Nicolas Schnepf scite author profile

Nicolas Schnepf

5Publications

22Citation Statements Received

69Citation Statements Given

How they've been cited

How they cite others

Affiliations

Aalborg University, Université de Lorraine, Dynamic Systems (United States)

Publications

Order By: Most citations

Automated verification of security chains in software-defined networks with synaptic

Schnepf¹,

Badonnel²,

Lahmadi³

et al. 2017

View full text Add to dashboard Cite

Software-defined networks provide new facilities for deploying security mechanisms dynamically. In particular, it is possible to build and adjust security chains to protect the infrastructures, by combining different security functions, such as firewalls, intrusion detection systems and services for preventing data leakage. It is important to ensure that these security chains, in view of their complexity and dynamics, are consistent and do not include security violations. We propose in this paper an automated strategy for supporting the verification of security chains in software-defined networks. It relies on an architecture integrating formal verification methods for checking both the control and data planes of these chains, before their deployment. We describe algorithms for translating specifications of security chains into formal models that can then be verified by Satisfiability Modulo Theories (SMT) solving or model checking. Our solution is prototyped as a package, named Synaptic, built as an extension of the Frenetic family of SDN programming languages. The performances of our approach are evaluated through extensive experimentations based on the CVC4, veriT, and nuXmv checkers.

show abstract

Resilient Capacity-Aware Routing

Schmid

Schnepf

Srba

2021

View full text Add to dashboard Cite

To ensure a high availability, communication networks provide resilient routing mechanisms that quickly change routes upon failures. However, a fundamental algorithmic question underlying such mechanisms is hardly understood: how to verify whether a given network reroutes flows along feasible paths, without violating capacity constraints, for up to k link failures? We chart the algorithmic complexity landscape of resilient routing under link failures, considering shortest path routing based on link weights as e.g. deployed in the ECMP protocol. We study two models: a pessimistic model where flows interfere in a worst-case manner along equal-cost shortest paths, and an optimistic model where flows are routed in a best-case manner, and we present a complete picture of the algorithmic complexities. We further propose a strategic search algorithm that checks only the critical failure scenarios while still providing correctness guarantees. Our experimental evaluation on a benchmark of Internet and datacenter topologies confirms an improved performance of our strategic search by several orders of magnitude.

show abstract

Generation of SDN policies for protecting android environments based on automata learning

Schnepf

Badonnel

Lahmadi

et al. 2018

View full text Add to dashboard Cite

Software-defined networking offers new opportunities for protecting end users and their applications. In that context, dedicated chains can be built to combine different security functions, such as firewalls, intrusion detection systems and services for preventing data leakage. To configure these security chains, it is important to have an adequate model of the patterns that end user applications exhibit when accessing the network. We propose an automated strategy for learning the networking behavior of end applications using algorithms for generating finite state models. These models can be exploited for inferring SDN policies ensuring that applications respect the observed behavior: such policies can be formally verified and deployed on SDN infrastructures in a dynamic and flexible manner. Our solution is prototypically implemented as a collection of Python scripts that extend our Synaptic verification package. The performance of our strategy is evaluated through extensive experimentations and is compared to the Synoptic and Invarimint automata learning algorithms.

show abstract

Synaptic: A formal checker for SDN-based security policies

Schnepf

Badonnel

Lahmadi

et al. 2018

View full text Add to dashboard Cite

Rule-Based Synthesis of Chains of Security Functions for Software-Defined Networks

Schnepf

Badonnel

Lahmadi

et al. 2019

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Nicolas Schnepf

Automated verification of security chains in software-defined networks with synaptic

Resilient Capacity-Aware Routing

Generation of SDN policies for protecting android environments based on automata learning

Synaptic: A formal checker for SDN-based security policies

Rule-Based Synthesis of Chains of Security Functions for Software-Defined Networks

Contact Info

Product

Resources

About