Automatic Inference of High-Level Network Intents by Mining Forwarding Patterns

There is a semantic gap between the high-level intents of network operators and the low-level configurations that achieve the intents. Previous works tried to bridge the gap using verification or synthesis techniques, both requiring formal specifications of the intended behavior which are rarely available or even known in the real world. This paper discusses an alternative approach for bridging the gap, namely to infer the high-level intents from the low-level network behavior. Specifically, we provide Anime, a framework and a tool that given a set of observed forwarding behavior, automatically infers a set of possible intents that best describe all observations. Our results show that Anime can infer high-quality intents from the low-level forwarding behavior with acceptable performance.Comment: SOSR 202

A Framework of DevSecOps for Software Development Teams

This master's thesis explores a broad evaluation of automated security testing in the context of DevOps practices. The primary objective of this study is to propose a framework that facilitates the seamless integration of security scanning tools within DevOps practices. The thesis will focus on examining the existing set of tools and their effective integration into fully automated DevOps CI/CD pipelines. The thesis starts by examining the theoretical concepts of DevOps and provides guidelines for integrating security within DevOps methodologies. Furthermore, it assesses the current state of security by analysing the OWASP Web API top 10 security vulnerability list and evaluating existing security automation tools. Additionally, the research investigates the performance and efficacy of these tools across various stages of the SDLC and investigates ongoing research and development activities. A fully automated DevOps CI/CD pipeline is implemented to integrate security scanning tools, enforcing complete security checks throughout the SDLC. Azure DevOps build and release pipelines, along with Snyk, were used to create a comprehensive automated security scanning framework. The study considerably investigates the integration of these security scanning tools and assesses their influence on the overall security posture of the developed applications. The finding of the study reveals that security scanning tools can be efficiently integrated into fully automated DevOps practices. Based on the results, recommendations are provided for the selection of suitable tools and techniques to achieve a DevSecOps practice. In conclusion, this thesis provides valuable insights into security integration in DevOps practices, highlighting the effectiveness of security automation tools. The research also recommends areas for further improvements to meet the industry's evolving requirements

Comprehensive and Practical Policy Compliance in Data Retrieval Systems

Data retrieval systems such as online search engines and online social networks process many data items coming from different sources, each subject to its own data use policy. Ensuring compliance with these policies in a large and fast-evolving system presents a significant technical challenge since bugs, misconfigurations, or operator errors can cause (accidental) policy violations. To prevent such violations, researchers and practitioners develop policy compliance systems. Existing policy compliance systems, however, are either not comprehensive or not practical. To be comprehensive, a compliance system must be able to enforce users' policies regarding their personal privacy preferences, the service provider's own policies regarding data use such as auditing and personalization, and regulatory policies such as data retention and censorship. To be practical, a compliance system needs to meet stringent requirements: (1) runtime overhead must be low; (2) existing applications must run with few modifications; and (3) bugs, misconfigurations, or actions by unprivileged operators must not cause policy violations. In this thesis, we present the design and implementation of two comprehensive and practical compliance systems: Thoth and Shai. Thoth relies on pure runtime monitoring: it tracks data flows by intercepting processes' I/O, and then it checks the associated policies to allow only policy-compliant flows at runtime. Shai, on the other hand, combines offline analysis and light-weight runtime monitoring: it pushes as many policy checks as possible to an offline (flow) analysis by predicting the policies that data-handling processes will be subject to at runtime, and then it compiles those policies into a set of fine-grained I/O capabilities that can be enforced directly by the underlying operating system

Prioritized Anomaly Catalog Generation Using Model-Based Reasoning

Anomaly management—the detection, diagnosis, and resolution of anomalies in a system—is traditionally performed using experiential techniques which are quickly computed, but poorly structured. Newer model-based approaches are more systematic and higher performing but are computationally expensive, which is a particular challenge for execution in an operational environment. This paper builds on a novel system to pre-compute model-based anomaly symptoms to enable quick retrieval and diagnosis in operational settings. New additions to this system include a simplified model interface, anomaly likelihoods associated with each component, and easier interpretation of results. The implemented system has been used successfully to detect and diagnose anomalies in a baseline test circuit as well as in an operational satellite monitoring network. Results show that this approach is promising; with a thorough model, the diagnosis and resolution processes of anomaly management could be greatly improved for more complex remote systems such as university-operated nanosatellites and field robotic vehicles

Ensuring compliance with data privacy and usage policies in online services

Online services collect and process a variety of sensitive personal data that is subject to complex privacy and usage policies. Complying with the policies is critical, often legally binding for service providers, but it is challenging as applications are prone to many disclosure threats. We present two compliance systems, Qapla and Pacer, that ensure efficient policy compliance in the face of direct and side-channel disclosures, respectively. Qapla prevents direct disclosures in database-backed applications (e.g., personnel management systems), which are subject to complex access control, data linking, and aggregation policies. Conventional methods inline policy checks with application code. Qapla instead specifies policies directly on the database and enforces them in a database adapter, thus separating compliance from the application code. Pacer prevents network side-channel leaks in cloud applications. A tenant’s secrets may leak via its network traffic shape, which can be observed at shared network links (e.g., network cards, switches). Pacer implements a cloaked tunnel abstraction, which hides secret-dependent variation in tenant’s traffic shape, but allows variations based on non-secret information, enabling secure and efficient use of network resources in the cloud. Both systems require modest development efforts, and incur moderate performance overheads, thus demonstrating their usability.Onlinedienste sammeln und verarbeiten eine Vielzahl sensibler persönlicher Daten, die komplexen Datenschutzrichtlinien unterliegen. Die Einhaltung dieser Richtlinien ist häufig rechtlich bindend für Dienstanbieter und gleichzeitig eine Herausforderung, da Fehler in Anwendungsprogrammen zu einer unabsichtlichen Offenlegung führen können. Wir präsentieren zwei Compliance-Systeme, Qapla und Pacer, die Richtlinien effizient einhalten und gegen direkte und indirekte Offenlegungen durch Seitenkanäle schützen. Qapla verhindert direkte Offenlegungen in datenbankgestützten Anwendungen. Herkömmliche Methoden binden Richtlinienprüfungen in Anwendungscode ein. Stattdessen gibt Qapla Richtlinien direkt in der Datenbank an und setzt sie in einem Datenbankadapter durch. Die Konformität ist somit vom Anwendungscode getrennt. Pacer verhindert Netzwerkseitenkanaloffenlegungen in Cloud-Anwendungen. Geheimnisse eines Nutzers können über die Form des Netzwerkverkehr offengelegt werden, die bei gemeinsam genutzten Netzwerkelementen (z. B. Netzwerkkarten, Switches) beobachtet werden kann. Pacer implementiert eine Tunnelabstraktion, die Geheimnisse im Netzwerkverkehr des Nutzers verbirgt, jedoch Variationen basier- end auf nicht geheimen Informationen zulässt und eine sichere und effiziente Nutzung der Netzwerkressourcen in der Cloud ermöglicht. Beide Systeme erfordern geringen Entwicklungsaufwand und verursachen einen moderaten Leistungsaufwand, wodurch ihre Nützlichkeit demonstriert wird

A Survey of Prevent and Detect Access Control Vulnerabilities

Broken access control is one of the most common security vulnerabilities in web applications. These vulnerabilities are the major cause of many data breach incidents, which result in privacy concern and revenue loss. However, preventing and detecting access control vulnerabilities proactively in web applications could be difficult. Currently, these vulnerabilities are actively detected by bug bounty hunters post-deployment, which creates attack windows for malicious access. To solve this problem proactively requires security awareness and expertise from developers, which calls for systematic solutions. This survey targets to provide a structured overview of approaches that tackle access control vulnerabilities. It firstly discusses the unique feature of access control vulnerabilities, then studies the existing works proposed to tackle access control vulnerabilities in web applications, which span the spectrum of software development from software design and implementation, software analysis and testing, and runtime monitoring. At last we discuss the open problem in this field

Knowledge-based Decision Making for Simulating Cyber Attack Behaviors

Computer networks are becoming more complex as the reliance on these network increases in this era of exponential technological growth. This makes the potential gains for criminal activity on these networks extremely serious and can not only devastate organizations or enterprises but also the general population. As complexity of the network increases so does the difficulty to protect the networks as more potential vulnerabilities are introduced. Despite best efforts, traditional defenses like Intrusion Detection Systems and penetration tests are rendered ineffective to even amateur cyber adversaries. Networks now need to be analyzed at all times to preemptively detect weaknesses which harbored a new research field called Cyber Threat Analytics. However, current techniques for cyber threat analytics typically perform static analysis on the network and system vulnerabilities but few address the most variable and most critical piece of the puzzle -- the attacker themselves. This work focuses on defining a baseline framework for modeling a wide variety of cyber attack behaviors which can be used in conjunction with a cyber attack simulator to analyze the effects of individual or multiple attackers on a network. To model a cyber attacker\u27s behaviors with reasonable accuracy and flexibility, the model must be based on aspects of an attacker that are used in real scenarios. Real cyber attackers base their decisions on what they know and learn about the network, vulnerabilities, and targets. This attacker behavior model introduces the aspect of knowledge-based decision making to cyber attack behavior modeling with the goal of providing user configurable options. This behavior model employs Cyber Attack Kill Chain along with an ensemble of the attacker capabilities, opportunities, intent, and preferences. The proposed knowledge-based decision making model is implemented to enable the simulation of a variety of network attack behaviors and their effects. This thesis will show a number of simulated attack scenarios to demonstrate the capabilities and limitations of the proposed model

Deployment and Operation of Complex Software in Heterogeneous Execution Environments

This open access book provides an overview of the work developed within the SODALITE project, which aims at facilitating the deployment and operation of distributed software on top of heterogeneous infrastructures, including cloud, HPC and edge resources. The experts participating in the project describe how SODALITE works and how it can be exploited by end users. While multiple languages and tools are available in the literature to support DevOps teams in the automation of deployment and operation steps, still these activities require specific know-how and skills that cannot be found in average teams. The SODALITE framework tackles this problem by offering modelling and smart editing features to allow those we call Application Ops Experts to work without knowing low level details about the adopted, potentially heterogeneous, infrastructures. The framework offers also mechanisms to verify the quality of the defined models, generate the corresponding executable infrastructural code, automatically wrap application components within proper execution containers, orchestrate all activities concerned with deployment and operation of all system components, and support on-the-fly self-adaptation and refactoring