verifiedscion verified secure routing
play

verifiedSCION: Verified Secure Routing Peter Mller Joint work with - PowerPoint PPT Presentation

Dec 04, 2022 •199 likes •294 views

verifiedSCION: Verified Secure Routing Peter Mller Joint work with the verifiedSCION Team at ETH Security and Correctness Protocol-level properties - Path validity : Constructed paths are valid and reflect the routing decisions by on-path

  1. verifiedSCION: Verified Secure Routing Peter Müller Joint work with the verifiedSCION Team at ETH

  2. Security and Correctness § Protocol-level properties - Path validity : Constructed paths are valid and reflect the routing decisions by on-path ASes - Path authorization : Packets travel only along previously authorized paths - Detectability : An active attacker cannot hide their presence on the path § Code-level properties - Safety : No run-time errors - Correctness : Routers and servers implement protocol correctly - Progress : Required I/O happens eventually - Backdoor freedom : Code does not leak information about crypto keys 2

  3. Formal end-to-end verification of security and correctness

  4. Mathematical model Mathematical model of entire network of border router Refinement Equivalence Verification Router specification Router implementation 4

  5. Protocol Verification Design model Stepwise refinement System: Border router § Prove properties of most abstract model § Each refinement - Incorporates additional system requirements - Preserves properties of more-abstract system Environment: Network § Strategy: strengthen attacker while Attacker increasing security features 5

  6. Program Verification Verified properties ü § No run-time errors § Termination Specification: What is the intended § Functional properties behavior? û § I/O behavior § Progress § Backdoor freedom Program: How is the behavior achieved? 6

  7. Status and Milestones Key results Upcoming milestones § Theory & technology § Q4/19 - Program verification techniques - Basic Go verifier - Integration of protocol and program § Q2/20 verification - Formal model of control plane - Formal model of bandwidth § Proof of concept reservation - Verification of packet forwarding - Verification of packet forwarding - Verification of path authorization and § Q4/20 detectability - Full-fledged Go verifier - Verification of parts of the Python prototype 7

  8. Conclusion § IP implementations are complex and large - They inevitably have both design and code-level bugs - Some of these bugs can be exploited by attackers § The design of Scion enables formal verification of protocol and code § Verification provides unprecedented guarantees to ISPs and end users - Functional correctness - Availability - Security, in particular, backdoor freedom 8

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research & Boston University y Michael Schapira

701 views • 54 slides
Verified Secure Routing David Basin ETH Zurich EPFL, Summer Research Institute June 2017

Verified Secure Routing David Basin ETH Zurich EPFL, Summer Research Institute June 2017

Verified Secure Routing David Basin ETH Zurich EPFL, Summer Research Institute June 2017 Team Members Verification Team Scion Design & Development Team Information Security David Basin Tobias

696 views • 55 slides
Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure

Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure

Cryptographic Approaches for Securing Routing Protocols Adrian Perrig perrig@cmu.edu Why Secure Routing? Current routing protocols assume trusted environment! Even misconfigurations severely disrupt Internet routing Secure routing

245 views • 22 slides
Secure Routing for Mobile Ad hoc Networks Panagiotis Papadimitratos & Zygmunt J. Haas

Secure Routing for Mobile Ad hoc Networks Panagiotis Papadimitratos & Zygmunt J. Haas

Secure Routing for Mobile Ad hoc Networks Panagiotis Papadimitratos & Zygmunt J. Haas Presented by Leland Smith CS 6204, Spring 2005 1 Overview What are MANETs? Motivation Secure Routing Protocol Protocol Description

560 views • 15 slides
Towards an Open-Source, Formally-Verified Secure Processor Srini Devadas Massachusetts

Towards an Open-Source, Formally-Verified Secure Processor Srini Devadas Massachusetts

Towards an Open-Source, Formally-Verified Secure Processor Srini Devadas Massachusetts Institute of Technology Architectural Isolation of Processes Fundamental to maintaining correctness and privacy! 2 Performance Dictates

959 views • 43 slides
Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint

Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint

Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint work with: Ivan De Oliveira Nunes 1 , Karim Eldefrawy 2 , Norrathep Rattanavipanon 1 University of California Irvine 1 , SRI International 2 1 In

847 views • 48 slides
Why dont we have a Secure and Trusted Inter-Domain Routing System? Geoff Huston, APNIC Why

Why dont we have a Secure and Trusted Inter-Domain Routing System? Geoff Huston, APNIC Why

Why dont we have a Secure and Trusted Inter-Domain Routing System? Geoff Huston, APNIC Why do we keep seeing these headlines? 1. The Meta Goal Can we devise changes to operational practices, or operational tools or routing technologies

572 views • 15 slides
Verified seL4 on Secure RISC-V Processors and Other News in seL4 Land Gernot Heiser |

Verified seL4 on Secure RISC-V Processors and Other News in seL4 Land Gernot Heiser |

Verified seL4 on Secure RISC-V Processors and Other News in seL4 Land Gernot Heiser | gernot.heiser@data61.csiro.au | @GernotHeiser LCA, Gold Coast, QLD, 2020-01-15 https://trustworthy.systems What is seL4? A 30-Year Dream 3 | LCA |

886 views • 36 slides
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures C. Karlof and D. Wagner

Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures C. Karlof and D. Wagner

T-79.194 Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures C. Karlof and D. Wagner presentation by Maarit Hietalahti Helsinki University of Technology Laboratory for Theoretical Computer Science

298 views • 14 slides
Perfect Imitation and Secure Asymmetry for Decoy Routing Systems with Slitheen Cecylia Bocovich

Perfect Imitation and Secure Asymmetry for Decoy Routing Systems with Slitheen Cecylia Bocovich

Perfect Imitation and Secure Asymmetry for Decoy Routing Systems with Slitheen Cecylia Bocovich Ian Goldberg 20 June 2017 EPFL Summer Research Institute Censorship Censors may monitor, alter or block traffic that enters or leaves their area

909 views • 53 slides
On the Implementation Code of the Secure Mesh Routing Protocol PASER in OMNeT++: The Big Picture

On the Implementation Code of the Secure Mesh Routing Protocol PASER in OMNeT++: The Big Picture

International Workshop on OMNeT++ Code Contribution On the Implementation Code of the Secure Mesh Routing Protocol PASER in OMNeT++: The Big Picture Mohamad Sbeiti and Christian Wietfeld 05.03.2013 Faculty of Electrical and Computing

463 views • 7 slides
Secure Routing with RPKI: Status, Challenges and the Smart-Validator Amir Herzberg Univ of

Secure Routing with RPKI: Status, Challenges and the Smart-Validator Amir Herzberg Univ of

Secure Routing with RPKI: Status, Challenges and the Smart-Validator Amir Herzberg Univ of Connec2cut, Bar Ilan Univ, Fraunhofer SIT Joint project with Tomas Hlavacek, Yafim Kazak, Rafi Peretz, Fabian Sauer and Haya Shulman Route-Hijacking:

687 views • 36 slides
4.3 Routing protocols We first look at Routing Tables and routing mechanisms. A routing table has

4.3 Routing protocols We first look at Routing Tables and routing mechanisms. A routing table has

4.3 Routing protocols We first look at Routing Tables and routing mechanisms. A routing table has columns for the destination network (or hosts) with the corresponding cost and the next router address to reach a destination. Additional

1.08k views • 84 slides
Landmark Landmark-based routing based routing Landmark Landmark-based routing based routing

Landmark Landmark-based routing based routing Landmark Landmark-based routing based routing

Landmark Landmark-based routing based routing Landmark Landmark-based routing based routing [Kleinberg04] J. Kleinberg, A. Slivkins, T. Wexler. Triangulation and Embedding using Small Sets of Beacons. Proc. 45th IEEE Symposium on Foundations of

450 views • 32 slides
Secure Geographical Routing Vivek Pathak and Liviu Iftode Location Authenticating

Secure Geographical Routing Vivek Pathak and Liviu Iftode Location Authenticating

Secure Geographical Routing Vivek Pathak and Liviu Iftode Location Authenticating geographical location False Location Attacks Motivations Economic Benefit of misreporting location Strategic Battlefield Privacy

481 views • 37 slides
Scalable Routing Outline Routing Algorithms Scalability 1 Overview Forwarding vs Routing

Scalable Routing Outline Routing Algorithms Scalability 1 Overview Forwarding vs Routing

Scalable Routing Outline Routing Algorithms Scalability 1 Overview Forwarding vs Routing forwarding: to select an output port based on destination address and routing table routing: process by which routing table is built

543 views • 13 slides
C Session # 8 By: Saeed Haratian Fall 2015 Outlines Counter-Controlled Repetition

C Session # 8 By: Saeed Haratian Fall 2015 Outlines Counter-Controlled Repetition

Fundamentals of Programming C Session # 8 By: Saeed Haratian Fall 2015 Outlines Counter-Controlled Repetition Sentinel-Controlled Repetition Top-Down, Stepwise Refinement Counter-Controlled Repetition Consider the following

550 views • 25 slides
For Friday Finish reading chapter 3 Skip section 3.5.2 Program 1 Proposal due by 4pm

For Friday Finish reading chapter 3 Skip section 3.5.2 Program 1 Proposal due by 4pm

For Friday Finish reading chapter 3 Skip section 3.5.2 Program 1 Proposal due by 4pm today Questions? Questions before the quiz? Quiz Algorithms An algorithm is a set of instructions for accomplishing some task What are

536 views • 17 slides
Stepwise Refinement Lecture 6 CGS 3416 Spring 2017 February 6, 2017 Lecture 6CGS 3416 Spring

Stepwise Refinement Lecture 6 CGS 3416 Spring 2017 February 6, 2017 Lecture 6CGS 3416 Spring

Stepwise Refinement Lecture 6 CGS 3416 Spring 2017 February 6, 2017 Lecture 6CGS 3416 Spring 2017 Loops February 6, 2017 1 / 17 Programming is about Problem Solving Algorithm - a finite sequence of steps to perform a specific task To solve

481 views • 17 slides
Machine Learning: Chenhao Tan University of Colorado Boulder LECTURE 5 Slides adapted from

Machine Learning: Chenhao Tan University of Colorado Boulder LECTURE 5 Slides adapted from

Machine Learning: Chenhao Tan University of Colorado Boulder LECTURE 5 Slides adapted from Jordan Boyd-Graber, Tom Mitchell, Ziv Bar-Joseph Machine Learning: Chenhao Tan | Boulder | 1 of 27 Quiz question For a test instance ( x , y ) and a

1.72k views • 86 slides
In SVN: explain the concept of backtracking solve the n-queens problem using backtracking Qu

In SVN: explain the concept of backtracking solve the n-queens problem using backtracking Qu

Exhaustive search, backtracking, object-oriented Queens After today, you should be able to In SVN: explain the concept of backtracking solve the n-queens problem using backtracking Qu Queens ens A taste of artificial intelligence

637 views • 19 slides
CS 451 Software Engineering Winter 2009 Yuanfang Cai Room 104, University Crossings

CS 451 Software Engineering Winter 2009 Yuanfang Cai Room 104, University Crossings

CS 451 Software Engineering Winter 2009 Yuanfang Cai Room 104, University Crossings 215.895.0298 yfcai@cs.drexel.edu 1 Drexel University Design within the Context of Software Engineering 2 Drexel University Software Design Between

561 views • 28 slides
Overview overview7.4 Introduction Modelling parallel systems Linear Time Properties Regular

Overview overview7.4 Introduction Modelling parallel systems Linear Time Properties Regular

Overview overview7.4 Introduction Modelling parallel systems Linear Time Properties Regular Properties Linear Temporal Logic (LTL) Computation-Tree Logic Equivalences and Abstraction bisimulation CTL, CTL*-equivalence computing the

1.95k views • 194 slides
Behavior based Reliable and Resilient System Development Dr. Muhammad Taimoor Khan Informatics

Behavior based Reliable and Resilient System Development Dr. Muhammad Taimoor Khan Informatics

Behavior based Reliable and Resilient System Development Dr. Muhammad Taimoor Khan Informatics System Institute Alpen-Adria University, Klagenfurt, Austria DeepSec 2017, Vienna Recent developments (since > 2014 ) 1. Socioeconomic 2.

246 views • 20 slides

More recommend