 116 slides
SMT Solvers for Verification and Synthesis Andrew Reynolds VTSA Summer School August 1 and 3,

SMT Solvers for Verification and Synthesis Andrew Reynolds VTSA Summer School August 1 and 3,

SMT Solvers for Verification and Synthesis Andrew Reynolds VTSA Summer School August 1 and 3, 2017 Acknowledgements Thanks to past and present members of development team of CVC4: Cesare Tinelli, Clark Barrett, Tim King, Morgan Deters,

720 views • 24 slides
Syntax-Guided Program Synthesis Rajeev Alur University of Pennsylvania 1 Goal: Programming

Syntax-Guided Program Synthesis Rajeev Alur University of Pennsylvania 1 Goal: Programming

Syntax-Guided Program Synthesis Rajeev Alur University of Pennsylvania 1 Goal: Programming computers easier than communicating with people Can programming be liberated, period. David Harel, IEEE Computer, 2008 Enabling Technologies More

676 views • 41 slides
Forth, The New Synthesis: Growing Forth with preForth and s eedForth T H E D I C T I O N A R Y 1

Forth, The New Synthesis: Growing Forth with preForth and s eedForth T H E D I C T I O N A R Y 1

Forth, The New Synthesis: Growing Forth with preForth and s eedForth T H E D I C T I O N A R Y 1 5 What happens when you try to execute a word that is not in the dictionary? Enter this and see what happens: Ulrich Hoffmann XLERB ? XLERB uho@

300 views • 17 slides
Parameter-Synthesis Problems for One-Counter Automata Guillermo A. P erez (slides by Ritam

Parameter-Synthesis Problems for One-Counter Automata Guillermo A. P erez (slides by Ritam

Parameter-Synthesis Problems for One-Counter Automata Guillermo A. P erez (slides by Ritam Raha) INFINITY 2020 Outline 1. One-Counter Automata (Parametric) and Synthesis Problem 2. Previous Approach 3. Approach with Alternating Two-Way

1.33k views • 87 slides
Adapted Deep Embeddings: A Synthesis of Methods for ! -Shot Inductive Transfer Learning Tyler R.

Adapted Deep Embeddings: A Synthesis of Methods for ! -Shot Inductive Transfer Learning Tyler R.

Adapted Deep Embeddings: A Synthesis of Methods for ! -Shot Inductive Transfer Learning Tyler R. Scott 1,2 , Karl Ridgeway 1,2 , Michael C. Mozer 1,3 1 University of Colorado, Boulder 2 Sensory Inc. 3 Presently at Google Brain Inductive Transfer

196 views • 16 slides
Markov chain Monte Carlo population synthesis of single radio pulsars in the Galaxy Marek

Markov chain Monte Carlo population synthesis of single radio pulsars in the Galaxy Marek

Markov chain Monte Carlo population synthesis of single radio pulsars in the Galaxy Marek Cielar 1 , Tomasz Bulik 1 , Stefan Osowski 2,3,4 1. Astronomical Observatory, Univeristy of Warsaw Al. Ujazdowskie 4 00-478 Warsaw, Poland 2. Centre

627 views • 24 slides
Collaborative View Synthesis for Interactive Multi-view Video Streaming Fei Chen, Jiangchuan

Collaborative View Synthesis for Interactive Multi-view Video Streaming Fei Chen, Jiangchuan

Collaborative View Synthesis for Interactive Multi-view Video Streaming Fei Chen, Jiangchuan Liu, Yuan Zhao , Edith Cheuk-Han Ngai Outline Background System Description View Synthesis Collaboration Strategy View Synthesis

201 views • 17 slides
Using discrete controller synthesis for fault-tolerant distributed systems Alain Girault,

Using discrete controller synthesis for fault-tolerant distributed systems Alain Girault,

Using discrete controller synthesis for fault-tolerant distributed systems Alain Girault, Eric Rutten POP ART, INRIA Rh one-Alpes Alain.Girault@inrialpes.fr , Eric.Rutten@inrialpes.fr , www.inrialpes.fr/pop-art Using discrete controller

1.02k views • 79 slides
Non-Linear Reasoning for Invariant Synthesis Zachary Kincaid 1 John Cyphert 2 Jason Breck 2 Thomas

Non-Linear Reasoning for Invariant Synthesis Zachary Kincaid 1 John Cyphert 2 Jason Breck 2 Thomas

January 12, 2018 @ 15:50 Non-Linear Reasoning for Invariant Synthesis Zachary Kincaid 1 John Cyphert 2 Jason Breck 2 Thomas Reps 2 , 3 1 Princeton University 2 University of Wisconsin-Madison 3 GrammaTech, Inc The problem: generating non-linear

767 views • 51 slides

More recommend