Shadow configuration as a network management primitive

Alimi, Richard; Wang, Ye; Yang, Yufan

doi:10.1145/1402958.1402972

Cited by 44 publications

(28 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, an ISP might set up a router that listens to S*BGP messages from neighboring ASes, and then use these message to predict how becoming secure might impact its neighbors' route selections. A more sophisticated mechanism could use extended "shadow configurations" with neighboring ASes [1] to gain visibility into how traffic flows might change.…”

Section: Computing Projected Utilitymentioning

confidence: 99%

“…First, effort should be spent to engineer a lightweight simplex S*BGP. Second, with security impacting route selection, ISPs will need tools to forecast how S*BGP deployment will impact traffic patterns (e.g., using "shadow configurations", inspired by [1], with cooperative neighboring ASes) so they can provision their networks appropriately. Finally, our results suggest that S*BGP and BGP will coexist in the long term.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Let the market drive deployment

Gill

Schapira

Goldberg

2011

Proceedings of the ACM SIGCOMM 2011 Conference

View full text Add to dashboard Cite

With a cryptographic root-of-trust for Internet routing (RPKI [17]) on the horizon, we can finally start planning the deployment of one of the secure interdomain routing protocols proposed over a decade ago (Secure BGP [22], secure origin BGP [37]). However, if experience with IPv6 is any indicator, this will be no easy task. Security concerns alone seem unlikely to provide sufficient local incentive to drive the deployment process forward. Worse yet, the security benefits provided by the S*BGP protocols do not even kick in until a large number of ASes have deployed them.Instead, we appeal to ISPs' interest in increasing revenuegenerating traffic. We propose a strategy that governments and industry groups can use to harness ISPs' local business objectives and drive global S*BGP deployment. We evaluate our deployment strategy using theoretical analysis and large-scale simulations on empirical data. Our results give evidence that the market dynamics created by our proposal can transition the majority of the Internet to S*BGP.

show abstract

Section: Computing Projected Utilitymentioning

confidence: 99%

mentioning

confidence: 99%

Let the market drive deployment

Gill

Schapira

Goldberg

2011

Proceedings of the ACM SIGCOMM 2011 Conference

View full text Add to dashboard Cite

show abstract

“…For example, firewall modeling and conflict analysis were targeted by ( [4], [11], [14], and [20]). Also, there was a considerable amount of work on detecting misconfiguration in routing ( [10], [12], [5], and [16]). Other research has been done on creating general model for network devices ( [3], [8], and [19]).…”

Section: Related Workmentioning

confidence: 99%

FlowChecker

Al-Shaer

Al-Haj

2010

Proceedings of the 3rd ACM Workshop on Assurable and Usable Security Configuration

205

View full text Add to dashboard Cite

It is difficult to build a real network to test novel experiments. OpenFlow makes it easier for researchers to run their own experiments by providing a virtual slice and configuration on real networks. Multiple users can share the same network by assigning a different slice for each one. Users are given the responsibility to maintain and use their own slice by writing rules in a FlowTable. Misconfiguration problems can arise when a user writes conflicting rules for single FlowTable or even within a path of multiple OpenFlow switches that need multiple FlowTables to be maintained at the same time.In this work, we describe a tool, FlowChecker, to identify any intra-switch misconfiguration within a single FlowTable. We also describe the inter-switch or inter-federated inconsistencies in a path of OpenFlow switches across the same or different OpenFlow infrastructures. FlowChecker encodes FlowTables configuration using Binary Decision Diagrams and then uses the model checker technique to model the inter-connected network of OpenFlow switches.

show abstract

“…Manual analysis of the interaction among the policies of the many devices in the network with different syntax and semantics is infeasible. The increasing complexity of managing access control configurations due to larger networks and longer policies makes configuration errors highly likely [1]. These misconfigurations can cause major network failures such as reachability problems, security violations, and network vulnerabilities.…”

Section: Introductionmentioning

confidence: 99%

“…These misconfigurations can cause major network failures such as reachability problems, security violations, and network vulnerabilities. Recent studies have found that more than 62% of network failures today are due to network misconfiguration [1]. Configuration analysis is very important for debugging network problems and isolate errors due to protocol implementation bugs or configuration errors.…”

Section: Introductionmentioning

confidence: 99%

ConfigChecker: A tool for comprehensive security configuration analytics

Al-Shaer

Alsaleh

2011

2011 4th Symposium on Configuration Analytics and Automation (SAFECONFIG)

View full text Add to dashboard Cite

Recent studies show that configurations of network access control is one of the most complex and error prone network management tasks. For this reason, network misconfiguration becomes the main source for network unreachablility and vulnerability problems. In this paper, we present a novel approach that models the global end-to-end behavior of access control configurations of the entire network including routers, IPSec, firewalls, and NAT for unicast and multicast packets. Our model represents the network as a state machine where the packet header and location determines the state. The transitions in this model are determined by packet header information, packet location, and policy semantics for the devices being modeled. We encode the semantics of access control policies with Boolean functions using binary decision diagrams (BDDs). We then use computation tree logic (CTL) and symbolic model checking to investigate all future and past states of this packet in the network and verify network reachability and security requirements.Thus, our contributions in this work is the global encoding for network configurations that allows for general reachability and security property-based verification using CTL model checking. We have implemented our approach in a tool called ConfigChecker. While evaluating ConfigChecker, we modeled and verified network configurations with thousands of devices and millions of configuration rules, thus demonstrating the scalability of this approach. We also present a SCAP-based tool on top of ConfigChecker that integrates host and network configuration compliance checking in one model and allows for executing comprehensive analysis queries in order to verify security and risk requirements across the end-to-end network as a single system.

show abstract

Shadow configuration as a network management primitive

Cited by 44 publications

References 35 publications

Let the market drive deployment

Let the market drive deployment

FlowChecker

ConfigChecker: A tool for comprehensive security configuration analytics

Contact Info

Product

Resources

About