Martin W. Fong

A security enforcement kernel for OpenFlow networks

Software-defined networks facilitate rapid and open innovation at the network control layer by providing a programmable network infrastructure for computing flow policies on demand. However, the dynamism of programmable networks also introduces new security challenges that demand innovative solutions. A critical challenge is efficient detection and reconciliation of potentially conflicting flow rules imposed by dynamic OpenFlow (OF) applications. To that end, we introduce FortNOX, a software extension that provides role-based authorization and security constraint enforcement for the NOX OpenFlow controller. FortNOX enables NOX to check flow rule contradictions in real time, and implements a novel analysis algorithm that is robust even in cases where an adversarial OF application attempts to strategically insert flow rules that would otherwise circumvent flow rules imposed by OF security applications. We demonstrate the utility of FortNOX through a prototype implementation and use it to examine performance and efficiency aspects of the proposed framework.

Modeling multistep cyber attacks for scenario recognition

Efforts toward automated detection and identification of multistep cyber attack scenarios would benefit significantly from a methodology and language for modeling such scenarios. The Correlated Attack Modeling Language (CAML) uses a modular approach, where a module represents an inference step and modules can be linked together to detect multistep scenarios. CAML is accompanied by a library of predicates, which functions as a vocabulary to describe the properties of system states and events. The concept of attack patterns is introduced to facilitate reuse of generic modules in the attack modeling process. CAML is used in a prototype implementation of a scenario recognition engine that consumes first-level security alerts in real time and produces reports that identify multistep attack scenarios discovered in the alert stream.

Extending WWW for synchronous collaboration

Abstract The World-Wide-Web (WWW), in conjunction with such tools as Mosaic, is an extremely effective mechanism for individuals to share distributed information. However, access to this information is unidirectional, asynchronous, and limited by a client/server model in which only predefined data are provided. We describe augmenting WWW to support bidirectional, synchronous collaboration between data producers and their consumers. This is accomplished by exploiting WWWs ease of access and use, and by incorporating a peer-to-peer model that provides real-time collaboration services.

CECED: a system for informal multimedia collaboration

The Collaborative Environment for Concurrent Engineering Design (CECED) 1 is presented, which provides mechanisms that facilitate communicating effectively using multiple media and capturing the history of the informal phase of the specification and design process. The network-supported collaboration technology being developed in CECED is designed to support collaboration among multiple users of existing tools with minimal intrusion into existing software or user interaction styles. It integrates voice with other media exchanged in a multimedia conference by multiplexing the media in the same multicast connection for transport across a network or internet. It separates private workspaces from shared ones. It uses a distributed activity-sensing floor control algorithm to guarantee a single stream of input to unmodified single-user applications. It extends the shared screen paradigm prevalent in multimedia conferencing to shared and coordinated control of client applications and server resources. Finally, it supports the replication of applications and databases at each site, quick feedback to all conferees, and the ability to conference over low bandwidth communication networks.

Scoot: an object-oriented toolkit for multimedia collaboration

The Synchronous Collaborative Object-Oriented Toolkit (SCOOT) provides reliable real-time multimedia collaboration for geographically separated participants. SCOOT does this by synchronizing application states and ensuring reliable shared tool control. It is designed to provide this functionality while minimizing the modifications to application code, the impact on a developers design style and level of effort, and on an applications structure. SCOOT extends the end-users working style by providing a continuum of collaboration styles, ranging from informal to formal.

Scalable visualization of propagating internet phenomena

The Internet has recently been impacted by a number of large distributed attacks that achieve exponential growth through self-propagation. Some of these attacks have exploited vulnerabilities for which advisories had been issued and for which patches and detection signatures were available. It is increasingly apparent, however, that such prevention and detection mechanisms are inadequate, and that the attackers time to exploit is shrinking relative to the defenders ability to learn of a new attack and patch systems or update intrusion detection signatures. We introduce visual, scalable techniques to detect phenomena such as distributed denial-of-service attacks and worms. It is hoped that these new approaches will enable detection of such events at an early stage and enable local response actions even before the publication of advisories about a new vulnerability and the availability of patches.

A Security-Mode for Carrier-Grade SDN Controllers

Management approaches to modern networks are increasingly influenced by software-defined networks (SDNs), and this increased influence is reflected in the growth of commercially available innovative SDN-based switches, controllers and applications. To date, there have been a number of commercial and open-source SDN operating systems (NOS) introduced for various purposes, including distributed controller frameworks targeting large, carrier-grade networks such as the Open Network Operating System (ONOS) and OpenDayLight (ODL). These frameworks are distinguished by their (i) elastic cluster controller architecture, (ii) network virtualization support, and (iii) modular design. Given their flexible design, growing list of supported features, and collaborative community support, these are attractive hosting platforms for a wide range of third-party distributed network management applications. This paper identifies the common security requirements for policy enforcement in such distributed controller environments. We present the design of a network application permission-enforcement model and an integrated security subsystem (SM-ONOS) for managing distributed applications running on an ONOS controller. We discuss the underlying motivations of its security extensions and their implications for improving our understanding of how to securely manage large-scale SDNs. Our performance assessments demonstrate that the security-mode extension imposed reasonable overheads (ranging from 5 to 20% for 1-7 node clusters).

Securing Current and Future Process Control Systems

Process control systems (PCSs) are instrumental to the safe, reliable and efficient operation of many critical infrastructure components. However, PCSs increasingly employ commodity information technology (IT) elements and are being connected to the Internet. As a result, they have inherited IT cyber risks, threats and attacks that could affect the safe and reliable operation of infrastructure components, adversely affecting human safety and the economy. This paper focuses on the problem of securing current and future PCSs, and describes tools that automate the task. For current systems, we advocate specifying a policy that restricts control network access and verifying its implementation. We further advocate monitoring the control network to ensure policy implementation and verify that network use matches the design specifications. For future process control networks, we advocate hosting critical PCS software on platforms that tolerate malicious activity and protect PCS processes, and testing software with specialized tools to ensure that certain classes of vulnerabilities are absent prior to shipping.