ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...
Ph.D Annual Report III
1. 2013
Third Ph.D year
Matteo Avalle
New Techniques to Improve Network Security
Annual Oral Presentation for Ph.D Evaluation
Tutor: R. Sisto
2. Outline
• Motivations
• Speeding up data analysis
– Improving Regexp-based packet processing
– Distributed analysis approaches
– Results
• Simplifying security protocol design with
formal methods
– The JavaSPI framework
– Results
2/11
3. Motivations
• Developing a security protocol is a
difficult, error-prone task.
• Finding and fixing vulnerabilities is
complex, but not impossible:
– During protocol design, formal methods can
prove/disprove security properties
• (if you are an expert of the field)
– After deployment, traffic analysis can be useful
to block malicious behaviors
• (if you can afford to buy analyzers)
3/11
4. Speeding up data analysis
• As special-purpose devices are
expensive, research focused on speeding up
analysis by efficiently using general purpose
devices:
– Speeding up iNFAnt (tool for the analysis
through regex-based string matching in GPUs)
– Proposing a distributed analysis approach
4/11
5. Improving NFA speed: problems
• iNFAnt uses NFAs to represent rule sets.
• A technique called Multistride can transform
NFAs to make them n times faster to process
– The transformation is a slow process, with
current tools
– Obtaining 4x NFAs might require months of
processing. If the NFA is too complex, it might
not even be feasible
5/11
6. Improving NFA speed: solutions
• Faster algorithms have been developed, to “push
forward” Multistride limits.
• An alternative technique, called Multi-Map
Multistride has been developed
– It further pushes forward Multistride limits
– It enables iNFAnt to make a better use of the GPU
Results:
up to 4x higher throughput on medium-sized NFAs
up to 3x improvement on big rule sets that could not
be speeded up at all by previous tools
6/11
7. Distributed analysis approach
• Using several devices can increase maximum
analysis throughput
• Why not re-using already available
devices, like devices under analysis, to process
data?
– Smart re-use of existing resources
– More information can be extracted from data
– Network traffic overhead due to analysis is
contained
– BUT: devices must not be overloaded 7/11
8. Distributed analysis approach
• Results: the DELTA Framework
– It allows to re-write data analysis algorithms as
graph of interconnected stream processing
blocks
– Blocks are automatically moved across the
devices in the network
• Maximizes the amount of extracted information
• Minimizes workloads and network bandwidth usage
8/11
9. Results
• Development of enhanced Multistride tool sets
– M. Avalle, F. Risso, R. Sisto, “Efficient Multistriding of Large Nondeterministic Finite State Automata for Deep Packet
Inspection”, in Proc. of the IEEE International Conference on
Communications (ICC) 2012 – Communication and Information
Systems Security Symposium
• Development of Multi-Map Multi-stride
– M. Avalle, F. Risso, R. Sisto, “Enhanced Algorithms for NFA MultiStriding and NFA-Based Deep Packet Inspection on
GPUs”, submitted to IEEE/ACM Transactions of Networking, 2013
• Development of the DELTA framework
– M. Avalle, F. Risso, H. Song, M. Baldi, R. Sisto, “Pushing Network
Analytics Toward the Edge of the Network”, to be submitted
9/11
10. MDD with JavaSPI
• Formal Methods can be the key to prove
robustness of security protocols to certain
types of attacks, but using them is still hard.
• JavaSPI proposes to use Java as modeling
language
Model
Formal
verifier
Java security
protocol abstract
model
JavaSPI
Framework
proofs
Java concrete
implementation
10/11
11. Results
• Development of the JavaSPI framework
• Development of the SSL 3.0 handshake protocol as case study
– M. Avalle, A. Pironti, R. Sisto, D. Pozza, “The Java SPI Framework for Security
Protocol Implementation”, in Proc. of the Sixth International Conference on
Availability, Reliability and Security (ARES), Vienna, Austria, pp. 746-751, IEEE,
2011.
– M. Avalle, A. Pironti, D. Pozza, R. Sisto “JavaSPI: A Framework for Security
Protocol Implementation”. International Journal of Secure Software
Engineering (IJSSE), 2(4), 34-48, 2011.
• Development of mathematical proofs about JavaSPI soundness (proving
that results obtained starting from the model are applicable to the
implementation as well)
– (paper under preparation)
• Published a survey about formal verification of security protocol
implementations
– M. Avalle, A. Pironti, R. Sisto, “Formal Verification of Security Protocol
Implementations: A Survey”, Formal Aspects of Computing (FAoC), Springer,
pp. 1-25, 2013.
11/11
Hello to everybody, I’m MatteoAvalle and I’m here to perform my last annual Oral Presentation for Ph.D Evaluation.
This presentation can be divided in three main sections: at first I will give you some insights about the motivations that led me to follow the research path I am going to describe, then I will delve more in detail about the two research directions I followed in these years; first I will discuss about my main research topic, regarding how to speed up data analysis and making its adoption cheaper than before, then I will talk about my secondary research topic, regarding how to make actual protocol design techniques, based on formal methods, more simple to perform and less error prone.
The main reason that led me to choose these two research paths is that, quite curiously, even if it is not possible to give absolute guarantees abut the robustness of a network to a certain type of attacks, there already are several tools that can be of great help: for instance, thanks to the usage of formal methods, it is already possible to reassure customers about the security properties of a communication protocol with a very high level of confidence. On the other hand, after that communication protocols have been implemented, it is even possible to further increase the robustness of a network by using traffic analysis techniques to identify malicious behaviors.However, as you can read in this slide, both these solutions are often inapplicable, either because formal methods are a research branch that is still restricted to an extremely reduced amount of experts and because traffic analysis could be extremely expensive, especially when special purpose analyzers have to be used.Finding a solution to these two issues represented my main research focus, during the past three years.
A much cheaper alternative to hardware analyzers is the use of software solutions on general purpose hardware. However, with the current techniques, using general purpose hardware creates several potential processing bandwidth issues: my main research topic regarded pushing forward these processing bandwidth limits by increasing the performance of iNFAnt, a regex-based packet processor that exploit the parallelism of GPUs. Then, in the last months, I focused more on taking advantage of another type of parallelism by distributing the data analysis workload to several devices. As it will be shown in few slides, this change of approach does not just improves performance but it also has a series of additional benefits.
But let’s focus on iNFAnt, first: this tool uses NFAs, nondeterministic finite state automata, to represent rule sets. Thanks to this representation the packet processor can be implemented as a simple finite state machine, with the peculiarity that its processing speed can be increased by taking advantage of the high level of parallelism of modern GPUs. In order to further increase performance, a technique called Multistride can be used to transform NFAs and make them several times faster, at the cost of an higher automaton complexity. However, existing techniques were extremely slow and only applicable to very small and poor NFAs.
For this reason, at the beginning of my Ph.D. course I focused on creating alternative, faster algorithms to push forward the maximum speedup achievable in reasonable times by Multistride optimization and, at the same time, to enable it to work on bigger automata (representing more complex rule sets).Then research focused on creating a different flavor of Multistride, called Multi-Map multistride, that not only pushes forward intrinsic limits of regular Multistride, by generating simpler automata after each iteration, but it also increases the degree of parallelism of the packet processing problem, thus allowing to use GPUs in a more efficient way.Using these techniques of reference rule sets allowed to experience the throughput increase you see at the bottom of this slide: medium-sized NFAs could be sped up up to 4 times more than by using previous techniques, while bigger rule sets that could not be used with previous multistride techniques can now be sped up up to 3 times.
An alternative approach to the processing throughput limits is to simply increase the amount of devices involved. However, buying new devices can be expensive, while relying on data centers might generate additional issues. For instance, how much does it cost to send all the data that have to be analyzed to a remote data center?Aware of these issues we posed ourselves this question: why can’t we re-use resources we already have at our disposal, before considering using additional hardware? We decided, then to study what could happen if part of the data analysis tasks could be performed on the same devices producing the network traffic.This simple change of approach provided several benefits, many more than a mere workload reduction: the first one regards the fact that thanks to the advantageous position in which data is analyzed, it is possible to extract more information about it. Moreover, as data is pre-processed before leaving devices, the network overhead necessary to send data to the analyzer is minimized. However, these advantages comes with a cost: since we are re-using existing devices, we must not overload them, otherwise we would be degrading the performance of services that were already running on these devices.
As solving this problem might make algorithm development extremely complex we implemented a specific framework, called DELTA (Dynamically Evolving Lightweight Task Allocator): with this framework developers only have to define data analysis algorithms as an oriented graph of processing blocks, and the framework will automatically take care to duplicate, merge and move these blocks across all the devices in a network in order to balance workloads and maximize the amount of processing performed before sending data to the “central” processing unit that merges together all the processing results.
As result of the described research projects a conference paper has been published, a journal paper has been submitted and it is under evaluation from IEEE/ACM Transactions of Networking, while a conference paper regarding the DELTA framework is under preparation and it is expected to be submitted by the end of November.
Now let’s take a step back and let’s focus on my secondary research topic, regarding formal methods: as anticipated, with formal methods it is possible to mathematically prove robustness of a protocol from a certain type of attacks, thus making it a potentially invaluable tool in the hand of developers. However, its main flaw is that using formal methods is very complex: they usually need to define protocol models by using exotic modeling languages, and even running the tools to automatically produce security robustness proofs is not easy as it is necessary to perform the right questions to these tools: otherwise, their output is worse than useless.For this reason we decided to develop the JavaSPI framework: as you can see in this slide, its main purpose is to allow developers to define abstract protocol models by using a very known programming language, Java. After the model has been defined (and eventually compiled and debugged, as we are dealing with java code we have lots of possibilities to validate its proper functioning), the JavaSPI framework takes care to automate two of the most error-prone tasks: the generation of formal proofs and the generation of concrete, interoperable, implementation code of the defined protocol. Both these operations are performed semi-automatically, so that developers still have control over them, but the level of expertise required to perform these operation is way lowered if compared to equivalent existing formal methods tools.
As a result of this three-year period of research in this field, the JavaSPI framework has been developed along with a case study regarding a particular configuration of the SSL 3.0 handshake protocol. This led to publish a conference paper to the ARES conference in Vienna and a further extended version of the same paper has been accepted by the IJSSE journal.Then, another paper has been prepared regarding mathematically proving the soundness of the JavaSPI framework. This means mathematically proving that security properties proven for the abstract protocol model are also applicable to the implementation code. We plan to submit this paper in the next months.Finally, a survey paper discussing about state of the art of formal methods has been accepted from the FAoC journal, this year.
As expected future works, it is possible to say that all the three tools presented today have room for improvement: their functionality can be expanded, part of their algorithms could be revised and new solutions can be studied to further improve actual results.Moreover, for the DELTA Framework in particular, there are even more possible future works: its working principle, regarding a “smart” way to distribute workloads among devices, has several additional application fields, especially when combined with other research projects. For instance, this framework could be combined with the iNFAnt tool or even with some other research projects that are currently active at the polytecnic, like the FROG programmable router developed by I.Cerato and F.Risso