Towards A Secure and Verifiable Future Internet

In recent years, there have been strong interests in the networking community in designing new Internet architectures. One of the driving forces behind these “clean-slate” designs is the need to address pressing security concerns of the Internet. As a consequence, recent architectures, such as SCION [8] and ICING [5], provide radically new architectures that claim to provide stronger security guarantees. One of the limitations of current proposals is that security claims of these new designs lack formal security proofs – these protocols are evaluated primarily via experimental evaluations and argued via informal reasoning. In this paper, we outline our research agenda on programming language support for implementing secure Internet protocols, and verifying the security properties of these implementations. Central to our work is the use of Secure Network Datalog (SeNDLog) [9], a declarative networking [4] language with cryptographic primitives. SeNDLog extends the Network Datalog (NDLog) declarative networking language with user-defined cryptographic functions. Specifically, our project aims to achieve the following goals. First, we plan to demonstrate that most existing secure Internet routing architectures can be easily expressed in SeNDLog. Second, to facilitate formal proofs of security, we are developing a set of sound reasoning principles over SeNDLog. Using these reasoning principles, we would be able to extract proof obligations in the form of firstorder logic formulas given any SeNDLog program and the security properties in question. Disciplines Computer Sciences Comments Jia, L., Chen, C., Jyothi, S., Zhou, W., Mapara, S., & Loo, B., Towards A Secure and Verifiable Future Internet, Off the Beaten Track: Underrepresented Problems for Programming Language Researchers, 2012 Author(s) Limin Jia, Chen Chen, Sangeetha A. Jyothi, Wenchao Zhou, Suyog Mapara, and Boon Thau Loo This conference paper is available at ScholarlyCommons: http://repository.upenn.edu/cis_papers/688 Towards a Secure and Verifiable Future Internet (Full Presentation) Limin Jia† Chen Chen∗ Sangeetha A. Jyothi∗ Wenchao Zhou∗ Suyog Mapara∗ Boon Thau Loo∗ ∗ University of Pennsylvania † Carnegie Mellon University

[1]  Jennifer Rexford,et al.  BGP routing policies in ISP networks , 2005, IEEE Network.

[2]  Xin Zhang,et al.  SCION: Scalability, Control, and Isolation on Next-Generation Networks , 2011, 2011 IEEE Symposium on Security and Privacy.

[3]  Ion Stoica,et al.  Declarative networking , 2009, Commun. ACM.

[4]  Stephen T. Kent,et al.  Secure Border Gateway Protocol (S-BGP) , 2000, IEEE Journal on Selected Areas in Communications.

[5]  Limin Jia,et al.  Maintaining distributed logic programs incrementally , 2011, Comput. Lang. Syst. Struct..

[6]  Ben Smyth,et al.  ProVerif 1.85: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial , 2011 .

[7]  Martín Abadi,et al.  Unified Declarative Platform for Secure Netwoked Information Systems , 2009, 2009 IEEE 25th International Conference on Data Engineering.

[8]  Michael Walfish,et al.  Verifying and enforcing network paths with icing , 2011, CoNEXT '11.