preacher
play

Preacher: Network Policy Checker for Adversarial Environments - PowerPoint PPT Presentation

Mar 21, 2023 •273 likes •469 views

Preacher: Network Policy Checker for Adversarial Environments Kashyap Thimmaraju, Liron Schiff and Stefan Schmid 1 Backdoors and exploits Network devices are very effective attack vectors Provide access to internal networks

  1. Preacher: Network Policy Checker for Adversarial Environments Kashyap Thimmaraju, Liron Schiff and Stefan Schmid 1

  2. Backdoors and exploits • Network devices are very effective attack vectors • Provide access to internal networks • Transparent to many security measures • Hard to detect • Mostly used by state actors • Exploiting 0-day vulnerabilities • Compromising supply chains 2

  3. Admin Attack model Internet • A compromised network device can run arbitrary malicious code. • Modify traffic • To attack network hosts (including DoS) • Report false configuration and state • To evade detection • Two attack building blocks: 3

  4. Attack model (cont.) • Attack examples: a) Denial of service b) Port-scan c) Mirroring d) MitM e) Covert channel f) Re-route 4

  5. Verifier Admin Naïve solution: Traje jectory Sampling (T (TS) Internet • Sample packets • Global set of hash values - Attacker avoids them • Send samples to verifier • Attacker corrupt them on the way • Compare trajectories to policy • Good for traffic monitoring, but not suited adversarial settings 5

  6. Verifier Admin Split Assignment Traje jectory ry Sampling (S (SATS) [Le Lee&Kim DS DSN06] Internet • Sample packets • Independent sets of hash values - Attacker avoids them • Send samples to verifier • Switch should use encryption • Compare trajectories to policy • Designed for adversarial settings • But… 6

  7. Verifier Admin SATS Limitations Internet • Sample packets • Security guarantees? • Fixed-hash-crafted injection! • Switch compatibility • Control plane security • Messages (samples and assignments) • Endpoints (verifier etc.) • Compare trajectories to policy • Obtain policy (network compatibility)? • Scalability? 7

  8. Preacher • An improved trajectory sampling solution • Harnesses programmable network technologies • Uses robust and distributed design • Includes a security analysis and a prototype • Addresses all SATS limitations 8

  9. Contributions • Sample packets • Security guarantees ✓ Analysis + evaluations • Fixed-hash-crafted injection ✓ Dynamic assignment • Switch compatibility ✓ SDN switch • Control plane security • Messages (samples and assignments) ✓ OpenFlow encryption • Endpoints (verifier etc.) ✓ Distributed design • Compare trajectories to policy • Obtain policy (network compatibility) ✓ SDN controller • Scalability ✓ Parallel design 9

  10. Preacher Scheme Preacher • Cooperates with controller and Routing app. Hash (policy) Verification routing apps assignment • Sends hash assignments (switch Controller configuration) • Receives samples (e.g., PacketIns) Incoming Switch Topology Samples config. • Obtains a policy • Verifies samples Internet • For each sample computes other expected samples (using the policy) • Detects inconsistencies (with timeouts) 10

  11. Preacher Scheme – Distributed and Parallel Use redundancy to improve Preacher security and fault tolerance! Routing app. Hash (policy) Verification assignment Controller Incoming Switch Topology Samples config. Internet 11

  12. Preacher Scheme – Distributed and Parallel Use redundancy to improve Verification Hash assignment security and fault tolerance! Verifier Assigner • Hash Assignment • Each assigner configures a subset of switches Verifier Assigner (or pairs) Verifier Assigner • Compromise or malfunction of one assigner is not fatal • Verification Internet • Each verifier is responsible for a subset of hashes, and receives a subset of the samples. • Better performance and security (depending on subset overlaps) 12

  13. Security Analysis Internet • An attack occurs along a directed path • Where the packet should have traversed • Detection requirement • Attacked packet hash is assigned before and after attack • Same for drop and inject • Hash assignments • Each switch is assigned with p of hash space. p is very small ( 𝑞 ≪ 1 𝑜 ). • Independent vs. pairs assignment 13

  14. Security Analysis • Detection probability 𝑙 2 𝑙 1 • For independent assignment: 𝑄 𝑗𝑏 = 1 − 1 − 𝑞 𝑙 1 ∙ 1 − 1 − 𝑞 𝑙 2 ≈ 𝑞 2 𝑙 1 𝑙 2 • For pairs assignment: 𝑙 1 𝑙 2 𝑞 ≈ 𝑞𝑙 1 𝑙 2 𝑄 𝑞𝑏 > 1 − 1 − 𝑜 − 1 𝑜 − 1 • We assume #packets-till-detection follows geometric distribution. • We use common packet rates to get expected detection time . • We use common data center link capacities to derive expected total samples’ rate ( pps) . 14

  15. Evaluation • Prototype based on ONOS-1.4 with OpenFlow 1.3 as controller. • Used services: Flow objective, Flow rule, Device, Packet-in • Clos topology with k=4 • Open vSwitch (OvS) for switches • Experiments goals: • Verifying analysis • Evaluating overheads • Switch • Controller • Evaluating throughput 1 core ≈ 1000 pps 15

  16. Detection Time vs. Resources • With pairs-assignment • Attacks in small network can easily be detected within minutes • In big networks ~10 servers (~100 cores) are needed. • With simple independent assignment • Even in small networks it is very hard to detect. • In big networks it is infeasible. 16

  17. Future work • Implementation with more programmable network devices • hardware switches, P4 switches and smart NICs • Experimenting at SDN datacenters 17

  18. Summary • Preacher harnesses programmable network technologies • Uses distributed design to ensure robustness and security • Provides provable security • Open source prototype is available at: www.github.com/securedataplane/preacher 18

Recommend

Sunday 28th January 2018. Presentation of Christ 10:00 a.m. Holy Eucharist: President /preacher

Sunday 28th January 2018. Presentation of Christ 10:00 a.m. Holy Eucharist: President /preacher

Sunday 28th January 2018. Presentation of Christ 10:00 a.m. Holy Eucharist: President /preacher Rev Tony Jeynes 6:00 pm - St Lazarus Pissouri Eucharist: President: Rod Welcome to St Barnabas Anglican Church in the Diocese of Cyprus and the

294 views • 4 slides
SERMON FROM COVENTRY CATHEDRAL PREACHER David Stone, Canon Precentor DATE 1 February 2015, The

SERMON FROM COVENTRY CATHEDRAL PREACHER David Stone, Canon Precentor DATE 1 February 2015, The

SERMON FROM COVENTRY CATHEDRAL PREACHER David Stone, Canon Precentor DATE 1 February 2015, The Presentation of Christ in the Temple EVENT The Cathedral Eucharist, 10.30 am BIBLE READINGS Hebrews 2.14-18, Luke 2.22-40 THEME I have had

327 views • 3 slides
Social Support and Support enables Self-Efficacy Self-Efficacy: Self-Efficacy cultivates

Social Support and Support enables Self-Efficacy Self-Efficacy: Self-Efficacy cultivates

Mediator and Moderator Methods Single Mediator Model MEDIATOR M a b INDEPENDENT DEPENDENT VARIABLE VARIABLE c X Y Based on David P. MacKinnon Arizona State University 2003 and Preacher & Hayes, 2004 Other names for Mediators

584 views • 6 slides
Two-Level Mediation m aj bj x y c j Indirect effect: * + Cov ( a j , b j ) Bauer,

Two-Level Mediation m aj bj x y c j Indirect effect: * + Cov ( a j , b j ) Bauer,

Two-Level Mediation m aj bj x y c j Indirect effect: * + Cov ( a j , b j ) Bauer, Preacher & Gil (2006). Conceptualizing and testing random indirect effects and moderated mediation in multilevel models: New procedures and

352 views • 3 slides
D iscouragement comes in many forms at many times. In Jeremiah 20, discouragement came to

D iscouragement comes in many forms at many times. In Jeremiah 20, discouragement came to

Jeremiah Lesson Seven: When the Preacher Wants to Quit Reading: Jeremiah 20 D iscouragement comes in many forms at many times. In Jeremiah 20, discouragement came to Jeremiah in the form of intense public humiliation at the hands of a

337 views • 4 slides
Truthfulness of Promised Messiah (AS) Preaching And whoever travels to English countries to

Truthfulness of Promised Messiah (AS) Preaching And whoever travels to English countries to

Truthfulness of Promised Messiah (AS) Preaching And whoever travels to English countries to preach purely for the sake of God will be amongst righteous and if he dies he will be amongst martyrs. Noor Ul Haq Page 252 1- Preacher 2- Contact 3-

507 views • 15 slides
The Fathers Heart for the Children Malachi 4 1. Love your children a. Fatherhood is critical

The Fathers Heart for the Children Malachi 4 1. Love your children a. Fatherhood is critical

Preacher: Joseph Gan The Fathers Heart for the Children Malachi 4 1. Love your children a. Fatherhood is critical b. Love your wives 2. Train your children a. Teach your children b. Filling the moral warehouse 3. Show your children a. Defend

550 views • 36 slides
Roger Williams 02.18.12 || English 2327: American Literature I || D. Glen Smith, instructor

Roger Williams 02.18.12 || English 2327: American Literature I || D. Glen Smith, instructor

Roger Williams 02.18.12 || English 2327: American Literature I || D. Glen Smith, instructor overview Roger Williams , an independent preacher, founded the colony Rhode Island. controversial fjgure in the Puritan landscape; proposed radical

461 views • 17 slides
shepherd Dedicated Trusted Risk taker Respected Trevor Shepherd Warm Leadership Pastoral

shepherd Dedicated Trusted Risk taker Respected Trevor Shepherd Warm Leadership Pastoral

Evangelist Pastoral shepherd Dedicated Trusted Risk taker Respected Trevor Shepherd Warm Leadership Pastoral Rural Methodist All rounder Sincere Edward (Ted) Baker Reader Lay preacher Loving Thinker Committed Business woman

620 views • 25 slides

More recommend