A Hypothesis Testing Framework for Network Security

Computer circuit board in the form of the human brainInvestigators: P. Brighten Godfrey, Matthew Caesar, David Nicol, William Sanders, and Dong (Kevin) Jin

This project develops a scientific approach to testing hypotheses about network security when those tests must consider layers of complex interacting policies within the network stack. The work is motivated by observation that the infrastructure of large networks is hideously complex, and so is vulnerable to various attacks on services and data. Coping with these vulnerabilities consumes significant human management time, just trying to understand the network’s behavior. Unfortunately, even very simple behaviors – such as whether it is possible for any packet (however unusual) to flow between two devises – are difficult for operators to test, and synthesizing these low-level behaviors into a high-level quantitative understanding of network security has been beyond reach.

We propose to develop the analysis methodology needed to support scientific reasoning about the security of networks, with a particular focus on information and data flow security. The core of this vision is Network Hypothesis Testing Methodology (NetHTM), a set of techniques for performing and integrating security analyses applied at different network layers, in different ways, to pose and rigorously answer quantitative hypotheses about the end-to-end security of a network.

Hard Problems Addressed

Publications

  1. Ahmed Khurshid, Wenxuan Zhou, Matthew Caesar, and P. Brighten Godfrey, “VeriFlow: Verifying Network-Wide Invariants in Real Time”, First Workshop on Hot Topics in Software Defined Networks (HotSDN 2012), Helsinki, Finland, August 13, 2012. [full text]
  2. Dong Jin and Yi Ning, “Securing Industrial Control Systems with a Simulation-based Verification System”, ACM SIGSIM Conference on Principles of Advanced Discrete Simulation, Denver, CO, May 18-21, 2014. [full text]
  3. Soudeh Ghorbani and Brighten Godfrey, “Towards Correct Network Virtualization”, ACM Workshop on Hot Topics in Software Defined Networks (HotSDN 2014), Chicago, IL, August 22, 2014. Best Paper Award [full text]
  4. Wenxuan Zhou, Dong Jin, Jason Croft, Matthew Caesar, and P. Brighten Godfrey, “Enforcing Customizable Consistency Properties in Software-Defined Networks”, 12th USENIX Symposium on Networked Systems Design and Implementation (NSDI 2015), Oakland, CA, May 4-6, 2015. [full text]
  5. Jiaqi Yan and Dong Jin, “A Virtual Time System for Linux-container-based Emulation of Software-defined Networks”, ACM SIGSIM Conference on Principles of Advanced Discrete Simulation, London, UK, June 10-12, 2015. [full text]
  6. Ning Liu, Adnan Haider, Xian-He Sun and Dong Jin, “FatTreeSim: Modeling a Large-scale Fat-Tree Network for HPC Systems and Data Centers Using Parallel and Discrete Even Simulation”, ACM SIGSIM Conference on Principles of Advanced Discrete Simulation, London, UK, June 10-12, 2015. Best Paper Award [full text]
  7. Ning Liu, Xian-He Sun, and Dong Jin, “On Massively Parallel Simulation of Large-Scale Fat-Tree Networks for HPC Systems and Data Centers”, ACM SIGSIM Conference on Principles of Advanced Discrete Simulation, London, UK, June 10-12, 2015. Best Poster Award [poster]
  8. Jiaqi Yan and Dong Jin, “VT-Miniet: Virtual-time-enabled Mininet for Scalable and Accurate Software-Define Network Emulation”, ACM SIGCOMM Symposium on SDN Research (SOSR 2015), Santa Clara, CA, June 17-18, 2015. [full text]
  9. Dong Jin and David Nicol, “Parallel Simulation and Virtual-machine-based Emulation of Software-defined Networks”, ACM Transactions on Modeling and Computer Simulation, volume 26, issue 1, December 2015. [full text]
  10. Anduo Wang, Xueyuan Mei, Jason Croft, Matthew Caesar, and Brighten Godfrey, “Ravel: A Database-Defined Network”, ACM SIGCOMM Symposium on Software Defined Networking Research (SOSR 2016), Santa Clara, CA, March 13-17, 2016. [full text]
  11. Christopher Hannon, Jiaqi Yan, and Dong Jin, “DSSnet: A Smart Grid Modeling Platform Combining Electrical Power Distribution System Simulation and Software Defined Networking Emulation”, Illinois Institute of Technology Research Day, April 11, 2016. Best Poster Award [poster]
  12. Christopher Hannon, Jiaqi Yan, and Dong Jin, “DSSnet: A Smart Grid Modeling Platform Combining Electrical Power Distribution System Simulation and Software Defined Networking Emulation”, ACM SIGSIM Conference on Principles of Advance Discrete Simulation (PADS 2016), Banff, Alberta, Canada, May 15-18, 2016. [full text]
  13. Dong Jin, Jiaqi Yan, Xi Lin, Christopher Hannon, Hui Lin, Zbigniew Kalbarczyk, Ravishankar Iyer, Chen Chen, Jianhui Wang, and Cheol Won Lee, “Towards Secure and Resilient Industrial Control System with Software-Defined Networking”, Workshop on Science of Security through Software-Defined Networking, Chicago, IL, June 16-17, 2016. Best Poster Award [poster]
  14. Jiaqi Yan and Dong Jin, “A Lightweight Container-based Virtual Time System for Software-defined Network Emulation”, Journal of Simulation, November 16, 2016. [full text]
  15. Xin Liu and Dong Jin, “ConVenus: Congestion Verification of Network Updates in Software-defined Networks”, Winter Simulation Conference (WSC 2016), Washington, DC, December 11-14, 2016. [full text]
  16. Christopher Hannon, Dong Jin, Chen Chen, and Jianhui Wang, “Ultimate Forwarding Resilience in OpenFlow Networks”, ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization (SDN-NFV Security 2017), Scottsdale, AZ, March 24, 2017. [full text]
  17. Santhosh Prabhu, Mo Dong, Tong Meng, P. Brighten Godfrey, and Matthew Caesar, “Let Me Rephrase That: Transparent Optimization in SDNs”, ACM Symposium on SDN Research (SOSR 2017), Santa Clara, CA, April 3-4, 2017. [full text]
  18. Soudeh Ghorbani and P. Brighten Godfrey, “COCONUT: Seamless Scale Out of Network Elements”, Twelfth European Conference on Computer Systems (EuroSys 2017), Belgrade, Serbia, April 23-26, 2017. [full text]
  19. Jiaqi Yan, Xin Liu, and Dong Jin, “Simulation of a Software-Defined Network as One Big Switch”, 2017 ACM SIGSIM Conference on Principles of Advanced Discrete Simulation (ACM SIGSIM PADS), Singapore, May 24-26, 2017. [full text]
  20. Ning Liu, Adnan Haider, Dong Jin and Xian He Sun, “A Modeling and Simulation of Extreme-Scale Fat-Tree Networks for HPC Systems and Data Centers”, ACM Transactions on Modeling and Computer Simulation (TOMACS), volume 27, number 2, article 13, July 2017. [full text]
  21. Santhosh Prabhu, Ali Kheradmand, Brighten Godfrey, and Matthew Caesar, “Predicting Network Futures with Plankton”, 1st Asia-Pacific Workshop on Networking (APNet’17), Hong Kong, China, August 3-4, 2017. [full text]
  22. Dong Jin, Zhiyi Li, Christopher Hannon, Chen Chen, Jianhui Wang, Mohammad Shahidehpour, Cheol Won Lee and Jong Cheol Moon, “Towards a Resilient and Secure Microgrid Using Software-Defined Networking”, IEEE Transactions on Smart Grid, Special section on Smart Grid Cyber-Physical Security, volume 8, issue 5, September 2017. [full text]

Presentations

  1. October 2014, NSA SoS Bi-weekly Meeting, Soudeh Ghorbani, Towards Correct Network Virtualization [slides]
  2. January 2015, NSA SoS Quarterly Meeting, Matt Caesar, Hypothesis Testing for Network Security [slides]
  3. January 2015, Illinois Institute of Technology Public Seminar: Understanding the Sony Hack and Information Security
  4. February 2015, NSA SoS Bi-weekly Meeting, Brighten Godfrey, Hypothesis Testing for Network Security [slides]
  5. April 2015, NSA SoS Bi-weekly Meeting, Wenxuan Zhou, Enforcing Customizable Consistency Properties in Software-Defined Networks [slides]
  6. June 2015, ACM SIGCOMM Symposium on SDN Research (SOSR 2015), software demo: Ravel Orchestrating Software-Defined Networks
  7. September 2015, ITI Joint Trust and Security/Science of Security Seminar, Brighten Godfrey: A Hypothesis of Testing Framework for Network Security [video & slides]
  8. January 2016, University of Central Florida, Department of Computer Science Spring 2016 Distinguished Speaker Series, David Nicol: Quantitative Analysis of Stepping Stone Access to Cyber-Physical Assets
  9. March 2016, ITI Joint Trust and Security/Science of Security Seminar, Kevin Jin: Towards a Secure and Resilient Industrial Control System with Software-Defined Networking [video & slides]
  10. July 2016, NSA SoS Quarterly Meeting, poster session, Brighten Godfrey, Matthew Caesar, David Nicol, William Sanders, Kevin Jin, Xin Liu, Christopher Hannon and Jiaqi Yan: A Hypothesis Testing Framework for Network Security [poster]
  11. August 2016, Fermi Lab, invited technical seminar: Uncertainty-Aware Network Verification in Software-Defined Networks
  12. October 2016, ITI Joint Trust and Security/Science of Security Seminar, Santhosh Prabhu: Oreo: Transparent Optimization to Enable Flexible Policy Enforcement in Software Defined Networks [video & slides]
  13. November 2016, NSA SoS Quarterly Meeting, poster session, Brighten Godfrey, Matthew Caesar, David Nicol, William Sanders, Kevin Jin, Xin Liu, Christopher Hannon and Jiaqi Yan: A Hypothesis Testing Framework for Network Security [poster]
  14. January 2017, Monthly UIUC/R2 Presentation, Kevin Jin: Enabling a Cyber-Resilient and Secure Energy Infrastructure with Software-Defined Networking [slides]
  15. March 2017, technical presentation, ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization (SDN-NFV Security 2017), Christopher Hannon: Ultimate Forwarding Resilience in OpenFlow Networks
  16. August 2017, Monthly UIUC/R2 Presentation, Christopher Hannon: Securing the Smart Grid with Software Defined Networking [slides]