1,943 Hits in 6.6 sec

Network configuration in a box: towards end-to-end verification of network reachability and security

Ehab Al-Shaer, Will Marrero, Adel El-Atawy, Khalid ElBadawi
2009 2009 17th IEEE International Conference on Network Protocols  
In this paper, we present a novel approach that models the global end-to-end behavior of access control configurations of the entire network including routers, IPSec, firewalls, and NAT for unicast and  ...  We then use computation tree logic (CTL) and symbolic model checking to investigate all future and past states of this packet in the network and verify network reachability and security requirements.  ...  AUTOMATED CONFIGURATION VERIFICATION AND ANALYSIS USING CONFIGCHECKER In this section, we show two approaches to analyze network configurations: (1) verifying that the end-to-end reachability of the  ... 
doi:10.1109/icnp.2009.5339690 dblp:conf/icnp/Al-ShaerMEE09 fatcat:caummbbekrfpdasdlvfw7p4bdq

Black-Box IoT: Authentication and Distributed Storage of IoT Data from Constrained Sensors [article]

Panagiotis Chatzigiannis, Foteini Baldimtsi, Constantinos Kolias, Angelos Stavrou
2021 arXiv   pre-print
We propose Black-Box IoT (BBox-IoT), a new ultra-lightweight black-box system for authenticating and storing IoT data.  ...  Finally, when compared to industry standard ECDSA, our approach is two and three orders of magnitude faster for signing and verification operations respectively.  ...  S-6 System policy and configuration security: BBox-IoT policy and configuration can only be changed by MSP.  ... 
arXiv:2103.04028v1 fatcat:ylowc4xiqjeczivyjnhcdxwouq

Probabilistic black-box reachability checking (extended version)

Bernhard K. Aichernig, Martin Tappler
2019 Formal methods in system design  
Unlike testing, it cannot be applied in a black-box setting. To overcome this limitation Peled et al. introduced black-box checking, a combination of testing, model inference and model checking.  ...  Model checking has a long-standing tradition in software verification. Given a system design it checks whether desired properties are satisfied.  ...  , and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.  ... 
doi:10.1007/s10703-019-00333-0 fatcat:v2bjotgaqnfxzekxqbm35fcv3a

A Survey on Network Verification and Testing with Formal Methods: Approaches and Challenges

Yahui Li, Xia Yin, Zhiliang Wang, Jiangyuan Yao, Xingang Shi, Jianping Wu, Han Zhang, Qing Wang
2018 IEEE Communications Surveys and Tutorials  
This has inspired a research field, network verification and testing, that enables users to automatically detect bugs and systematically reason their network.  ...  Furthermore, techniques ranging from formal modeling to verification and testing have been applied to help operators build reliable systems in electronic design automation and software.  ...  Then, it checks the network invariants (e.g., end-to-end reachability and a lack of forwarding black holes) based on Hassel [6] .  ... 
doi:10.1109/comst.2018.2868050 fatcat:h3op4heca5d75bpokfsbfevnwe

SymNet: scalable symbolic execution for modern networks [article]

Radu Stoenescu, Matei Popovici, Lorina Negreanu, Costin Raiciu
2016 arXiv   pre-print
We used SymNet to debug middlebox interactions documented in the literature, to check our department's network and the Stanford backbone network.  ...  SymNet can check networks containing routers with hundreds of thousands of prefixes and NATs in seconds, while ensuring packet header memory-safety and capturing network functionality such as dynamic tunneling  ...  Understanding end-to-end properties such as TCP reachability is difficult before deploying the network configuration, and deployment can disrupt live traffic.  ... 
arXiv:1604.02847v1 fatcat:eruvjg5s7ff2po5if6bodsoame

Routing-Verification-as-a-Service (RVaaS): Trustworthy Routing Despite Insecure Providers [article]

Liron Schiff, Kashyap Thimmaraju, Stefan Schmid
2016 arXiv   pre-print
RVaaS leverages key features of OpenFlow-based SDNs to combine (passive and active) configuration monitoring, logical data plane verification and actual in-band tests, in a novel manner.  ...  This can be undesirable, especially in the light of today's trend toward more programmable networks: after a successful cyber attack on the network management system or Software-Defined Network (SDN) control  ...  ACKNOWLEDGMENTS Research supported by the German Federal Office for Information Security (BSI). In particular, the authors would like to thank Jens Sieberg.  ... 
arXiv:1609.02324v1 fatcat:qupsjikodfcaxgpdr2in3py27y


Radu Stoenescu, Mark Handley, Costin Raiciu, Vladimir Olteanu, Matei Popovici, Mohamed Ahmed, Joao Martins, Roberto Bifulco, Filipe Manco, Felipe Huici, Georgios Smaragdakis
2015 Proceedings of the Tenth European Conference on Computer Systems - EuroSys '15  
Our experience shows that IN-NET is secure, scales to many users (thousands of clients on a single inexpensive server), allows for a wide-range of functionality, and offers benefits to end-users, network  ...  We show in this paper that blindly adopting cloud technologies in the context of in-network clouds is not feasible from both the security and scalability points of view.  ...  Acknowledgements This work was partly funded by Trilogy 2, a research project funded by the European Commission in its Seventh Framework program (FP7 317756).  ... 
doi:10.1145/2741948.2741961 dblp:conf/eurosys/StoenescuOPAMBM15 fatcat:5bv7bkjfwvf77ci5b36enjx2ra


Radu Stoenescu, Matei Popovici, Lorina Negreanu, Costin Raiciu
2016 Proceedings of the 2016 conference on ACM SIGCOMM 2016 Conference - SIGCOMM '16  
SymNet can check networks containing routers with hundreds of thousands of prefixes and NATs in seconds, while verifying packet header memory-safety and covering network functionality such as dynamic tunneling  ...  We used SymNet to debug middlebox interactions from the literature, to check properties of our department's network and the Stanford backbone. Modeling network functionality is not easy.  ...  Most paths were ended at the ASA box which appears to be configured correctly.  ... 
doi:10.1145/2934872.2934881 dblp:conf/sigcomm/StoenescuPNR16 fatcat:olojtunbpnbfrkinxqysvnvluq

Applying Formal Methods to Networking: Theory, Techniques, and Applications

Junaid Qadir, Osman Hasan
2015 IEEE Communications Surveys and Tutorials  
This has also led to a great resurgence in interest of applying formal methods to specification, verification, and synthesis of networking protocols and applications.  ...  In this paper, we present a self-contained tutorial of the formidable amount of work that has been done in formal methods, and present a survey of its applications to networking.  ...  In configuration management, we would like to have multiple abstractions, incorporating correctness checks, between the highlevel global end-to-end requirements and low-level distributed configuration  ... 
doi:10.1109/comst.2014.2345792 fatcat:oc6l6pn4tnddjbbr5v4gbbuycq

You Can Call but You Can't Hide: Detecting Caller ID Spoofing Attacks

Hossen Mustafa, Wenyuan Xu, Ahmad Reza Sadeghi, Steffen Schulz
2014 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks  
In this paper, we propose an end-to-end caller ID verification mechanism CallerDec that works with existing combinations of landlines, cellular and VoIP networks.  ...  Caller ID (caller identification) is a service provided by telephone carriers to transmit the phone number and/or the name of a caller to a callee.  ...  Forming such an end-to-end covert channel is difficult as CallerDec considers a telephone network as a black box and hence only the services that are available to end systems can be used, e.g., Short Message  ... 
doi:10.1109/dsn.2014.102 dblp:conf/dsn/MustafaXSS14 fatcat:bxfsaubcnnc37pxbrdyh6vigra


Toby Mathews .
2016 International Journal of Research in Engineering and Technology  
Modification of these protocols allows for extension of the verification to multi hop neighbours.  ...  Wireless Sensor Networks (WSN) implemented across a large campus can provide advanced levels of monitoring and control, and authenticated access, over the complete dynamic environment.  ...  This paper, reviews currently available data, and examines the security vulnerabilities related to routing, infoaggregation, and user verification in WSN situations.  ... 
doi:10.15623/ijret.2016.0507055 fatcat:e7nahovaabb43ikal5oopvazf4

Towards Automated Intelligence in 5G Systems

Haotian Deng, Qianru Li, Yuanjie Li, Songwu Lu, Chunyi Peng, Taqi Raza, Zhaowei Tan, Zengwen Yuan, Zhehui Zhang
2017 2017 26th International Conference on Computer Communication and Networks (ICCCN)  
radio access, mobility management, security, data/voice ser- tributed computing and verification techniques to the mobile vice quality, to name a few.  ...  problem is that, the correctness and prop- performance and security. erties of control-plane protocols are never carefully verified, To this end, our proposal follows the “smart client, verifiable  ... 
doi:10.1109/icccn.2017.8038472 dblp:conf/icccn/DengLLLPRTYZ17 fatcat:u2nakhij2zfqrhtgxq4tkuj2my

Demonstrating topoS: Theorem-prover-based synthesis of secure network configurations

Cornelius Diekmann, Andreas Korsten, Georg Carle
2015 2015 11th International Conference on Network and Service Management (CNSM)  
In network management, when it comes to security breaches, human error constitutes a dominant factor.  ...  We present our tool topoS which automatically synthesizes low-level network configurations from high-level security goals. The automation and a feedback loop help to prevent human errors.  ...  This work has been supported by the German Federal Ministry of Education, EUREKA project SASER, grant 16BP12304, and project SURF, grant 16KIS0145, and by the European Commission, project SafeCloud, grant  ... 
doi:10.1109/cnsm.2015.7367384 dblp:conf/cnsm/DiekmannKC15 fatcat:mblhjf4sv5aevpoxbutsur7coe

Enhanced Onos Sdn Controllers Deployment For Federated Multi-Domain Sdn-Cloud With Sd-Routing-Exchange

Aris Cahyadi Risdianto, Pang-Wei Tsai, Teck Chaw Ling, Chu-Sing Yang, JongWon Kim
2017 Malaysian Journal of Computer Science  
The requirement of auto provisioning, administration, management and governing of networking resources in distributed environment, which spreads over multiple administrative domains (i.e., multi-domain  ...  This method has improved the flexibility of networking control, and provides reasonable interconnections redundancy and performance enhancement.  ...  The preliminary verification is tested for end-to-end communication among VMs in two cloud sites.  ... 
doi:10.22452/mjcs.vol30no2.5 fatcat:fmcw65uherer3av7jln5bnj5gu

Initial Service Provider DevOps concept, capabilities and proposed tools [article]

Wolfgang John, Catalin Meirosu, Pontus Sköldström, Felician Nemeth, Andras Gulyas, Mario Kind, Sachin Sharma, Ioanna Papafili, George Agapiou, Guido Marchetto, Riccardo Sisto, Rebecca Steinert (+3 others)
2015 arXiv   pre-print
The sketch is based on lessons learned from a study of management and operational practices in the industry and recent related work with respect to management of SDN and cloud.  ...  This report presents a first sketch of the Service Provider DevOps concept including four major management processes to support the roles of both service and VNF developers as well as the operator in a  ...  In cooperation with the service instantiation and deployment framework developed in WP3, we will work on specifying how to describe monitoring and verification capabilities such that they could be integrated  ... 
arXiv:1510.02220v2 fatcat:djlkhh2dtrbxbo7iinrnlu33kq
« Previous Showing results 1 — 15 out of 1,943 results