Data Provenance at Internet Scale: Architecture, Experiences, and the Road Ahead. Ang Chen, Yang Wu, Andreas Haeberlen, Boon Thau Loo, Wenchao Zhou
|
|
- Aron Wilson
- 6 years ago
- Views:
Transcription
1 Data Provenance at Internet Scale: Architecture, Experiences, and the Road Ahead Ang Chen, Yang Wu, Andreas Haeberlen, Boon Thau Loo, Wenchao Zhou
2 Motivation D E Alice A B C foo.com An example scenario: network routing System administrator observes strange behavior Example: the route to foo.com has suddenly changed Anomalies in distributed systems Need a way to explain system behavior. 2
3 Motivation D E Alice Route r 1 A foo.com An example scenario: network routing System administrator observes strange behavior Example: the route to foo.com has suddenly changed Anomalies in distributed systems Need a way to explain system behavior. B C 2
4 Motivation D Route r 2 E Alice A B C foo.com An example scenario: network routing System administrator observes strange behavior Example: the route to foo.com has suddenly changed Anomalies in distributed systems Need a way to explain system behavior. 2
5 Motivation Why did my route to foo.com change?! D Route r 2 E Alice A B C foo.com An example scenario: network routing System administrator observes strange behavior Example: the route to foo.com has suddenly changed Anomalies in distributed systems Need a way to explain system behavior. 2
6 Motivation Why did my route to foo.com change?! D Route r 2 E Innocent Reason? Alice A B C foo.com An example scenario: network routing System administrator observes strange behavior Example: the route to foo.com has suddenly changed Anomalies in distributed systems Need a way to explain system behavior. 2
7 Motivation Why did my route to foo.com change?! D Route r 2 E Innocent Reason? Software Bugs? Alice A B C foo.com An example scenario: network routing System administrator observes strange behavior Example: the route to foo.com has suddenly changed Anomalies in distributed systems Need a way to explain system behavior. 2
8 Motivation Why did my route to foo.com change?! D Route r 2 E Innocent Reason? Software Bugs? Malicious Attack? Alice A B C foo.com An example scenario: network routing System administrator observes strange behavior Example: the route to foo.com has suddenly changed Anomalies in distributed systems Need a way to explain system behavior. 2
9 Data-centric Perspective on Network Debugging D E foo.com Alice A B C We assume a general distributed system Network consists of nodes (routers, middleboxes,...) The state of a node is a set of tuples (routes, config,...) 3
10 Data-centric Perspective on Network Debugging D route(a, foo.com) E foo.com Alice A route(a, B) route(a, D) B C We assume a general distributed system Network consists of nodes (routers, middleboxes,...) The state of a node is a set of tuples (routes, config,...) 3
11 Data-centric Perspective on Network Debugging D route(a, foo.com) E foo.com Alice A link(a, B) link(a, D) route(a, B) route(a, D) B C We assume a general distributed system Network consists of nodes (routers, middleboxes,...) The state of a node is a set of tuples (routes, config,...) 3
12 Data-centric Perspective on Network Debugging D route(a, foo.com) E foo.com Alice A B C We assume a general distributed system Network consists of nodes (routers, middleboxes,...) The state of a node is a set of tuples (routes, config,...) Idea: Explanation as reasoning about distributed state dependencies 3
13 Data-centric Perspective on Network Debugging D E route(a, foo.com) foo.com Alice A link(a, B) route(b, foo.com) B C We assume a general distributed system Network consists of nodes (routers, middleboxes,...) The state of a node is a set of tuples (routes, config,...) Idea: Explanation as reasoning about distributed state dependencies 3
14 Data-centric Perspective on Network Debugging D E route(a, foo.com) foo.com Alice A link(a, B) route(b, foo.com) route(c, foo.com) B link(b, C) C link(c, foo.com) We assume a general distributed system Network consists of nodes (routers, middleboxes,...) The state of a node is a set of tuples (routes, config,...) Idea: Explanation as reasoning about distributed state dependencies 3
15 Network Provenance [SIGMOD 2010] route(d, foo.com) route(e, foo.com) D link(d, E) route(a, foo.com) E link(e, B) foo.com Alice A link(a, B) route(b, foo.com) route(c, foo.com) B link(b, C) C link(c, foo.com) 4
16 Network Provenance [SIGMOD 2010] route(d, foo.com) link(d, E) route(e, foo.com) link(e, B) route(a, foo.com) link(a, B) route(b, foo.com) route(c, foo.com) link(b, C) Provenance for encoding distributed state dependencies Explains the derivation of tuples Captures the dependencies between tuples as a graph link(c, foo.com) 4
17 Network Provenance [SIGMOD 2010] route(a, foo.com) link(a, B) route(b, foo.com) route(c, foo.com) link(b, C) link(c, foo.com) Provenance for encoding distributed state dependencies Explains the derivation of tuples Captures the dependencies between tuples as a graph Explanation of a tuple is an acyclic graph rooted at the tuple 4
18 NetTrails: First Generation Network Provenance Tool [SIGMOD 2011 demo] 5
19 Network Provenance Research Network provenance [SIGMOD 10] ( ) Secure network provenance [SOSP 11] Provenance in dynamic environments [VLDB 13] Explanations Negative provenance [SIGCOMM 14] Distributed provenance compression [SIGMOD 17] Differential provenance [SIGCOMM 16] Meta-provenance [NSDI 17] Deeper diagnostics and repair Ph.D. dissertation work of Ang Chen (2017), Chen Chen (2017), Yang Wu (2017), and Wenchao Zhou (2012). 6
20 Assumption #1: All nodes in the network can be trusted Why did my route to foo.com change?! D Route r 2 E Alice A B C foo.com 7
21 Assumption #1: All nodes in the network can be trusted Q: Explain why the route to foo.com changed to r2. D Route r 2 E Alice A B C foo.com The Network 7
22 Assumption #1: All nodes in the network can be trusted Q: Explain why the route to foo.com changed to r2. D Route r 2 E Alice A B C foo.com The Network A: Because someone accessed Router D and changed the configuration from X to Y. 7
23 Assumption #1: All nodes in the network can be trusted Q: Explain why the route to foo.com changed to r2. D Route r 2 E Alice A B C foo.com The Network A: Because someone accessed Router D and changed the configuration from X to Y. Not realistic: adversary can tell lies 7
24 Challenge: Adversaries Can Lie I should cover up the intrusion. Q: Explain why the route to foo.com changed to r2. D Route r 2 E Alice A B C foo.com The Network Problem: adversary can... fabricate plausible (yet incorrect) response point accusation towards innocent nodes 8
25 Challenge: Adversaries Can Lie Everything is fine. Router E advertised a new route. Q: Explain why the route to foo.com changed to r2. D Route r 2 E Alice A B C foo.com The Network Problem: adversary can... fabricate plausible (yet incorrect) response point accusation towards innocent nodes 8
26 Secure Network Provenance (SNP) SOSP 2011 route(d, foo.com) link(d, E) route(e, foo.com) link(e, B) route(a, foo.com) link(a, B) route(b, foo.com) link(b, C) route(c, foo.com) link(c, foo.com) Step 1: Each node keeps vertices about local actions Split cross-node communications 9
27 Secure Network Provenance (SNP) SOSP 2011 Step 1: Each node keeps vertices about local actions Split cross-node communications 9
28 Secure Network Provenance (SNP) SOSP 2011 Step 1: Each node keeps vertices about local actions Split cross-node communications 9
29 Secure Network Provenance (SNP) SOSP 2011 Step 1: Each node keeps vertices about local actions Split cross-node communications 9
30 Secure Network Provenance (SNP) SOSP 2011 RECV SEND Step 1: Each node keeps vertices about local actions Split cross-node communications 9
31 Secure Network Provenance (SNP) SOSP 2011 RECV SEND Step 1: Each node keeps vertices about local actions Split cross-node communications Step 2: Make the graph tamper-evident 9
32 SNP Guarantees Q: Why did my route to foo.com change to r2? D Route r 2 E Alice A B The Network C foo.com A: Because someone accessed Router D and changed its router configuration from X to Y. No faults: Explanation is complete and accurate Byzantine fault: Explanation identifies at least one faulty node 10
33 SNP Guarantees Q: Why did my route to foo.com change to r2? D Route r 2 E Alice A B The Network C foo.com A: Because someone accessed Router D and changed its router configuration from X to Y. No faults: Explanation is complete and accurate Byzantine fault: Explanation identifies at least one faulty node 10
34 SNP Guarantees Q: Why did my route to foo.com change to r2? D Route r 2 E Alice A B The Network C foo.com A: Because someone accessed Router D and changed its router configuration from X to Y. No faults: Explanation is complete and accurate Byzantine fault: Explanation identifies at least one faulty node 10
35 SNP Guarantees Q: Why did my route to foo.com change to r2? D Route r 2 E Alice A B The Network C foo.com Aha, at least I know which node is compromised. A: Because someone accessed Router D and changed its router configuration from X to Y. No faults: Explanation is complete and accurate Byzantine fault: Explanation identifies at least one faulty node 10
36 Assumption #2: Operators react only to presence of anomaly events 11
37 Assumption #2: Operators react only to presence of anomaly events - What if something expected is not happening? - Missing events cannot be handled by existing tools 11
38 Assumption #2: Operators react only to presence of anomaly events - What if something expected is not happening? - Missing events cannot be handled by existing tools Controller Internet Data Center Network HTTP Server 11
39 Assumption #2: Operators react only to presence of anomaly events - What if something expected is not happening? - Missing events cannot be handled by existing tools Controller Why is the HTTP server NOT getting requests???? Internet Data Center Network HTTP Server 11
40 How common are missing events? - Missing events are consistently in the majority - Lengthier threads for missing events Missing events NANOG-user floodlight-dev Positive events Outages 26% 17% 52% 48% 74% 83% NANOG-user Floodlight-dev Outages 12
41 Negative Provenance [SIGCOMM 2014] 13
42 Negative Provenance [SIGCOMM 2014] Controller Internet Data Center Network HTTP Server 13
43 Negative Provenance [SIGCOMM 2014] No HTTP Packet arrived at HTTP Server Why is the HTTP server NOT getting requests? Controller??? Internet Data Center Network HTTP Server 13
44 Negative Provenance [SIGCOMM 2014] No HTTP Packet arrived at HTTP Server No Forwarding-FlowEntry installed at Switch Controller Why is the HTTP server NOT getting requests??????? Internet Data Center Network HTTP Server 13
45 Negative Provenance [SIGCOMM 2014] No HTTP Packet arrived at HTTP Server No Forwarding-FlowEntry installed at Switch Controller Why is the HTTP server NOT getting requests? HTTP Packet received at Switch HTTP Packet?????? Internet Data Center Network HTTP Server 13
46 Negative Provenance [SIGCOMM 2014] No HTTP Packet arrived at HTTP Server No Forwarding-FlowEntry installed at Switch Controller Why is the HTTP server NOT getting requests? HTTP Packet received at Switch Dropping-FlowEntry existed at Switch HTTP Packet Dropping- FlowEntry?????? Internet Data Center Network HTTP Server 13
47 Negative Provenance [SIGCOMM 2014] No HTTP Packet arrived at HTTP Server No Forwarding-FlowEntry installed at Switch Controller Why is the HTTP server NOT getting requests? HTTP Packet received at Switch Dropping-FlowEntry existed at Switch Program HTTP Packet Dropping- FlowEntry?????? Internet Data Center Network HTTP Server 13
48 Negative Provenance [SIGCOMM 2014] No HTTP Packet arrived at HTTP Server No Forwarding-FlowEntry installed at Switch Controller Why is the HTTP server NOT getting requests? HTTP Packet received at Switch Dropping-FlowEntry existed at Switch Program HTTP??? Packet Dropping- FlowEntry??? Internet Data Center Network HTTP Server 13
49 Approach: Counter-factual reasoning Find all the ways a missing event could have occurred, and show why each of them did not happen. 14
50 Approach: Counter-factual reasoning Find all the ways a missing event could have occurred, and show why each of them did not happen. Philly 14
51 Approach: Counter-factual reasoning Find all the ways a missing event could have occurred, and show why each of them did not happen. Philly Santa Cruz 14
52 Approach: Counter-factual reasoning Find all the ways a missing event could have occurred, and show why each of them did not happen. Why did Bob NOT arrive at CIDR? Philly Santa Cruz 14
53 Approach: Counter-factual reasoning Find all the ways a missing event could have occurred, and show why each of them did not happen. Why did Bob NOT arrive at CIDR? Philly Santa Cruz 14
54 Approach: Counter-factual reasoning Find all the ways a missing event could have occurred, and show why each of them did not happen. Why did Bob NOT arrive at CIDR? Philly Santa Cruz 14
55 Approach: Counter-factual reasoning Find all the ways a missing event could have occurred, and show why each of them did not happen. Why did Bob NOT arrive at CIDR? Philly Santa Cruz 14
56 Approach: Counter-factual reasoning Find all the ways a missing event could have occurred, and show why each of them did not happen. Why did Bob NOT arrive at CIDR? Philly Santa Cruz 14
57 Assumption #3: Provenance trees alone are sufficient for diagnostics 15
58 Assumption #3: Provenance trees alone are sufficient for diagnostics root Symptom Root cause 15
59 Assumption #3: Provenance trees alone are sufficient for diagnostics C received packet B sent packet Rule match on B root Symptom Root cause 15
60 Assumption #3: Provenance trees alone are sufficient for diagnostics root Symptom Root cause 15
61 Assumption #3: Provenance trees alone are sufficient for diagnostics Packet arrives at the wrong server root Symptom Root cause 15
62 Assumption #3: Provenance trees alone are sufficient for diagnostics Packet arrives at the wrong server Rule 7: Next-hop=port2 root Symptom Root cause 15
63 What can we do? 16
64 What can we do? From: To: Admin Title: Help! My server is receiving suspicious traffic from /24--it should have been sent to the low-security server. Packets from /24 are still being routed correctly. Can you help? 16
65 What can we do? From: To: Admin Title: Help! My server is receiving suspicious traffic from /24--it should have been sent to the low-security server. Packets from /24 are still being routed correctly. Can you help? Working reference! 16
66 What can we do? From: To: Admin Title: Help! My server is receiving suspicious traffic from /24--it should have been sent to the low-security server. Packets from /24 are still being routed correctly. Can you help? Outages mailing list Sept. Dec. 2014: Working reference! 66% have references! 16
67 What can we do? S1 S2 S3 S4 S5 S6 Web server 1 DPI Web server 2 Bob 16
68 What can we do? S1 S2 S3 S4 S5 S6 Web server 1 DPI Web server 2 Bob Idea: Reason about the differences between the symptom and the reference 16
69 Differential provenance [SIGCOMM 2016] fails works Input: a bad symptom and a good reference 17
70 Differential provenance [SIGCOMM 2016] fails works Differential Provenance Input: a bad symptom and a good reference 17
71 Differential provenance [SIGCOMM 2016] fails works Differential Provenance Input: a bad symptom and a good reference Debugger reasons about the differences 17
72 Differential provenance [SIGCOMM 2016] fails works Differential Provenance Rule 7 s next hop is wrong! Input: a bad symptom and a good reference Debugger reasons about the differences Output: root cause 17
73 Strawman solution faulty rule - = root? root Provenance (Symptom) Provenance (Reference) Strawman solution: Find vertexes that are different in the two trees 18
74 Strawman solution faulty rule - = root root Provenance (Symptom) Provenance (Reference) Strawman solution: Find vertexes that are different in the two trees Problem: The diff can be larger than the individual trees! 18
75 Overly Simplified Approach in a nutshell Roll back the execution to a divergence point Change the faulty node to be like the correct node Roll forward the execution to align the trees 19
76 Assumption #4: Software is correct and static - Networks are software and can have bugs 20
77 Assumption #4: Software is correct and static - Networks are software and can have bugs S2 5 S0 3 4 S1 Backup Web Server Main Web Server DNS Server 20
78 Assumption #4: Software is correct and static - Networks are software and can have bugs SDN Controller S2 5 S0 3 4 S1 Backup Web Server Main Web Server DNS Server 20
79 Assumption #4: Software is correct and static - Networks are software and can have bugs SDN Controller S2 5 S0 HTTP traffic 3 4 S1 Backup Web Server Main Web Server DNS Server 20
80 Assumption #4: Software is correct and static - Networks are software and can have bugs SDN Controller S2 5 Off-loading HTTP S0 HTTP traffic 3 4 S1 Backup Web Server Main Web Server DNS Server 20
81 Assumption #4: Software is correct and static - Networks are software and can have bugs else if (switch == S1 && protocol == HTTP) then action = output:3. SDN Controller S2 5 Off-loading HTTP S0 HTTP traffic 3 4 S1 Backup Web Server Main Web Server DNS Server 20
82 Assumption #4: Software is correct and static - Networks are software and can have bugs else if (switch == S1 && protocol == HTTP) then action = output:3. SDN Controller S2 5 Off-loading HTTP S0 HTTP traffic 3 4 S1 Backup Web Server Main Web Server DNS Server 20
83 Assumption #4: Software is correct and static - Networks are software and can have bugs else if (switch == S1 && protocol == HTTP) then action = output:3. else if (switch == S1 && protocol == HTTP) then action = output:5. SDN Controller S2 5 Off-loading HTTP S0 HTTP traffic 3 4 S1 Backup Web Server Main Web Server DNS Server 20
84 Assumption #4: Software is correct and static - Networks are software and can have bugs else if (switch == S1 && protocol == HTTP) then action = output:3. else if (switch == S1 && protocol == HTTP) then action = output:5. SDN Controller S2 5 Off-loading HTTP S0 HTTP traffic 3 4 S1 Backup Web Server Main Web Server DNS Server 20
85 Assumption #4: Software is correct and static - Networks are software and can have bugs else if (switch == S1 && protocol == HTTP) then action = output:3. else if (switch == S1 && protocol == HTTP) then action = output:5. Copy-and-paste bug!!! SDN Controller S2 5 Off-loading HTTP S0 HTTP traffic 3 4 S1 Backup Web Server Main Web Server DNS Server 20
86 Assumption #4: Software is correct and static - Networks are software and can have bugs else if (switch == S1 && protocol == HTTP) then action = output:3. else if (switch == S1 && protocol == HTTP) then action = output:5. Copy-and-paste bug!!! SDN Controller S2 5 Off-loading HTTP S0 HTTP traffic 3 4 S1 Backup Web Server Main Web Server DNS Server 20
87 Assumption #4: Software is correct and static - Networks are software and can have bugs else if (switch == S1 && protocol == HTTP) then action = output:3. else if (switch == S1 && protocol == HTTP) then action = output:5. Copy-and-paste bug!!! Why is the backup web server not getting requests? SDN Controller S2 5 Off-loading HTTP S0 HTTP traffic 3 4 S1 Backup Web Server Main Web Server DNS Server 20
88 Assumption #4: Software is correct and static - Networks are software and can have bugs - How can we find and fix bugs quickly? else if (switch == S1 && protocol == HTTP) then action = output:3. else if (switch == S1 && protocol == HTTP) then action = output:5. Copy-and-paste bug!!! Why is the backup web server not getting requests? SDN Controller S2 5 Off-loading HTTP S0 HTTP traffic 3 4 S1 Backup Web Server Main Web Server DNS Server 20
89 Approach: Meta provenance [NSDI 2017] - Problem: Finding fixes is hard - Idea: Provenance can pinpoint the root cause - But previous provenance focus exclusively on data - Key idea: Treating program as data HTTP Packet received at Main Web Server meta provenance Matching Flow Entry installed at S1 PacketIn received at Controller Executed If Clause in Controller Program 21
90 Repairing Software-defined Networking Programs Full support of Network Datalog (declarative) Support a subset of Pyretic (Python + DSL) Support a subset of Trema (imperative Ruby) Uses Z3 SMT solver to enumerate repairs More details are in [HotNets 15, NSDI 17] 22
91 Network Provenance Research ( ) Network provenance model [SIGMOD 10] Secure network provenance [SOSP 11] Provenance in dynamic environments [VLDB 13] Explanations Negative provenance [SIGCOMM 14] Distributed provenance compression [SIGMOD 17] Differential provenance [SIGCOMM 16] Meta-provenance [NSDI 17] Deeper diagnostics and repair Ph.D. dissertation work of Ang Chen (2017), Chen Chen (2017), Yang Wu (2017), and Wenchao Zhou (2012). 23
92 The Road Ahead Network forensics meets data provenance is a rich area of exploration! Sampling of the problems we are working on: Network forensics on the data plane Privacy-preserving provenance on sensitive networks Probabilistic provenance Automated repairs of complex events Timing-based provenance and more. 24
93 Thank You! Network provenance team at Penn/Georgetown: Ang Chen, Chen Chen, Ling Ding, Qiong Fei, Andreas Haeberlen, Zachary Ives, Yang Li, Boon Thau Loo, Suyog Mapara, Arjun Narayan, Yiqing Ren, Micah Sherr, Shengzhi Sun, Tao Tao, Yang Wu, Mingchen Zhao, Wenchao Zhou 25
Towards a Data-centric Approach to Attribution in the Cloud
Towards a Data-centric Approach to Attribution in the Cloud Wenchao Zhou Georgetown University In collaboration with Boon Thau Loo, Andreas Haeberlen, Zachary Ives (Penn), and Micah Sherr (Georgetown)
More informationAutomated Bug Removal for Software-Defined Networks
Automated Bug Removal for Software-Defined Networks Yang Wu* Ang Chen* Andreas Haeberlen* Wenchao Zhou + Boon Thau Loo* * University of Pennsylvania + Georgetown University 1 Motivation: Automated repair
More informationProvenance-aware Secure Networks
Provenance-aware Secure Networks Wenchao Zhou Eric Cronin Boon Thau Loo University of Pennsylvania Motivation Network accountability Real-time monitoring and anomaly detection Identifying and tracing malicious
More informationAutomated Network Repair with Meta Provenance
Automated Network Repair with Meta Provenance Andreas Haeberlen Yang Wu Wenchao Zhou Georgetown University Ang Chen Boon Thau Loo ABSTRACT When debugging an SDN application, diagnosing the problem is merely
More informationWenchao Zhou *, Micah Sherr *, Tao Tao *, Xiaozhou Li *, Boon Thau Loo *, and Yun Mao +
Wenchao Zhou *, Micah Sherr *, Tao Tao *, Xiaozhou Li *, Boon Thau Loo *, and Yun Mao + * University of Pennsylvania + AT&T Labs Research Introduction Developing correct large-scale distributed systems
More informationAnswering Why-Not Queries in Software-Defined Networks with Negative Provenance
Answering Why-Not Queries in Software-Defined Networks with Negative Provenance Yang Wu Andreas Haeberlen Wenchao Zhou Boon Thau Loo University of Pennsylvania University of Pennsylvania Georgetown University
More informationDiagnosing Missing Events in Distributed Systems with Negative Provenance
Diagnosing Missing Events in Distributed Systems with Negative Provenance Andreas Haeberlen University of Pennsylvania Yang Wu University of Pennsylvania Wenchao Zhou Georgetown University Mingchen Zhao
More informationSecure Network Provenance
University of Pennsylvania ScholarlyCommons Departmental Papers (CIS) Department of Computer & Information Science 10-2011 Secure Network Provenance Wenchao Zhuo University of Pennsylvania Qiong Fei University
More informationSecure Time-Aware Provenance for Distributed Systems
University of Pennsylvania ScholarlyCommons Technical Reports (CIS) Department of Computer & Information Science 1-1-2012 Secure Time-Aware Provenance for Distributed Systems Wenchao Zhou University of
More informationSecure Network Provenance
Secure Network Provenance Wenchao Zhou University of Pennsylvania Andreas Haeberlen University of Pennsylvania Qiong Fei University of Pennsylvania Boon Thau Loo University of Pennsylvania Arjun Narayan
More informationPhone: (202) Homepage: wzhou/
Wenchao Zhou Georgetown University Department of Computer Science St. Mary s Hall, Room 342A 3700 Reservoir Rd NW Washington, DC 20057 Phone: (202) 687-4652 Email: wzhou@cs.georgetown.edu Homepage: http://www.cs.georgetown.edu/
More informationBoon Thau Loo University of Pennsylvania
Summary of Networked Systems Breakout Boon Thau Loo University of Pennsylvania Networked Systems Breakout Series of 15-20 minute talks: Challenges in safe routing (Alex Gurney) Compositional network services
More informationThe Good, the Bad, and the Differences: Better Network Diagnostics with Differential Provenance
The Good, the Bad, and the Differences: Better Network Diagnostics with Differential Provenance Andreas Haeberlen University of Pennsylvania Ang Chen University of Pennsylvania Wenchao Zhou Georgetown
More informationKaraoke. Distributed Private Messaging Immune to Passive Traffic Analysis. David Lazar, Yossi Gilad, Nickolai Zeldovich
Karaoke Distributed Private Messaging Immune to Passive Traffic Analysis David Lazar, Yossi Gilad, Nickolai Zeldovich 1 Motivation: Report a crime without getting fired You re Fired if you talk to the
More informationNetPilot: Automating Datacenter Network Failure Mitigation
NetPilot: Automating Datacenter Network Failure Mitigation Xin Wu, Daniel Turner, Chao-Chih Chen, David A. Maltz, Xiaowei Yang, Lihua Yuan, Ming Zhang Failures are Common and Harmful Network failures are
More informationProgramming Network Policies by Examples: Platform, Abstraction and User Studies
Programming Network Policies by Examples: Platform, Abstraction and User Studies Boon Thau Loo University of Pennsylvania NetPL workshop @ SIGCOMM 2017 Joint work with Yifei Yuan, Dong Lin, Siri Anil,
More informationFault-Aware Flow Control and Multi-path Routing in Wireless Sensor Networks
Fault-Aware Flow Control and Multi-path Routing in Wireless Sensor Networks X. Zhang, X. Dong Shanghai Jiaotong University J. Wu, X. Li Temple University, University of North Carolina N. Xiong Colorado
More informationOne Primitive to Diagnose Them All: Architectural Support for Internet Diagnostics
One Primitive to Diagnose Them All: Architectural Support for Internet Diagnostics Ang Chen Andreas Haeberlen Wenchao Zhou Boon Thau Loo University of Pennsylvania Georgetown University Today, network
More informationCYSE 411/AIT 681 Secure Software Engineering. Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun
CYSE 411/AIT 681 Secure Software Engineering Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun Reading This lecture [McGraw]: Ch. 7-9 2 Seven Touchpoints 1. Code review 2. Architectural
More informationBoon Thau Loo University of Pennsylvania
DS 2 : Declarative Secure Distributed Systems Boon Thau Loo University of Pennsylvania Joint work with Wenchao Zhou, Bill Marczak, Micah Sherr, Mengmeng Liu, Matt Blaze, Zack Ives, External collaborators:
More information4. Risk-Based Security Testing. Reading. CYSE 411/AIT 681 Secure Software Engineering. Seven Touchpoints. Application of Touchpoints
Reading This lecture [McGraw]: Ch. 7-9 CYSE 411/AIT 681 Secure Software Engineering Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun 2 Seven Touchpoints Application of Touchpoints
More informationEnabling Cloud-Native Applications with Application Credentials in Keystone
Enabling Cloud-Native Applications with Application Credentials in Keystone Colleen Murphy Cloud Developer at SUSE cmurphy @_colleenm Overview Why we needed application credentials What are application
More informationBoon Thau Loo Speaks Out on His SIGMOD Dissertation Award, Better Networking Through Datalog, Life as an Assistant Professor, and More
Boon Thau Loo Speaks Out on His SIGMOD Dissertation Award, Better Networking Through Datalog, Life as an Assistant Professor, and More by Marianne Winslett http:// www.cis.upenn.edu/~boonloo/ Welcome to
More informationAgreement in Distributed Systems CS 188 Distributed Systems February 19, 2015
Agreement in Distributed Systems CS 188 Distributed Systems February 19, 2015 Page 1 Introduction We frequently want to get a set of nodes in a distributed system to agree Commitment protocols and mutual
More informationGoogle SDN Peering: An Early Engagement Case Study
Google SDN Peering: An Early Engagement Case Study Murali Suriar, msuriar@google.com On behalf of Google Technical Infrastructure and Network Infrastructure SRE August 30, 2017 Who am I? Murali Suriar
More informationModel Checking Dynamic Datapaths
Model Checking Dynamic Datapaths Aurojit Panda, Katerina Argyraki, Scott Shenker UC Berkeley, ICSI, EPFL Networks: Not Just for Delivery Enforce a variety of invariants: Packet Isolation: Packets from
More informationWireless Network Security Spring 2015
Wireless Network Security Spring 2015 Patrick Tague Class #12 Forwarding Security 2015 Patrick Tague 1 SoW Presentation SoW Thursday in class I'll post a template Each team gets ~5-8 minutes Written SoW
More informationAnonymous Communication and Internet Freedom
Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner May 2, 2013 Goals For Today State-sponsored adversaries Anonymous communication Internet censorship State-Sponsored
More informationDISTRIBUTION A: Distribution approved for public release.
AFRL-AFOSR-VA-TR-2015-0269 A Unified Algebraic and Logic-Based Framework towards Safe Routing Implementations Boon Loo TRUSTEES OF THE UNIVERSITY OF PENNSYLVANIA 08/13/2015 Final Report. Air Force Research
More informationAnonymous Communication and Internet Freedom
Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner April 29, 2016 Announcements Final exam in RSF Fieldhouse, 5/10, arrive by 7PM HW4 due Monday, 5/2, 11:59pm Review
More informationLab 1: Creating Secure Architectures (Revision)
Lab 1: Creating Secure Architectures (Revision) A Challenge Our challenge is to setup MyBank Incorp, where each of you will be allocated a network and hosts to configure and get on-line (Figure 1). For
More informationNetComplete: Practical Network-Wide Configuration Synthesis with Autocompletion. Ahmed El-Hassany Petar Tsankov Laurent Vanbever Martin Vechev
NetComplete: Practical Network-Wide Configuration Synthesis with Autocompletion Ahmed El-Hassany Petar Tsankov Laurent Vanbever Martin Vechev I shouldn t be the one giving this talk Third year PhD student
More informationRule based Forwarding (RBF): improving the Internet s flexibility and security. Lucian Popa, Ion Stoica, Sylvia Ratnasamy UC Berkeley Intel Labs
Rule based Forwarding (RBF): improving the Internet s flexibility and security Lucian Popa, Ion Stoica, Sylvia Ratnasamy UC Berkeley Intel Labs Motivation Improve network s flexibility Middlebox support,
More informationSmart Home Network Management with Dynamic Traffic Distribution. Chenguang Zhu Xiang Ren Tianran Xu
Smart Home Network Management with Dynamic Traffic Distribution Chenguang Zhu Xiang Ren Tianran Xu Motivation Motivation Per Application QoS In small home / office networks, applications compete for limited
More informationSecure Diagnostics And Forensics With Network Provenance
University of Pennsylvania ScholarlyCommons Publicly Accessible Penn Dissertations 2017 Secure Diagnostics And Forensics With Network Provenance Ang Chen University of Pennsylvania, saxtonac@gmail.com
More informationLab 2: Creating Secure Architectures
Lab 2: Creating Secure Architectures A Challenge Our challenge is to setup MyBank Incorp, where each of you will be allocated a network and hosts to configure and get on-line (Figure 1). For this you will
More informationNetwork Defenses 21 JANUARY KAMI VANIEA 1
Network Defenses KAMI VANIEA 21 JANUARY KAMI VANIEA 1 Similar statements are found in most content hosting website privacy policies. What is it about how the internet works that makes this statement necessary
More informationAnalyzing Huge Data for Suspicious Traffic. Christian Landström, Airbus DS
Analyzing Huge Data for Suspicious Traffic Christian Landström, Airbus DS Topics - Overview on security infrastructure - Strategies for network defense - A look at malicious traffic incl. Demos - How Wireshark
More informationForwarding Architecture
Forwarding Architecture Brighten Godfrey CS 538 February 14 2018 slides 2010-2018 by Brighten Godfrey unless otherwise noted Building a fast router Partridge: 50 Gb/sec router A fast IP router well, fast
More informationFault Localization for Firewall Policies
Fault Localization for Firewall Policies JeeHyun Hwang 1 Tao Xie 1 Fei Chen Alex X. Liu 1 Department of Computer Science, North Carolina State University, Raleigh, NC 7695-86 Department of Computer Science
More informationOn the Complexity of Verifying Stateful Networks. A. Panda S. Shenker Y. Velner K. Alpernas A. Rabinovich M. Sagiv
On the Complexity of Verifying Stateful Networks A. Panda S. Shenker Y. Velner K. Alpernas A. Rabinovich M. Sagiv Alice Classical Networking Ted Stevens was right Bob Mallory Trent Networks provide end-to-end
More informationVerified Secure Routing
Verified Secure Routing David Basin ETH Zurich EPFL, Summer Research Institute June 2017 Team Members Verification Team Information Security David Basin Tobias Klenze Ralf Sasse Christoph Sprenger Thilo
More informationintelop Stealth IPS false Positive
There is a wide variety of network traffic. Servers can be using different operating systems, an FTP server application used in the demilitarized zone (DMZ) can be different from the one used in the corporate
More informationSecurity for Structured Peer-to-peer Overlay Networks. Acknowledgement. Outline. By Miguel Castro et al. OSDI 02 Presented by Shiping Chen in IT818
Security for Structured Peer-to-peer Overlay Networks By Miguel Castro et al. OSDI 02 Presented by Shiping Chen in IT818 1 Acknowledgement Some of the following slides are borrowed from talks by Yun Mao
More informationRule-Based Forwarding
Building Extensible Networks with Rule-Based Forwarding Lucian Popa Norbert Egi Sylvia Ratnasamy Ion Stoica UC Berkeley/ICSI Lancaster Univ. Intel Labs Berkeley UC Berkeley Making Internet forwarding flexible
More informationDJoin: Differentially Private Join Queries over Distributed Databases. University of Pennsylvania
DJoin: Differentially Private Join Queries over Distributed Databases Arjun Narayan Andreas Haeberlen University of Pennsylvania 1 Motivation Is there a epidemic in Elbonia? Researcher Airlines Doctors
More informationSelf Regulating Stream Processing in Heron
Self Regulating Stream Processing in Heron Huijun Wu 2017.12 Huijun Wu Twitter, Inc. Infrastructure, Data Platform, Real-Time Compute Heron Overview Recent Improvements Self Regulating Challenges Dhalion
More informationNovetta Cyber Analytics
Know your network. Arm your analysts. Introduction Novetta Cyber Analytics is an advanced network traffic analytics solution that empowers analysts with comprehensive, near real time cyber security visibility
More informationNetworked Systems. Boon Thau Loo. University of Pennsylvania. NSF ExCAPE Meeting 20 Aug 2013
Networked Systems Boon Thau Loo University of Pennsylvania NSF ExCAPE Meeting 20 Aug 2013 Outline Summary (activities over past year) Research highlights Conclusion Year 1 in Retrospect Original proposal
More informationDemocratically Finding The Cause of Packet Drops
Democratically Finding The Cause of Packet Drops Behnaz Arzani, Selim Ciraci, Luiz Chamon, Yibo Zhu, Hongqiang (Harry) Liu, Jitu Padhye, Geoff Outhred, Boon Thau Loo 1 Marple- SigComm 2017 Sherlock- SigComm
More informationComputer Networks. Routing Algorithms
Computer Networks Routing Algorithms Topics Routing Algorithms Shortest Path (Dijkstra Algorithm) Distance Vector Routing Count to infinity problem Solutions for count to infinity problem Link State Routing
More informationDDoS and Traceback 1
DDoS and Traceback 1 Denial-of-Service (DoS) Attacks (via Resource/bandwidth consumption) malicious server legitimate Tecniche di Sicurezza dei Sistemi 2 TCP Handshake client SYN seq=x server SYN seq=y,
More informationSecurebox A Platform for Smarter and Safer Networks Ibbad Hafeez, Aaron Yi Ding, Lauri Suomalainen, Sasu Tarkoma University of Helsinki
Securebox A Platform for Smarter and Safer Networks Ibbad Hafeez, Aaron Yi Ding, Lauri Suomalainen, Sasu Tarkoma University of Helsinki 7.26.2016 1 Progress Agenda Motivation Goals Platform: Design, Architecture,
More informationIsolating Compromised Routers. Alper Mizrak, Keith Marzullo and Stefan Savage UC San Diego Department of Computer Science and Engineering
Isolating Compromised Routers Alper Mizrak, Keith Marzullo and Stefan Savage UC San Diego Department of Computer Science and Engineering Problem Routers are vulnerable points in the Internet, especially
More informationSweet Little Lies: Fake Topologies for Flexible Routing
Sweet Little Lies: Fake Topologies for Flexible Routing Stefano Vissicchio University of Louvain HotNets 27th October 2014 Joint work with Laurent Vanbever (Princeton) and Jennifer Rexford (Princeton)
More informationCapacity Assurance in Hostile Networks
PhD Dissertation Defense Wednesday, October 7, 2015 3:30 pm - 5:30 pm 3112 Engineering Building Capacity Assurance in Hostile Networks By: Jian Li Advisor: Jian Ren ABSTRACT Linear network coding provides
More informationPractical Byzantine Fault Tolerance. Castro and Liskov SOSP 99
Practical Byzantine Fault Tolerance Castro and Liskov SOSP 99 Why this paper? Kind of incredible that it s even possible Let alone a practical NFS implementation with it So far we ve only considered fail-stop
More informationRuss McRee Bryan Casper
Russ McRee Bryan Casper About us We re part of the security incident response team for Microsoft Online Services Security & Compliance We ask more questions than provide answers This presentation is meant
More informationA Ten Minute Introduction to Middleboxes. Justine Sherry, UC Berkeley
A Ten Minute Introduction to Middleboxes Justine Sherry, UC Berkeley This Talk: Three Questions! What is a middlebox? What are some recent trends in middlebox engineering? What research challenges do middleboxes
More informationBoon Thau Loo University of Pennsylvania
Applying PL and Database Techniques to Networking Boon Thau Loo University of Pennsylvania http://netdb.cis.upenn.edu DIMACS Workshop on Designing Networks for Manageability (Nov 12-13) Outline Declarative
More informationAvailability, Reliability, and Fault Tolerance
Availability, Reliability, and Fault Tolerance Guest Lecture for Software Systems Security Tim Wood Professor Tim Wood - The George Washington University Distributed Systems have Problems Hardware breaks
More informationAnnouncements. More Announcements. Brief History of Networking. How does a computer send messages over the Internet? 12/7/11
12/7/11 Announcements Final Project : Deadlines Wed (12/7): Project draft to Learn@UW dropbox by 5pm Whatever you have completed TODAY No partner changes after TODAY (email us if problems) Due December
More informationn Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test
Chapter Objectives n Explain penetration testing concepts n Explain vulnerability scanning concepts Chapter #4: Threats, Attacks, and Vulnerabilities Vulnerability Scanning and Penetration Testing 2 Penetration
More informationEE 122: Network Security
Motivation EE 122: Network Security Kevin Lai December 2, 2002 Internet currently used for important services - financial transactions, medical records Could be used in the future for critical services
More informationkey distribution requirements for public key algorithms asymmetric (or public) key algorithms
topics: cis3.2 electronic commerce 24 april 2006 lecture # 22 internet security (part 2) finish from last time: symmetric (single key) and asymmetric (public key) methods different cryptographic systems
More informationOutline More Security Protocols CS 239 Computer Security February 4, 2004
Outline More Security Protocols CS 239 Computer Security February 4, 2004 Combining key distribution and authentication Verifying security protocols Page 1 Page 2 Combined Key Distribution and Authentication
More informationAnalysis and Enhancement of RPL under Packet Drop Attacks
Analysis and Enhancement of RPL under Packet Drop Attacks Binbin Chen, Yuan Li, Daisuke Mashima Advanced Digital Sciences Center COMSNETS 2018, Jan 3 7, Bangalore, India 1 RPL and AMI RFC6550: RPL: IPv6
More information6.033 Spring 2015! Lecture #24. Combating network adversaries! DDoS attacks! Intrusion Detection
6.033 Spring 2015! Lecture #24 Combating network adversaries! DDoS attacks! Intrusion Detection Last time server principal request guard resource (identifies client on server) attacker s goal! observe
More informationDenial of Service, Traceback and Anonymity
Purdue University Center for Education and Research in Information Assurance and Security Denial of Service, Traceback and Anonymity Clay Shields Assistant Professor of Computer Sciences CERIAS Network
More informationCSE 484 / CSE M 584: Computer Security and Privacy. Anonymity Mobile. Autumn Tadayoshi (Yoshi) Kohno
CSE 484 / CSE M 584: Computer Security and Privacy Anonymity Mobile Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Ada Lerner, John Manferdelli,
More informationFailure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data
Failure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data Anurag Srivastava, Bo Cui, P. Banerjee Washington State University NASPI March 2017 Outline
More informationGood Fences Make Good Neighbors: Rethinking Your Cloud Selection Strategy
Good Fences Make Good Neighbors: Rethinking Your Cloud Selection Strategy SESSION ID: CSV-W01 Bryan D. Payne Director of Security Research Nebula @bdpsecurity Cloud Security Today Cloud has lots of momentum
More informationPass4suresVCE. Pass4sures exam vce dumps for guaranteed success with high scores
Pass4suresVCE http://www.pass4suresvce.com Pass4sures exam vce dumps for guaranteed success with high scores Exam : CS0-001 Title : CompTIA Cybersecurity Analyst (CySA+) Exam Vendor : CompTIA Version :
More informationCE Advanced Network Security Routing Security II
CE 817 - Advanced Network Security Routing Security II Lecture 21 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially
More informationComputer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks
Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications
More informationA SIMPLE INTRODUCTION TO TOR
A SIMPLE INTRODUCTION TO TOR The Onion Router Fabrizio d'amore May 2015 Tor 2 Privacy on Public Networks Internet is designed as a public network Wi-Fi access points, network routers see all traffic that
More informationTroubleshooting Transparent Bridging Environments
Troubleshooting Transparent Bridging Environments Document ID: 10543 This information from the Internetwork Troubleshooting Guide was first posted on CCO here. As a service to our customers, selected chapters
More informationNetwork Monitoring using Test Packet Generation
Network Monitoring using Test Packet Generation Madhuram Kabra Modern Education Society s College of Engineering Pune, India Mohammed Sukhsarwala Modern Education Society s College of Engineering Pune,
More informationLog Data: A Source of Value. Nagios Enterprises LLC Nagios Enterprises 2017 Logs: A Source of Value // 1
Log Data: A Source of Value Nagios Enterprises LLC 2017 Nagios Enterprises 2017 Logs: A Source of Value // 1 Log Data: A Source of Value Nagios Enterprises LLC 2017 Introduction Part 1 : What s in a Log?
More informationDebugging the Data Plane with Anteater
Debugging the Data Plane with Anteater Haohui Mai, Ahmed Khurshid Rachit Agarwal, Matthew Caesar P. Brighten Godfrey, Samuel T. King University of Illinois at Urbana-Champaign Network debugging is challenging
More informationRouting Security We can do better!
Routing Security We can do better! And how MANRS can help Andrei Robachevsky robachevsky@isoc.org 1 No Day Without an Incident 120 6 month of suspicious activity 90 60 Hijack Leak 30 0 1/5/17 1/16/17 1/27/17
More informationApplication Firewalls
Application Moving Up the Stack Advantages Disadvantages Example: Protecting Email Email Threats Inbound Email Different Sublayers Combining Firewall Types Firewalling Email Enforcement Application Distributed
More informationJuggling the Jigsaw Towards Automated Problem Inference from Network Trouble Tickets
Juggling the Jigsaw Towards Automated Problem Inference from Network Trouble Tickets Rahul Potharaju (Purdue University) Navendu Jain (Microsoft Research) Cristina Nita-Rotaru (Purdue University) April
More informationData Centers. Tom Anderson
Data Centers Tom Anderson Transport Clarification RPC messages can be arbitrary size Ex: ok to send a tree or a hash table Can require more than one packet sent/received We assume messages can be dropped,
More informationTroubleshooting Transparent Bridging Environments
CHAPTER Troubleshooting Transparent Bridging Environments Transparent bridges were first developed at Digital Equipment Corporation (Digital) in the early 1980s and are now very popular in Ethernet/IEEE
More informationprecise rules that govern communication between two parties TCP/IP: the basic Internet protocols IP: Internet protocol (bottom level)
Protocols precise rules that govern communication between two parties TCP/IP: the basic Internet protocols IP: Internet protocol (bottom level) all packets shipped from network to network as IP packets
More informationCSC 574 Computer and Network Security. DNS Security
CSC 574 Computer and Network Security DNS Security Alexandros Kapravelos kapravelos@ncsu.edu (Derived from slides by Will Enck and Micah Sherr) A primer on routing Routing Problem: How do Alice s messages
More informationUnderstanding and Characterizing Hidden Interception of the DNS Resolution Path
Who Is Answering My Queries? Understanding and Characterizing Hidden Interception of the DNS Resolution Path Baojun Liu, Chaoyi Lu, Haixin Duan, YingLiu, ZhouLi, ShuangHaoand MinYang ISP DNS Resolver DNS
More informationIntrusion Recovery for Database-backed Web Applications
Intrusion Recovery for Database-backed Web Applications Ramesh Chandra, Taesoo Kim, Meelap Shah, Neha Narula, Nickolai Zeldovich MIT CSAIL Web applications routinely compromised Web applications routinely
More informationRouting Protocol Framework Information Model. Operation Model Routing Information Exchange
Routing Protocol Framework Information Model OSPF RIPv2 BGP4 Routing Information Base Forwarding Information Base RIB FIB FIB RIB (Dest, NextHop, Routing Metrics) Forwarding Algorithm NPDU Header (Network
More informationStateless Network Functions:
Stateless Network Functions: Breaking the Tight Coupling of State and Processing Murad Kablan, Azzam Alsudais, Eric Keller, Franck Le University of Colorado IBM Networks Need Network Functions Firewall
More informationResearch on Firewall in Software Defined Network
Advances in Computer, Signals and Systems (2018) 2: 1-7 Clausius Scientific Press, Canada Research on Firewall in Software Defined Cunqun Fan a, Manyun Lin, Xiangang Zhao, Lizi Xie, Xi Zhang b,* National
More informationSummary of Networked Systems Breakout Group
Summary of Networked Systems Breakout Group Boon Thau Loo NSF ExCAPE PI Meeting 10/11 June 2013 Outline Summary (activities over past year) Research highlights Plans for next year Year 1 in Retrospect
More informationFSR: Formal Analysis and Implementation Toolkit for Safe Inter-domain Routing
FSR: Formal Analysis and Implementation Toolkit for Safe Inter-domain Routing Wenchao Zhou supervised by Prof. Boon Thau Loo CIS Department, University of Pennsylvania Philadelphia, PA, 19104 wenchaoz@cis.upenn.edu
More informationSandboxing and the SOC
Sandboxing and the SOC Place McAfee Advanced Threat Defense at the center of your investigation workflow As you strive to further enable your security operations center (SOC), you want your analysts and
More informationMPEG Frame Types intrapicture predicted picture bidirectional predicted picture. I frames reference frames
MPEG o We now turn our attention to the MPEG format, named after the Moving Picture Experts Group that defined it. To a first approximation, a moving picture (i.e., video) is simply a succession of still
More informationDistributed Time-aware Provenance
Distributed Time-aware Provenance Wenchao Zhou Suyog Mapara Yiqing Ren Yang Li Andreas Haeberlen Zachary Ives Boon Thau Loo Micah Sherr University of Pennsylvania, Philadelphia, PA Georgetown University,
More informationHow do we troubleshoot this? How does Esmeralda know how to fix this?
How do we troubleshoot this? How does Esmeralda know how to fix this? 2 Goal Find bugs in networked applications Large complex unknown applications!!! Large complex unknown networks!!! Understandable output
More informationForensic Network Analysis in the Time of APTs
SharkFest 16 Forensic Network Analysis in the Time of APTs June 16th 2016 Christian Landström Senior IT Security Consultant Airbus Defence and Space CyberSecurity Topics - Overview on security infrastructure
More informationOutline More Security Protocols CS 239 Computer Security February 6, 2006
Outline More Security Protocols CS 239 Computer Security February 6, 2006 Combining key distribution and authentication Verifying security protocols Page 1 Page 2 Combined Key Distribution and Authentication
More information