3,333 research outputs found
Event-Driven Network Programming
Software-defined networking (SDN) programs must simultaneously describe
static forwarding behavior and dynamic updates in response to events.
Event-driven updates are critical to get right, but difficult to implement
correctly due to the high degree of concurrency in networks. Existing SDN
platforms offer weak guarantees that can break application invariants, leading
to problems such as dropped packets, degraded performance, security violations,
etc. This paper introduces EVENT-DRIVEN CONSISTENT UPDATES that are guaranteed
to preserve well-defined behaviors when transitioning between configurations in
response to events. We propose NETWORK EVENT STRUCTURES (NESs) to model
constraints on updates, such as which events can be enabled simultaneously and
causal dependencies between events. We define an extension of the NetKAT
language with mutable state, give semantics to stateful programs using NESs,
and discuss provably-correct strategies for implementing NESs in SDNs. Finally,
we evaluate our approach empirically, demonstrating that it gives well-defined
consistency guarantees while avoiding expensive synchronization and packet
buffering
Automation for network security configuration: state of the art and research trends
The size and complexity of modern computer networks are progressively increasing, as a consequence of novel architectural paradigms such as the Internet of Things and network virtualization. Consequently, a manual orchestration and configuration of network security functions is no more feasible, in an environment where cyber attacks can dramatically exploit breaches related to any minimum configuration error. A new frontier is then the introduction of automation in network security configuration, i.e., automatically designing the architecture of security services and the configurations of network security functions, such as firewalls, VPN gateways, etc. This opportunity has been enabled by modern computer networks technologies, such as virtualization. In view of these considerations, the motivations for the introduction of automation in network security configuration are first introduced, alongside with the key automation enablers. Then, the current state of the art in this context is surveyed, focusing on both the achieved improvements and the current limitations. Finally, possible future trends in the field are illustrated
Access Control Synthesis for Physical Spaces
Access-control requirements for physical spaces, like office buildings and
airports, are best formulated from a global viewpoint in terms of system-wide
requirements. For example, "there is an authorized path to exit the building
from every room." In contrast, individual access-control components, such as
doors and turnstiles, can only enforce local policies, specifying when the
component may open. In practice, the gap between the system-wide, global
requirements and the many local policies is bridged manually, which is tedious,
error-prone, and scales poorly.
We propose a framework to automatically synthesize local access control
policies from a set of global requirements for physical spaces. Our framework
consists of an expressive language to specify both global requirements and
physical spaces, and an algorithm for synthesizing local, attribute-based
policies from the global specification. We empirically demonstrate the
framework's effectiveness on three substantial case studies. The studies
demonstrate that access control synthesis is practical even for complex
physical spaces, such as airports, with many interrelated security
requirements
Access-Control Policies via Belnap Logic: Effective and Efficient Composition and Analysis
It is difficult to develop and manage large, multi-author access control policies without a means to compose larger policies from smaller ones. Ideally, an access-control policy language will have a small set of simple policy combinators that allow for all desired policy compositions. In [5], a policy language was presented having policy combinators based on Belnap logic, a four-valued logic in which truth values correspond to policy results of grant , deny , conflict , and undefined . We show here how policies in this language can be analyzed, and study the expressiveness of the language. To support policy analysis, we define a query language in which policy analysis questions can be phrased. Queries can be translated into a fragment of first-order logic for which satisfiability and validity checks are computable by SAT solvers or BDDs. We show how policy analysis can then be carried out through model checking, validity checking, and assume-guarantee reasoning over such translated queries. We also present static analysis methods for the particular questions of whether policies contain gaps or conflicts. Finally, we establish expressiveness results showing that all data independent policies can be expressed in our policy language. © 2008 IEEE
SNAP: Stateful Network-Wide Abstractions for Packet Processing
Early programming languages for software-defined networking (SDN) were built
on top of the simple match-action paradigm offered by OpenFlow 1.0. However,
emerging hardware and software switches offer much more sophisticated support
for persistent state in the data plane, without involving a central controller.
Nevertheless, managing stateful, distributed systems efficiently and correctly
is known to be one of the most challenging programming problems. To simplify
this new SDN problem, we introduce SNAP.
SNAP offers a simpler "centralized" stateful programming model, by allowing
programmers to develop programs on top of one big switch rather than many.
These programs may contain reads and writes to global, persistent arrays, and
as a result, programmers can implement a broad range of applications, from
stateful firewalls to fine-grained traffic monitoring. The SNAP compiler
relieves programmers of having to worry about how to distribute, place, and
optimize access to these stateful arrays by doing it all for them. More
specifically, the compiler discovers read/write dependencies between arrays and
translates one-big-switch programs into an efficient internal representation
based on a novel variant of binary decision diagrams. This internal
representation is used to construct a mixed-integer linear program, which
jointly optimizes the placement of state and the routing of traffic across the
underlying physical topology. We have implemented a prototype compiler and
applied it to about 20 SNAP programs over various topologies to demonstrate our
techniques' scalability
Network Security Automation
L'abstract è presente nell'allegato / the abstract is in the attachmen
High-Level Abstractions for Programming Network Policies
The emergence of network programmability enabled by innovations such as active network-
ing, SDN and NFV offers tremendous flexibility to program network policies. However,
it also poses a new demand to network operators on programming network policies. The
motivation of this dissertation is to study the feasibility of using high-level abstractions to
simplify the programming of network policies.
First, we propose scenario-based programming, a framework that allows network operators to program stateful network policies by describing example behaviors in representative
scenarios. Given these scenarios, our scenario-based programming tool NetEgg automatically infers the controller state that needs to be maintained along with the rules to process network events and update state. The NetEgg interpreter can execute the generated policy implementation on top of a centralized controller, but also automatically infers
flow-table rules that can be pushed to switches to improve throughput. We study a range of policies considered in the literature and report our experience regarding specifying these policies using scenarios. We evaluate NetEgg based on the computational requirements of our synthesis algorithm as well as the overhead introduced by the generated policy implementation. Our results show that our synthesis algorithm can generate policy implementations in seconds, and the automatically generated policy implementations have performance comparable to their hand-crafted implementations. Our preliminary user study results show that NetEgg was able to reduce the programming time of the policies we studied.
Second, we propose NetQRE, a high-level declarative language for programming quantitative network policies that require monitoring a stream of network packets. Based on a novel theoretical foundation of parameterized quantitative regular expressions, NetQRE integrates regular-expression-like pattern matching at flow-level as well as application-level payloads with aggregation operations such as sum and average counts. We describe a compiler for NetQRE that automatically generates an efficient implementation from the specification in NetQRE. Our evaluation results demonstrate that NetQRE is expressive to specify a wide range of quantitative network policies that cannot be naturally specified in other systems. The performance of the generated implementations is comparable with that of the manually-optimized low-level code. NetQRE can be deployed in different settings. Our proof-of-concept deployment shows that NetQRE can provide timely enforcement of quantitative network policies
Towards Model Checking Real-World Software-Defined Networks (version with appendix)
In software-defined networks (SDN), a controller program is in charge of
deploying diverse network functionality across a large number of switches, but
this comes at a great risk: deploying buggy controller code could result in
network and service disruption and security loopholes. The automatic detection
of bugs or, even better, verification of their absence is thus most desirable,
yet the size of the network and the complexity of the controller makes this a
challenging undertaking. In this paper we propose MOCS, a highly expressive,
optimised SDN model that allows capturing subtle real-world bugs, in a
reasonable amount of time. This is achieved by (1) analysing the model for
possible partial order reductions, (2) statically pre-computing packet
equivalence classes and (3) indexing packets and rules that exist in the model.
We demonstrate its superiority compared to the state of the art in terms of
expressivity, by providing examples of realistic bugs that a prototype
implementation of MOCS in UPPAAL caught, and performance/scalability, by
running examples on various sizes of network topologies, highlighting the
importance of our abstractions and optimisations
- …