Enabling Network Security in HPC Systems Using Heterogeneous CMPs

This chapter explores the possibility of using heterogeneous chip multiprocessors (CMPs) for network and system security. It proposes an integer linear programming (ILP)-based methodology to mathematically analyze and provide heterogeneous CMP architectures and task distributions that can reduce the energy consumption of the system. It compares heterogeneous CMPs with homogeneous counterparts and provides experimental evaluation of using both on network security systems. The details of heterogeneous NoC (network-on-chip)-based CMP architecture are discussed in detail. The chapter also discusses the heterogeneous CMP-based network security processor design and advantages. It summarizes the related work on heterogeneous processors in general and their benefits, and explores the related studies on CMP network security processors. The chapter finally indicates that heterogeneous CMPs reduce the energy consumption dramatically compared to homogeneous CMPs. © 2014 John Wiley & Sons, Inc

Dockerized MISP (Malware Information Sharing Platform)

Dockerització de la plataforma MISP (Malware Information Sharing Platform) per a compartició d'informació relacionada amb malware i atacs cibernètics per crear un entorn segur on les regles de firewall y proxy s'actualitzin automàticament a partir de la informació que s'introdueixi a la plataforma. Vol se una sol·lució econòmica alternativa a appliances com podrien ser FireEye per a empreses petites on empreses del mateix sector puguin compartir informació sobre amenaces comuns entre elles i així estar el més protegides possible. Els objectius principals serien: -Dockeritzar l'aplicació. Crear una instal·lador de MISP fàcilment desplegable en entorns productius mitjançant Docker sense afectació per a les empreses. -Crear una xarxa de MISPs intercommunicats entre ells simulant ser diferentes empreses. -Extreure/automatizar la creació de regles de firewall per a sistemes IPS/IDS (utilitzaria Snort en pfsense). Simularia ser el firewall de les empreses. -Veure com es comporta el sistema simulant atacs dins del parc de les empreses i veient com s'evita la infecció (extreure telemetria).In an age where most companies offer as much services as they can on the Internet, any protection against cyber threats is little. That is why employee awareness campaigns about security, good network architecture designs, fine-tuned monitoring systems and adequate data treatment policies are of vital importance to companies. Any unexpected production disruption, unavailability of services or information leakage due to a cyberattack can be translated to significant losses at both economical and reputational level. The aim of this project is to study feasibility of using a malware related information platform for sharing information assets between small, medium and large sized companies as alternative or complement of most advanced and expensive systems in the market in an open source software deployment. A company environment will be simulated in order to integrate Malware Information Sharing Platform with common security systems and study the behavior when a threat is detected.En una era donde las empresas ofrecen tantos servicios como pueden a través de Internet, toda protección contra amenazas de carácter cibernético es poca. Es por esto que campañas de concienciación a los empleados acerca de seguridad y buenas prácticas, buenos diseños de arquitectura de red, sistemas de monitorización bien afinados i políticas de tratamiento de datos adecuadas son vitales para las empresas. Cualquier corte inesperado en la cadena de producción, indisponibilidad de servicios utilizados día a día para el funcionamiento o fugas de información debidas a un ataque cibernético se pueden traducir en pérdidas importantes tanto a nivel económico como reputacional. El objetivo de este proyecto es estudiar la viabilidad de utilizar una plataforma de información relacionada con malware y amenazas para compartir información entre pequeñas, medianas y grandes empresas como alternativa o complemento a los aplicativos más avanzados y costosos del mercado mediante la utilización de software libre. Se simulará un entorno empresarial para integrar MISP (Malware Information Sharing Platform) con otras herramientas de seguridad comunes y poder estudiar así el comportamiento del sistema ante la detección de una amenaza.En un món on les empresen ofereixen tants serveis com els és posible a través d'Internet, tota protecció contra amenaces de caire cibernètic és poca. És per això que campanyes de concienciació als empleats sobre seguretat i bones pràctiques, bons dissenys d'arquitectura de xarxa, sistemes de monitorització ben ajustats i polítiques de tractament de dades adequades són vitals per a les empreses. Qualsevol aturada inesperada de la cadena de producción, indisponibilitat de serveis que s'utilitzin dia a dia o fugues d'informació degudes a un atac cibernètic es poden traduir en pèrdues importants tant a nivell econònic com reputacional. L'objectiu d'aquest projecte és estudiar la viabilitat d'utilitzar una plataforma d'informació relacionada amb malware i amenaces per compartir informació entre petites, mitjanes i grans empreses com a alternativa o complement als aplicatius més avançats i costosos del mercat mitjançant la utilització de software lliure. És simularà un entorn empresarial per tal d'integrar MISP (Malware Information Sharing Platform) amb altres sistemes de seguretat comuns i estudiar el comportament del sistema davant la detecció duna amenaça

Optimizing energy-efficiency for multi-core packet processing systems in a compiler framework

Network applications become increasingly computation-intensive and the amount of traffic soars unprecedentedly nowadays. Multi-core and multi-threaded techniques are thus widely employed in packet processing system to meet the changing requirement. However, the processing power cannot be fully utilized without a suitable programming environment. The compilation procedure is decisive for the quality of the code. It can largely determine the overall system performance in terms of packet throughput, individual packet latency, core utilization and energy efficiency. The thesis investigated compilation issues in networking domain first, particularly on energy consumption. And as a cornerstone for any compiler optimizations, a code analysis module for collecting program dependency is presented and incorporated into a compiler framework. With that dependency information, a strategy based on graph bi-partitioning and mapping is proposed to search for an optimal configuration in a parallel-pipeline fashion. The energy-aware extension is specifically effective in enhancing the energy-efficiency of the whole system. Finally, a generic evaluation framework for simulating the performance and energy consumption of a packet processing system is given. It accepts flexible architectural configuration and is capable of performingarbitrary code mapping. The simulation time is extremely short compared to full-fledged simulators. A set of our optimization results is gathered using the framework

Distributed services across the network from edge to core

The current internet architecture is evolving from a simple carrier of bits to a platform able to provide multiple complex services running across the entire Network Service Provider (NSP) infrastructure. This calls for increased flexibility in resource management and allocation to provide dedicated, on-demand network services, leveraging a distributed infrastructure consisting of heterogeneous devices. More specifically, NSPs rely on a plethora of low-cost Customer Premise Equipment (CPE), as well as more powerful appliances at the edge of the network and in dedicated data-centers. Currently a great research effort is spent to provide this flexibility through Fog computing, Network Functions Virtualization (NFV), and data plane programmability. Fog computing or Edge computing extends the compute and storage capabilities to the edge of the network, closer to the rapidly growing number of connected devices and applications that consume cloud services and generate massive amounts of data. A complementary technology is NFV, a network architecture concept targeting the execution of software Network Functions (NFs) in isolated Virtual Machines (VMs), potentially sharing a pool of general-purpose hosts, rather than running on dedicated hardware (i.e., appliances). Such a solution enables virtual network appliances (i.e., VMs executing network functions) to be provisioned, allocated a different amount of resources, and possibly moved across data centers in little time, which is key in ensuring that the network can keep up with the flexibility in the provisioning and deployment of virtual hosts in today’s virtualized data centers. Moreover, recent advances in networking hardware have introduced new programmable network devices that can efficiently execute complex operations at line rate. As a result, NFs can be (partially or entirely) folded into the network, speeding up the execution of distributed services. The work described in this Ph.D. thesis aims at showing how various network services can be deployed throughout the NSP infrastructure, accommodating to the different hardware capabilities of various appliances, by applying and extending the above-mentioned solutions. First, we consider a data center environment and the deployment of (virtualized) NFs. In this scenario, we introduce a novel methodology for the modelization of different NFs aimed at estimating their performance on different execution platforms. Moreover, we propose to extend the traditional NFV deployment outside of the data center to leverage the entire NSP infrastructure. This can be achieved by integrating native NFs, commonly available in low-cost CPEs, with an existing NFV framework. This facilitates the provision of services that require NFs close to the end user (e.g., IPsec terminator). On the other hand, resource-hungry virtualized NFs are run in the NSP data center, where they can take advantage of the superior computing and storage capabilities. As an application, we also present a novel technique to deploy a distributed service, specifically a web filter, to leverage both the low latency of a CPE and the computational power of a data center. We then show that also the core network, today dedicated solely to packet routing, can be exploited to provide useful services. In particular, we propose a novel method to provide distributed network services in core network devices by means of task distribution and a seamless coordination among the peers involved. The aim is to transform existing network nodes (e.g., routers, switches, access points) into a highly distributed data acquisition and processing platform, which will significantly reduce the storage requirements at the Network Operations Center and the packet duplication overhead. Finally, we propose to use new programmable network devices in data center networks to provide much needed services to distributed applications. By offloading part of the computation directly to the networking hardware, we show that it is possible to reduce both the network traffic and the overall job completion time

Branch Prediction For Network Processors

Originally designed to favour flexibility over packet processing performance, the future of the programmable network processor is challenged by the need to meet both increasing line rate as well as providing additional processing capabilities. To meet these requirements, trends within networking research has tended to focus on techniques such as offloading computation intensive tasks to dedicated hardware logic or through increased parallelism. While parallelism retains flexibility, challenges such as load-balancing limit its scope. On the other hand, hardware offloading allows complex algorithms to be implemented at high speed but sacrifice flexibility. To this end, the work in this thesis is focused on a more fundamental aspect of a network processor, the data-plane processing engine. Performing both system modelling and analysis of packet processing functions; the goal of this thesis is to identify and extract salient information regarding the performance of multi-processor workloads. Following on from a traditional software based analysis of programme workloads, we develop a method of modelling and analysing hardware accelerators when applied to network processors. Using this quantitative information, this thesis proposes an architecture which allows deeply pipelined micro-architectures to be implemented on the data-plane while reducing the branch penalty associated with these architectures

Multi-level analysis of Malware using Machine Learning

Multi-level analysis of Malware using Machine Learnin

Exposing Inter-Virtual Machine Networking Traffic to External Applications

Virtualization is a powerful and fast growing technology that is widely accepted throughout the computing industry. The Department of Defense has moved its focus to virtualization and looks to take advantage of virtualized hardware, software, and networks. Virtual environments provide many benefits but create both administrative and security challenges. The challenge of monitoring virtual networks is having visibility of inter-virtual machine (VM) traffic that is passed within a single virtual host. This thesis attempts to gain visibility and evaluate performance of inter-VM traffic in a virtual environment. Separate virtual networks are produced using VMWare ESXi and Citrix XenServer platforms. The networks are comprised of three virtual hosts containing a Domain Controller VM, a Dynamic Host Configuration Protocol server VM, two management VMs, and four testing VMs. Configuration of virtual hosts, VMs, and networking components are identical on each network for a consistent comparison. Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) traffic is generated to test each network using custom batch files, Powershell scripts, and Python code. Results show standard virtual networks require additional resources (e.g., local Intrusion Detection System) and more hands-on administration for real-time traffic visibility than a virtual network using a distributed switch. Traffic visibility within a standard network is limited to using a local packet capture program such as pktcap-uw, tcpdump, or windump. However, distributed networks offer advanced options, such as port mirroring and NetFlow, that deliver higher visibility but come at a higher latency for both TCP and UDP inter-VM traffic