Demonstrating topoS: Theorem-prover-based synthesis of secure network configurations

In network management, when it comes to security breaches, human error constitutes a dominant factor. We present our tool topoS which automatically synthesizes low-level network configurations from high-level security goals. The automation and a feedback loop help to prevent human errors. Except for a last serialization step, topoS is formally verified with Isabelle/HOL, which prevents implementation errors. In a case study, we demonstrate topoS by example. For the first time, the complete transition from high-level security goals to both firewall and SDN configurations is presented.

[1]  Nick Feamster,et al.  Detecting BGP configuration faults with static analysis , 2005 .

[2]  Avishai Wool,et al.  Firmato: A novel firewall management toolkit , 2004, TOCS.

[3]  Mabry Tyson,et al.  A security enforcement kernel for OpenFlow networks , 2012, HotSDN '12.

[4]  Jorge Lobo,et al.  Policy refinement: Decomposition and operationalization for dynamic domains , 2011, 2011 7th International Conference on Network and Service Management.

[5]  Albert G. Greenberg,et al.  On static reachability analysis of IP networks , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[6]  Fernando Pedone,et al.  Merlin: A Language for Provisioning Network Resources , 2014, CoNEXT.

[7]  Nick Feamster,et al.  Design and implementation of a routing control platform , 2005, NSDI.

[8]  George Varghese,et al.  Network Verification in the Light of Program Verification , 2013 .

[9]  Russell J. Clark,et al.  Kinetic: Verifiable Dynamic Network Control , 2015, NSDI.

[10]  Ehab Al-Shaer,et al.  Specifications of a high-level conflict-free firewall policy language for multi-domain networks , 2007, SACMAT '07.

[11]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[12]  Ehab Al-Shaer,et al.  Network configuration in a box: towards end-to-end verification of network reachability and security , 2009, 2009 17th IEEE International Conference on Network Protocols.

[13]  Avishai Wool,et al.  A quantitative study of firewall configuration errors , 2004, Computer.

[14]  Bill Cheswick,et al.  Visual analysis of complex firewall configurations , 2012, VizSec '12.

[15]  Brighten Godfrey,et al.  Debugging the data plane with anteater , 2011, SIGCOMM.

[16]  Lisandro Zambenedetti Granville,et al.  Data Center Network Virtualization: A Survey , 2013, IEEE Communications Surveys & Tutorials.

[17]  Cornelius Diekmann Network Security Policy Verification , 2014, Arch. Formal Proofs.

[18]  Sharad Malik,et al.  Verification of Computer Switching Networks: An Overview , 2012, ATVA.

[19]  Vyas Sekar,et al.  Making middleboxes someone else's problem: network processing as a cloud service , 2012, SIGCOMM '12.

[20]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[21]  George Varghese,et al.  Header Space Analysis: Static Checking for Networks , 2012, NSDI.

[22]  Arjun Guha,et al.  A fast compiler for NetKAT , 2015, ICFP.

[23]  Tobias Nipkow,et al.  A Proof Assistant for Higher-Order Logic , 2002 .

[24]  Chen-Nee Chuah,et al.  FIREMAN: a toolkit for firewall modeling and analysis , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[25]  Georg Carle,et al.  Directed Security Policies: A Stateful Network Implementation , 2014, ESSS.

[26]  Ehab Al-Shaer,et al.  Taxonomy of conflicts in network security policies , 2006, IEEE Communications Magazine.

[27]  David Walker,et al.  Composing Software Defined Networks , 2013, NSDI.

[28]  David Walker,et al.  Optimizing the "one big switch" abstraction in software-defined networks , 2013, CoNEXT.

[29]  Georg Carle,et al.  Semantics-Preserving Simplification of Real-World Firewall Rule Sets , 2015, FM.

[30]  Georg Carle,et al.  Verifying Security Policies using Host Attributes , 2014, FORTE.

[31]  Marc-Oliver Pahl,et al.  Data-centric service-oriented management of things , 2015, 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM).

[32]  Brighten Godfrey,et al.  VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.