Applying Formal Methods to Networking: Theory, Techniques and Applications

Despite its great importance, modern network infrastructure is remarkable for the lack of rigor in its engineering. The Internet which began as a research experiment was never designed to handle the users and applications it hosts today. The lack of formalization of the Internet architecture meant limited abstractions and modularity, especially for the control and management planes, thus requiring for every new need a new protocol built from scratch. This led to an unwieldy ossified Internet architecture resistant to any attempts at formal verification, and an Internet culture where expediency and pragmatism are favored over formal correctness. Fortunately, recent work in the space of clean slate Internet design---especially, the software defined networking (SDN) paradigm---offers the Internet community another chance to develop the right kind of architecture and abstractions. This has also led to a great resurgence in interest of applying formal methods to specification, verification, and synthesis of networking protocols and applications. In this paper, we present a self-contained tutorial of the formidable amount of work that has been done in formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial

Formal assurance of security policies in automated network orchestration (SDN/NFV)

1noL'abstract è presente nell'allegato / the abstract is in the attachmentopen677. INGEGNERIA INFORMATInoopenYusupov, Jalolliddi

SUTMS - Unified Threat Management Framework for Home Networks

Home networks were initially designed for web browsing and non-business critical applications. As infrastructure improved, internet broadband costs decreased, and home internet usage transferred to e-commerce and business-critical applications. Today’s home computers host personnel identifiable information and financial data and act as a bridge to corporate networks via remote access technologies like VPN. The expansion of remote work and the transition to cloud computing have broadened the attack surface for potential threats. Home networks have become the extension of critical networks and services, hackers can get access to corporate data by compromising devices attacked to broad- band routers. All these challenges depict the importance of home-based Unified Threat Management (UTM) systems. There is a need of unified threat management framework that is developed specifically for home and small networks to address emerging security challenges. In this research, the proposed Smart Unified Threat Management (SUTMS) framework serves as a comprehensive solution for implementing home network security, incorporating firewall, anti-bot, intrusion detection, and anomaly detection engines into a unified system. SUTMS is able to provide 99.99% accuracy with 56.83% memory improvements. IPS stands out as the most resource-intensive UTM service, SUTMS successfully reduces the performance overhead of IDS by integrating it with the flow detection mod- ule. The artifact employs flow analysis to identify network anomalies and categorizes encrypted traffic according to its abnormalities. SUTMS can be scaled by introducing optional functions, i.e., routing and smart logging (utilizing Apriori algorithms). The research also tackles one of the limitations identified by SUTMS through the introduction of a second artifact called Secure Centralized Management System (SCMS). SCMS is a lightweight asset management platform with built-in security intelligence that can seamlessly integrate with a cloud for real-time updates

First-Order Models for Configuration Analysis

Our world teems with networked devices. Their configuration exerts an ever-expanding influence on our daily lives. Yet correctly configuring systems, networks, and access-control policies is notoriously difficult, even for trained professionals. Automated static analysis techniques provide a way to both verify a configuration\u27s correctness and explore its implications. One such approach is scenario-finding: showing concrete scenarios that illustrate potential (mis-)behavior. Scenarios even have a benefit to users without technical expertise, as concrete examples can both trigger and improve users\u27 intuition about their system. This thesis describes a concerted research effort toward improving scenario-finding tools for configuration analysis. We developed Margrave, a scenario-finding tool with special features designed for security policies and configurations. Margrave is not tied to any one specific policy language; rather, it provides an intermediate input language as expressive as first-order logic. This flexibility allows Margrave to reason about many different types of policy. We show Margrave in action on Cisco IOS, a common language for configuring firewalls, demonstrating that scenario-finding with Margrave is useful for debugging and validating real-world configurations. This thesis also presents a theorem showing that, for a restricted subclass of first-order logic, if a sentence is satisfiable then there must exist a satisfying scenario no larger than a computable bound. For such sentences scenario-finding is complete: one can be certain that no scenarios are missed by the analysis, provided that one checks up to the computed bound. We demonstrate that many common configurations fall into this subclass and give algorithmic tests for both sentence membership and counting. We have implemented both in Margrave. Aluminum is a tool that eliminates superfluous information in scenarios and allows users\u27 goals to guide which scenarios are displayed. We quantitatively show that our methods of scenario-reduction and exploration are effective and quite efficient in practice. Our work on Aluminum is making its way into other scenario-finding tools. Finally, we describe FlowLog, a language for network programming that we created with analysis in mind. We show that FlowLog can express many common network programs, yet demonstrate that automated analysis and bug-finding for FlowLog are both feasible as well as complete

Security comparison of ownCloud, Nextcloud, and Seafile in open source cloud storage solutions

Cloud storage has become one of the most efficient and economical ways to store data over the web. Although most organizations have adopted cloud storage, there are numerous privacy and security concerns about cloud storage and collaboration. Furthermore, adopting public cloud storage may be costly for many enterprises. An open-source cloud storage solution for cloud file sharing is a possible alternative in this instance. There is limited information on system architecture, security measures, and overall throughput consequences when selecting open-source cloud storage solutions despite widespread awareness. There are no comprehensive comparisons available to evaluate open-source cloud storage solutions (specifically owncloud, nextcloud, and seafile) and analyze the impact of platform selections. This thesis will present the concept of cloud storage, a comprehensive understanding of three popular open-source features, architecture, security features, vulnerabilities, and other angles in detail. The goal of the study is to conduct a comparison of these cloud solutions so that users may better understand the various open-source cloud storage solutions and make more knowledgeable selections. The author has focused on four attributes: features, architecture, security, and vulnerabilities of three cloud storage solutions ("ownCloud," "Nextcloud," and "Seafile") since most of the critical issues fall into one of these classifications. The findings show that, while the three services take slightly different approaches to confidentiality, integrity, and availability, they all achieve the same purpose. As a result of this research, the user will have a better understanding of the factors and will be able to make a more informed decision on cloud storage options

Design Time Methodology for the Formal Modeling and Verification of Smart Environments

Smart Environments (SmE) are intelligent and complex due to smart connectivity and interaction of heterogeneous devices achieved by complicated and sophisticated computing algorithms. Based on their domotic and industrial applications, SmE system may be critical in terms of correctness, reliability, safety, security and other such vital factors. To achieve error-free and requirement-compliant implementation of these systems, it is advisable to enforce a design process that may guarantee these factors by adopting formal models and formal verification techniques at design time. The e-Lite research group at Politecnico di Torino is developing solutions for SmE based on integration of commercially available home automation technologies with an intelligent ecosystem based on a central OSGi-based gateway, and distributed collaboration of intelligent applications, with the help of semantic web technologies and applications. The main goal of my research is to study new methodologies which are used for the modeling and verification of SmE. This goal includes the development of a formal methodology which ensures the reliable implementation of the requirements on SmE, by modeling and verifying each component (users, devices, control algorithms and environment/context) and the interaction among them, especially at various stages in design time, so that all the complexities and ambiguities can be reduced

Abstractions and optimisations for model-checking software-defined networks

Software-Defined Networking introduces a new programmatic abstraction layer by shifting the distributed network functions (NFs) from silicon chips (ASICs) to a logically centralized (controller) program. And yet, controller programs are a common source of bugs that can cause performance degradation, security exploits and poor reliability in networks. Assuring that a controller program satisfies the specifications is thus most preferable, yet the size of the network and the complexity of the controller makes this a challenging effort. This thesis presents a highly expressive, optimised SDN model, (code-named MoCS), that can be reasoned about and verified formally in an acceptable timeframe. In it, we introduce reusable abstractions that (i) come with a rich semantics, for capturing subtle real-world bugs that are hard to track down, and (ii) which are formally proved correct. In addition, MoCS deals with timeouts of flow table entries, thus supporting automatic state refresh (soft state) in the network. The optimisations are achieved by (1) contextually analysing the model for possible partial order reductions in view of the concrete control program, network topology and specification property in question, (2) pre-computing packet equivalence classes and (3) indexing packets and rules that exist in the model and bit-packing (compressing) them. Each of these developments is demonstrated by a set of real-world controller programs that have been implemented in network topologies of varying size, and publicly released under an open-source license

Principles of Security and Trust: 7th International Conference, POST 2018, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2018, Thessaloniki, Greece, April 14-20, 2018, Proceedings

authentication; computer science; computer software selection and evaluation; cryptography; data privacy; formal logic; formal methods; formal specification; internet; privacy; program compilers; programming languages; security analysis; security systems; semantics; separation logic; software engineering; specifications; verification; world wide we

Set-Based Prototyping in the Context of the Configurable Virtual Product: The Construction of the Learning Value Streams (LVS) Model

RÉSUMÉ La présente thèse de doctorat est le résultat de sept années de recherche intervention dans les domaines de la conception et du développement de produits suivant le paradigme lean en aérospatial. Cette recherche action est motivée par la nécessité de développer les connaissances ainsi que les outils appropriés pour le développement de produits suivant l’approche lean (LPD pour Lean Product Development) et en particulier celle de l’ « ingénierie concourante fondée sur les options de conception » (SBCE pour Set-Based Concurrent Engineering) en aérospatial. Une telle nécessité se justifie par les facteurs socioéconomiques du 21ème siècle qui imposent des approches de conception et développement toujours plus robustes, résilientes, réactives, flexibles, innovantes et adaptables face aux fluctuations du marché et à la demande des consommateurs qui évolue rapidement, ceci afin de permettre aux compagnies de demeurer compétitives. L’objectif principal de la recherche, au vue de tels impératifs, est d’identifier, pour ensuite développer et intégrer dans un modèle holistique, les aspects, les caractéristiques et les catalyseurs essentiels des approches LPD et SBCE appliquées à l’industrie aérospatiale de façon à supporter l’implémentation à grande échelle de telles approches, et ce, dans une optique sousjacente de gestion de cycle de vie du produit (PLM pour Product Lifecycle Management). La planification et l’exécution du projet de recherche sont réalisées en respectant une méthodologie éprouvée en conception (DRM pour Design Research Methodology) afin de focaliser les résultats sur l’avancement des connaissances et de la pratique du LPD et SBCE en tant qu’approches de conception. La recherche apporte en conséquence des contributions majeures à ces champs d’étude tout en prescrivant une méthodologie de transformation des processus et outils de développement de produits dans l’industrie par le biais de l’implémentation du modèle de « chaines de valeur apprenantes » (LVS pour Learning Value Streams). Plus en détails, les contributions aux avancées scientifiques et pratiques dans le domaine vont comme suit : (1) La proposition d’un nouveau cadre d’analyse de la littérature SBCE, ainsi qu’une méthodologie de revue systématique fondée sur des données probantes; (2) L’avancement des connaissances théoriques et pratiques du LPD et SBCE des aspects les plus généraux aux plus significatifs; (3) L’avancement des connaissances théoriques et pratiques sur la modélisation et les structures de produit requises dans une optique de gestion de cycle de vie du produit----------ABSTRACT The work reported in this thesis is the result of seven years of participatory action research in the field of Lean Product Development (LPD) in aerospace engineering. This research is motivated by the necessity to develop understanding and support for practical implementations of lean product development and especially Set-Based Concurrent Engineering (SBCE) in industry. Such necessity is justified by 21st century compelling socioeconomic factors that demand robust, resilient, responsive, flexible, innovative, adaptable and lean product development processes in order for companies to stay competitive in rapidly changing markets. The main purpose of the research is to identify and develop the essential SBCE and LPD aspects, characteristics, features and catalysts as they relate to aerospace large-scale industrial product development in order to form a holistic model that can support practical implementations of LPD in industry from a product lifecycle perspective. A design research methodology (DRM) is used for planning and executing the design research project while ensuring that focus is placed on achieving progress with regards to understanding and implementation of SBCE and LPD as Design practices. As a result, this thesis work provides substantial contribution to understanding of LPD and SBCE and furthermore, entails valuable proposal for the practice in industry through the CCS model and the construction of the Learning Value Streams (LVS) model. Major contributions to the advancement of scientific knowledge and practice in the fields are as follows: (1) The proposal of a new SBCE dual analysis framework combined with an evidence-based systematic review methodology; (2) The advancement of theoretical and practical understanding of LPD and SBCE from the larger to the most significant aspects; (3) The advancement of theoretical and practical understanding of product models and product structure progression requirements for lean product lifecycle management; (4) the proposal of a new methodology, including new as-tested structure to support cross-collaboration during prototyping and testing in lifecycle management contexts; (5) The proposal of a new existential domain alongside the functional, technological and physical domains in order to address the lack of product modelling constructs and methodology when it comes to service or as-tested configurations, hardware testing transactions and prototype information tracking on the basis o