2,167 research outputs found
ANCHOR: logically-centralized security for Software-Defined Networks
While the centralization of SDN brought advantages such as a faster pace of
innovation, it also disrupted some of the natural defenses of traditional
architectures against different threats. The literature on SDN has mostly been
concerned with the functional side, despite some specific works concerning
non-functional properties like 'security' or 'dependability'. Though addressing
the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to
efficiency and effectiveness problems. We claim that the enforcement of
non-functional properties as a pillar of SDN robustness calls for a systemic
approach. As a general concept, we propose ANCHOR, a subsystem architecture
that promotes the logical centralization of non-functional properties. To show
the effectiveness of the concept, we focus on 'security' in this paper: we
identify the current security gaps in SDNs and we populate the architecture
middleware with the appropriate security mechanisms, in a global and consistent
manner. Essential security mechanisms provided by anchor include reliable
entropy and resilient pseudo-random generators, and protocols for secure
registration and association of SDN devices. We claim and justify in the paper
that centralizing such mechanisms is key for their effectiveness, by allowing
us to: define and enforce global policies for those properties; reduce the
complexity of controllers and forwarding devices; ensure higher levels of
robustness for critical services; foster interoperability of the non-functional
property enforcement mechanisms; and promote the security and resilience of the
architecture itself. We discuss design and implementation aspects, and we prove
and evaluate our algorithms and mechanisms, including the formalisation of the
main protocols and the verification of their core security properties using the
Tamarin prover.Comment: 42 pages, 4 figures, 3 tables, 5 algorithms, 139 reference
Formally based semi-automatic implementation of an open security protocol
International audienceThis paper presents an experiment in which an implementation of the client side of the SSH Transport Layer Protocol (SSH-TLP) was semi-automatically derived according to a model-driven development paradigm that leverages formal methods in order to obtain high correctness assurance. The approach used in the experiment starts with the formalization of the protocol at an abstract level. This model is then formally proved to fulfill the desired secrecy and authentication properties by using the ProVerif prover. Finally, a sound Java implementation is semi-automatically derived from the verified model using an enhanced version of the Spi2Java framework. The resulting implementation correctly interoperates with third party servers, and its execution time is comparable with that of other manually developed Java SSH-TLP client implementations. This case study demonstrates that the adopted model-driven approach is viable even for a real security protocol, despite the complexity of the models needed in order to achieve an interoperable implementation
Ensuring interoperability between network elements in next generation networks
Next Generation Networks (NGNs), based on the Internet Protocol (IP), implement
several services such as IP-based telephony and are beginning to replace the classic telephony
systems. Due to the development and implementation of new powerful services
these systems are becoming increasingly complex.
Implementing these new services (typically software-based network elements) is often
accompanied by unexpected and erratic behaviours which can manifest as interoperability
problems. The reason for this caused by insufficient testing at the developing
companies. The testing of such products is by nature a costly and time-consuming
exercise and therefore cut down to what is considered the maximum acceptable level.
Ensuring the interoperability between network elements is a known challenge. However,
there exists no concept of which testing methods should be utilised to achieve an
acceptable level of quality. The objective of this thesis was to improve the interoperability
between network elements in NGNs by creating a testing scheme comprising of
three diverse testing methods: conformance testing, interoperability testing and posthoc
analysis.
In the first project a novel conformance testing methodology for developing sets of conformance
test cases for service specifications in NGNs was proposed. This methodology significantly improves the chance of interoperability and provides a considerable enhancement to the currently used interoperability tests. It was evaluated by successfully
applying it to the Presence Service.
The second report proposed a post-hoc methodology which enables the identification
of the ultimate causes for interoperability problems in a NGN in daily operation. The
new methods were implemented in the tool IMPACT (IP-Based Multi Protocol Posthoc
Analyzer and Conformance Tester), which stores all exchanged messages between
network elements in a database. Using SQL queries, the causes for errors can be found
efficiently.
Overall the presented testing scheme improves significantly the chance that network
elements interoperate successfully by providing new methods. Beyond that, the quality
of the software product is raised by mapping these methods to phases in a process model
and providing well defined steps on which test method is the best suited at a certain
stage
Assessing and Improving Interoperability of Distributed Systems
Interoperabilität von verteilten Systemen ist eine Grundlage für die Entwicklung von neuen und innovativen Geschäftslösungen. Sie erlaubt es existierende Dienste, die auf verschiedenen Systemen angeboten werden, so miteinander zu verknüpfen, dass neue oder erweiterte Dienste zur Verfügung gestellt werden können. Außerdem kann durch diese Integration die Zuverlässigkeit von Diensten erhöht werden. Das Erreichen und Bewerten von Interoperabilität stellt jedoch eine finanzielle und zeitliche Herausforderung dar. Zur Sicherstellung und Bewertung von Interoperabilität werden systematische Methoden benötigt.
Um systematisch Interoperabilität von Systemen erreichen und bewerten zu können, wurde im Rahmen der vorliegenden Arbeit ein Prozess zur Verbesserung und Beurteilung von Interoperabilität (IAI) entwickelt. Der IAI-Prozess beinhaltet drei Phasen und kann die Interoperabilität von verteilten, homogenen und auch heterogenen Systemen bewerten und verbessern. Die Bewertung erfolgt dabei durch Interoperabilitätstests, die manuell oder automatisiert ausgeführt werden können. Für die Automatisierung von Interoperabilitätstests wird eine neue Methodik vorgestellt, die einen Entwicklungsprozess für automatisierte Interoperabilitätstestsysteme beinhaltet. Die vorgestellte Methodik erleichtert die formale und systematische Bewertung der Interoperabilität von verteilten Systemen. Im Vergleich zur manuellen Prüfung von Interoperabilität gewährleistet die hier vorgestellte Methodik eine höhere Testabdeckung, eine konsistente Testdurchführung und wiederholbare Interoperabilitätstests.
Die praktische Anwendbarkeit des IAI-Prozesses und der Methodik für automatisierte Interoperabilitätstests wird durch drei Fallstudien belegt. In der ersten Fallstudie werden Prozess und Methodik für Internet Protocol Multimedia Subsystem (IMS) Netzwerke instanziiert. Die Interoperabilität von IMS-Netzwerken wurde bisher nur manuell getestet. In der zweiten und dritten Fallstudie wird der IAI-Prozess zur Beurteilung und Verbesserung der Interoperabilität von Grid- und Cloud-Systemen angewendet. Die Bewertung und Verbesserung dieser Interoperabilität ist eine Herausforderung, da Grid- und Cloud-Systeme im Gegensatz zu IMS-Netzwerken heterogen sind. Im Rahmen der Fallstudien werden Möglichkeiten für Integrations- und Interoperabilitätslösungen von Grid- und Infrastructure as a Service (IaaS) Cloud-Systemen sowie von Grid- und Platform as a Service (PaaS) Cloud-Systemen aufgezeigt. Die vorgestellten Lösungen sind in der Literatur bisher nicht dokumentiert worden. Sie ermöglichen die komplementäre Nutzung von Grid- und Cloud-Systemen, eine vereinfachte Migration von Grid-Anwendungen in ein Cloud-System sowie eine effiziente Ressourcennutzung. Die Interoperabilitätslösungen werden mit Hilfe des IAI-Prozesses bewertet. Die Durchführung der Tests für Grid-IaaS-Cloud-Systeme erfolgte manuell. Die Interoperabilität von Grid-PaaS-Cloud-Systemen wird mit Hilfe der Methodik für automatisierte Interoperabilitätstests bewertet. Interoperabilitätstests und deren Beurteilung wurden bisher in der Grid- und Cloud-Community nicht diskutiert, obwohl sie eine Basis für die Entwicklung von standardisierten Schnittstellen zum Erreichen von Interoperabilität zwischen Grid- und Cloud-Systemen bieten.Achieving interoperability of distributed systems offers means for the development of new and innovative business solutions. Interoperability allows the combination of existing services provided on different systems, into new or extended services. Such an integration can also increase the reliability of the provided service. However, achieving and assessing interoperability is a technical challenge that requires high effort regarding time and costs. The reasons are manifold and include differing implementations of standards as well as the provision of proprietary interfaces. The implementations need to be engineered to be interoperable. Techniques that assess and improve interoperability systematically are required.
For the assurance of reliable interoperation between systems, interoperability needs to be assessed and improved in a systematic manner. To this aim, we present the Interoperability Assessment and Improvement (IAI) process, which describes in three phases how interoperability of distributed homogeneous and heterogeneous systems can be improved and assessed systematically. The interoperability assessment is achieved by means of interoperability testing, which is typically performed manually. For the automation of interoperability test execution, we present a new methodology including a generic development process for a complete and automated interoperability test system. This methodology provides means for a formalized and systematic assessment of systems' interoperability in an automated manner. Compared to manual interoperability testing, the application of our methodology has the following benefits: wider test coverage, consistent test execution, and test repeatability.
We evaluate the IAI process and the methodology for automated interoperability testing in three case studies. Within the first case study, we instantiate the IAI process and the methodology for Internet Protocol Multimedia Subsystem (IMS) networks, which were previously assessed for interoperability only in a manual manner. Within the second and third case study, we apply the IAI process to assess and improve the interoperability of grid and cloud computing systems. Their interoperability assessment and improvement is challenging, since cloud and grid systems are, in contrast to IMS networks, heterogeneous. We develop integration and interoperability solutions for grids and Infrastructure as a Service (IaaS) clouds as well as for grids and Platform as a Service (PaaS) clouds. These solutions are unique and foster complementary usage of grids and clouds, simplified migration of grid applications into the cloud, as well as efficient resource utilization. In addition, we assess the interoperability of the grid-cloud interoperability solutions. While the tests for grid-IaaS clouds are performed manually, we applied our methodology for automated interoperability testing for the assessment of interoperability to grid-PaaS cloud interoperability successfully. These interoperability assessments are unique in the grid-cloud community and provide a basis for the development of standardized interfaces improving the interoperability between grids and clouds
Standardized event pair based test generation method using TSS&TP
In the software engineering test development takes significant resources. A general method for the creation of appropriate test suites could solve the problems of the often ad-hoc and time-consuming test generation process. The recent method uses formal specifications to support systematic derivation of complete test suites. From the formal specification using a special procedure a formalized document, the so-called Test Suite Structure (TSS) and Test Purposes (TP) can be created. With the help of this document developers can easily, automatically implement the test suites. The TSS&TP document also enables the persons who perform the tests to understand the test criteria and the steps, even if they do not actually know the protocol itself. We present a thorough picture of our test derivation method and show its efficiency on the Wireless Transaction Protocol (WTP) of the Wireless Application Protocol family (WAP). During our work in the validation phase we also found some operational flaws in the protocol specification
SymbexNet: Checking Network Protocol Implementations using Symbolic Execution
The implementations of network protocols, such as DNS, DHCP and Zeroconf, are prone to flaws,
security vulnerabilities and interoperability issues caused by ambiguous requirements in protocol
specifications. Detecting such problems is not easy because (i) many bugs manifest themselves
only after prolonged operation; (ii) the state space of complex protocol implementations is large;
and (iii) problems often require additional information about correct behaviour from specifications.
This thesis presents a novel approach to detect various types of flaws in network protocol implementations
by combining symbolic execution and rule-based packet matching. The core idea
behind our approach is to generate automatically high-coverage test input packets for a network
protocol implementation. For this, the protocol implementation is run using a symbolic execution
engine to obtain test input packets. These packets are then used to detect potential violations of
rules that constrain permitted input and output packets and were derived from the protocol specification.
We propose a technique that repeatedly performs symbolic execution on selected test input
packets to achieve broad and deep exploration of the implementation state space. In addition, we
use the generated test packets to check interoperability between different implementations of the
same network protocol.
We present a system based on these techniques, SYMBEXNET, and show that it can automatically
generate test input packets that achieve high source code coverage and discover various bugs. We
evaluate SYMBEXNET on multiple implementations of two network protocols: Zeroconf, a service
discovery protocol, and DHCP, a network configuration protocol. SYMBEXNET is able to discover
non-trivial bugs as well as interoperability problems, most of which have been confirmed by the
developers
- …