Secure migration of virtual SDN topologies

International audienceWith the emergence of Software Defined Networks (SDN), new virtualization techniques have appeared (e.g., FlowVi-sor [14]). Traditional hypervision has attracted a lot of attention with respect to resource sharing and multi-tenancy. Cloud providers have usually a solid knowledge on how to manage computing , memory and storage resources, but often lack the ability to properly manage network resources. Thanks to OpenFlow, a widespread SDN southbound interface protocol, virtualizing the network infrastructure has become possible. However, network virtualization also comes with its own security issues ([5], [6]). In this paper, we focus on the security aspects related to the migration of virtual networks. After providing a brief overview of the technological scope of our work, we review the state of the art of the migration of virtual resources. Finally, we conclude with our current results and the prospective outcomes we expect to obtain

Optimizing resource allocation for secure SDN-based virtual network migration

International audienceRecent evolutions in cloud infrastructures allowed service providers to tailor new services for demanding customers. Providing these services confronts the infrastructure providers with costs and constraints considerations. In particular, security constraints are a major concern for today's businesses as the leak of personal information would tarnish their reputation. Recent works provide examples on how an attacker may leverage the infrastructure's weaknesses to steal sensitive information from the users. Specifically, an attacker can leverage maintenance processes inside the infrastructure to conduct an attack. In this paper, we consider the migration of a virtual network as the maintenance process. Then we determine the optimal monitoring resources allocation in this context with a Markov Decision Process. This model takes into account the impact of monitoring the infrastructure, the migration process and finally how the attacker may chose particular targets in the infrastructure. We provide a working prototype implemented in Python

Caractérisation de la sécurité de la migration de réseaux virtuels SDN : approche formelle et optimisation des ressources

This thesis investigates the security of virtual network migration. Over the years, virtualization has been used to optimize physical resources and to support businesses’ infrastructure. Virtualization consists in exposing a fraction of a resource for a user to operate. Virtual Machines are used to host business services like web servers or a backup service. Network virtualization has not benefited from the same interest from researchers and the industry. The Software Defined Networking paradigm has introduced new possibilities to implement network virtualization and provide users with a flexible network, decoupled from the physical equipment. Virtual Networks are used to interconnect Virtual Machines and can be configured with specific routing policies or security protocols. In case of a failure of the resource, either accidental or intentional, the virtualization infrastructure will migrate the resource to maintain the service provided.The security of Virtual Machines and their migration is a well-researched topic that has been widely in the past, while the study of network virtualization and especially the migration process only are at an early stage. The attack surface of network virtualization is similar in nature to the virtualization of legacy resources, and presents an additional aspect because of the use of Software Defined Networking.The motivation of this research is to investigate the security of the virtual network migration process in the context of Software Defined Networking. In order to do so, we first define the scope of the study and focus on the networking aspect of the migration. Then, we outline the threat model of the migration process and devise a detection mechanism against attacks in the virtualization infrastructure. Finally, we optimize the previous mechanism by optimizing the deployment of network monitoring resources for an optimal coverage.In the first part of this thesis we propose a formal approach to describe the different aspects of the virtualization infrastructure. We use a first order formalism to model several security properties as a set of logical predicates. These predicates account for both physical and virtual elements of the virtualization infrastructure, and the data use by both end users and the infrastructure owner.An execution trace is generated during the migration of a virtual network, and will be used by a theorem prover to compute a formal proof to verify if a security violation occurred. The first order model is based on the assumption that the execution trace is generated using perfect monitoring. This implies that the proof is complete and that the networking monitoring is always done under optimal conditions.We alleviate this assumption by modeling a resource allocation problem to determine how the monitoring resources should be deployed and which network nodes provide the best coverage. We solve this problem using a Markov Decision Process, and determine a dynamic deployment of monitoring resources during the migration. We conclude our optimization with a proposition of a static deployment of the resources prior to the migration.Cette thèse explore la sécurité de la migration de réseaux virtuels. Au cours des années, la virtualisation a été utilisée pour optimiser l'usage des ressources informatiques et pour supporter les infrastructures des entreprises. La virtualisation consiste à allouer une partie des ressources d'une machine physique à un utilisateur (sous la forme d'une machine virtuelle) pour qu'il puisse l'exploiter. Les machines virtuelles sont utilisées pour héberger des services opérationnels comme un serveur internet ou une base de données. La virtualisation des réseaux n'a pas profité du même intérêt de la part des chercheurs et des acteurs industriels. Le paradigme du Software Defined Networking a introduit de nouvelles possibilités pour implémenter la virtualisation réseau et fournir aux utilisateurs une solution flexible pour leurs besoins métiers. Les réseaux virtuels sont utilisés pour interconnecter des machines virtuelles, et ils peuvent être configurés avec des règles de routages ou des protocoles de sécurité spécifiques. Dans l'éventualité où un équipement réseau tomberait en panne ou sous le coup d'une attaque informatique, le système d'hypervision va migrer les ressources afin de préserver la disponibilité des services utilisateurs.La sécurité des machines virtuelles et de leur migration est un domaine de recherche qui a été grandement exploré par le passé, tandis que la virtualisation réseau et plus spécifiquement la migration de réseaux virtuels restent encore des domaines de recherche assez jeune et où beaucoup reste à faire. La surface d'attaque de la virtualisation réseau est similaire en nature à celle de la virtualisation traditionnelle, mais elle présente un aspect supplémentaire dû à l'usage du paradigme du Software Defined Networking. La motivation de notre travail est d'étudier la sécurité du processus de migration des réseaux virtuels, dans le contexte du Software Defined Networking. Nous proposons d'atteindre cet objectif en trois phases. Tout d'abord, nous définissons le périmètre de cette étude, et nous concentrons sur l'aspect réseau de la migration. Ensuite, nous décrivons le modèle d'attaquant afin de compromettre la migration des réseaux et nous concevons un mécanisme de détection contre les attaques envers l'infrastructure de virtualisation. Enfin, nous améliorons le mécanisme de défense en optimisant le déploiement des ressources de détection afin d'obtenir une couverture optimale de l'infrastructure.Dans la première partie de cette thèse, nous proposons une approche formelle pour décrire les différents composants de l'infrastructure de virtualisation.Nous utilisons un formalisme de logique du premier ordre pour décrire différentes propriétés de sécurité sous la forme de prédicats booléens.Cette modélisation inclut la représentation des données des utilisateurs finaux ainsi que l'infrastructure de virtualisation.Une trace d'exécution est générée pendant la migration d'un réseau virtuel, et est ensuite utilisée par un prouveur de théorème afin de vérifier formellement si la sécurité de la migration a été respectée. Le modèle formel est basé sur la supposition que la trace d'exécution est générée par un outil de supervision exempt de tout défaut. Ceci implique que la preuve formelle est complète. Nous levons cette hypothèse en modélisant un problème d'allocation de ressources afin de déterminer quels équipements réseau devraient être chargés de la détection d'attaques pour une couverture optimale. Nous résolvons ce problème en utilisant un processus de décision markovien. Nous concluons notre optimisation en proposant un déploiement statique des ressources, en amont de toute migration

Usage control policy enforcement in SDN-based clouds: a dynamic availability service use case

International audienceWith the growing interest in Software Defined Networking (SDN) and thanks to the programmability provided by SDN protocols like OpenFlow, network application developers have started implementing solutions to fit corporate needs, like firewalls, load balancers and security services. In this paper, we present a novel solution to answer those needs with usage control policies. We design a policy based management framework offering SDN network security policies. This approach is used to enforce performance requirements (e.g., to ensure a certain level of network connectivity). A top-down approach is proposed, in order to refine the policies into the appropriate network rules, via the OpenFlow protocol. Finally, we implement the solution with an availability service use case and we provide a set of experiments to evaluate its efficiency

Genomic random regression for adaptation breeding: Whole-genome prediction of the reaction norms to environmental stress in bread wheat (Triticum aestivum L.)

Book of abstracts p. 85-86Genomic random regression for adaptation breeding: Whole-genome prediction of the reaction norms to environmental stress in bread wheat (Triticum aestivum L.). EUCARPIA Biometrics in Plant Breedin

Explainable artificial intelligence for cybersecurity: a literature survey

International audienceAbstract With the extensive application of deep learning (DL) algorithms in recent years, e.g., for detecting Android malware or vulnerable source code, artificial intelligence (AI) and machine learning (ML) are increasingly becoming essential in the development of cybersecurity solutions. However, sharing the same fundamental limitation with other DL application domains, such as computer vision (CV) and natural language processing (NLP), AI-based cybersecurity solutions are incapable of justifying the results (ranging from detection and prediction to reasoning and decision-making) and making them understandable to humans. Consequently, explainable AI (XAI) has emerged as a paramount topic addressing the related challenges of making AI models explainable or interpretable to human users. It is particularly relevant in cybersecurity domain, in that XAI may allow security operators, who are overwhelmed with tens of thousands of security alerts per day (most of which are false positives), to better assess the potential threats and reduce alert fatigue. We conduct an extensive literature review on the intersection between XAI and cybersecurity. Particularly, we investigate the existing literature from two perspectives: the applications of XAI to cybersecurity (e.g., intrusion detection, malware classification), and the security of XAI (e.g., attacks on XAI pipelines, potential countermeasures). We characterize the security of XAI with several security properties that have been discussed in the literature. We also formulate open questions that are either unanswered or insufficiently addressed in the literature, and discuss future directions of research

Explainable artificial intelligence for cybersecurity: a literature survey

International audienceAbstract With the extensive application of deep learning (DL) algorithms in recent years, e.g., for detecting Android malware or vulnerable source code, artificial intelligence (AI) and machine learning (ML) are increasingly becoming essential in the development of cybersecurity solutions. However, sharing the same fundamental limitation with other DL application domains, such as computer vision (CV) and natural language processing (NLP), AI-based cybersecurity solutions are incapable of justifying the results (ranging from detection and prediction to reasoning and decision-making) and making them understandable to humans. Consequently, explainable AI (XAI) has emerged as a paramount topic addressing the related challenges of making AI models explainable or interpretable to human users. It is particularly relevant in cybersecurity domain, in that XAI may allow security operators, who are overwhelmed with tens of thousands of security alerts per day (most of which are false positives), to better assess the potential threats and reduce alert fatigue. We conduct an extensive literature review on the intersection between XAI and cybersecurity. Particularly, we investigate the existing literature from two perspectives: the applications of XAI to cybersecurity (e.g., intrusion detection, malware classification), and the security of XAI (e.g., attacks on XAI pipelines, potential countermeasures). We characterize the security of XAI with several security properties that have been discussed in the literature. We also formulate open questions that are either unanswered or insufficiently addressed in the literature, and discuss future directions of research

User-Centric Security and Dependability in the Clouds-of-Clouds

International audienceA promising vision of distributed cloud computing is a unified world of multiple clouds, with business benefits at hand. In practice, lack of interoperability among clouds and management complexity raise many security and dependability concerns. We introduce secure SUPERCLOUD computing as a new paradigm for security and dependability management of distributed clouds. SUPERCLOUD follows a user-centric and self-managed approach to avoid technology and vendor lock-ins. In SUPERCLOUD, users define U-Clouds, which are isolated sets of computation, data, and networking services run over both private and public clouds operated by multiple providers, with customized security requirements as well as self-management for reducing administration complexity. This paper presents the SUPERCLOUD architecture with focus on SUPERCLOUD security infrastructure. We also illustrate through several use cases how practical applicability of the SUPERCLOUD paradigm may be achieved

Whole-genome prediction of reaction norms to environmental stress in bread wheat (Triticum aestivum L.) by genomic random regression

International audiencePlant breeding has always sought to develop crops able to withstand environmental stresses, but this is all the more urgent now as climate change is affecting the agricultural regions of the world. It is currently difficult to screen genetic material to determine how well a crop will tolerate various stresses. Multi-environment trials (MET) which include a particular stress condition could be used to train a genomic selection model thanks to molecular marker information that is now readily available. Our study focuses on understanding how and predicting whether a plant is adapted to a particular environmental stress. We propose a way to use genomic random regression, an extension of factorial regression, to model the reaction norms of a genotype to an environmental stress: the factorial regression genomic best linear unbiased predictor (FR-gBLUP). Twenty-eight wheat trials in France (3 years, 12 locations, nitrogen or water stress treatments) were split into two METs where different stresses limited grain number and yield. In MET1, drought at flowering was responsible for 46.7% of the genotype-by-environment (G x E) interactions for yield while in MET2, heat stress during booting was identified as the main factor responsible for G x E interactions, but that explained less of the interaction variance (33.6%). Since drought at flowering explained a fairly large variance in G x E in MET1, the FR-gBLUP model was more accurate than the additive gBLUP across all types of cross validation. Accuracy gains varied from 2.4% to 12.9% for the genomic regression to drought. In MET2 accuracy gains were modest, varying from 5.7% to 2.4%. When a major stress influencing G x E is identified, the FR-gBLUP strategy makes it possible to predict the level of adaptation of genotyped individuals to varying stress intensities, and thus to select them in silico. Our study demonstrates how genome-wide selection can facilitate breeding for adaptation