Ondrej Rysavy

A Formal Model for Network-Wide Security Analysis

Network designers perform challenging tasks with so many configuration options that it is often hard or even impossible for a human to predict all potentially dangerous situations. In this paper, we introduce a formal method approach for verification of security constraints on networks with dynamic routing protocols in use. A unifying model based on packet-filters is employed for modelling of network behaviour. Over this graph model augmented with filtering rules over edges verification of reachability properties can be made. In our approach we also consider topology changes caused by dynamic routing protocols.

A Formal Authorization Framework for Networked SCADA Systems

In this paper, we propose an application of a formal authorization framework for defining and enforcing security policies in SCADA systems. Current generation of SCADA systems are built as open networked systems often connected to public networks. Thus the security becomes an important issue, which needs to be properly addressed in these systems. The knowledge gained from securing networked computer based systems may help to develop security measures for SCADA systems too. Among such methods, a policy based security methods are the most applied. The contribution of this paper consists of an overview of security issues related to SCADA systems and a proposal to use a logic-based authorization framework in this environment for achieving scalable and efficient authentication.

Formal abstract architecture for use case specifications

Originally, use cases were informal modeling artifacts serving for specifying the requirements of computer-based systems in the early development phase. Last decade emphasizes the need for rigorous definition of semantics for use cases since discovering their impact during the whole development process. In this contribution, the semantics of use cases is directly obtained as a consequence of formal representation of use cases in the language of higher-order logic. The definition itself reveals the use case specifications as three level architecture which enables abstract specification of static structure at higher levels and more detailed description of a systems behavior at the lowest level. Often mentioned compactness issue of use cases, the interplay between static views that focus primarily on elicitation possible users of the system and corresponding dynamic views describing abstract behavior of the system is treated separately by adding extra information specifying participants which are, nevertheless, accessible from the whole use case hierarchy.

Combination of simulation and formal methods to analyse network survivability

Modern computer networks are complex and their topology can dynamically change when links go down. It is difficult to predict behaviour of a large network with dynamic routing protocols. To automatically prove survivability and reliability of an end-to-end connection, formal analysis combined with simulation can be exploited. In this paper, an approach based on detection of critical elements using formal analysis and subsequent simulation of time related properties is introduced. Our network model is automatically extracted from configurations of network devices. Then, critical network elements are detected using graph search algorithms. After that, several simulation scenarios are executed over a model in order to detect time dependencies. Modelling and simulation is done in OMNeT++ simulator, formal analysis is computed using scripting. The first results of this combined analysis show feasibility of this approach and help to reveal both qualitative parameters (status of links and nodes), and quantitative parameters (timers, routing protocols) that influence reliability and survivability of the network. The approach is demonstrated on a simplified topology of Czech Academic Network (CESNET).

FAST RTP DETECTION AND CODECS CLASSIFICATION IN INTERNET TRAFFIC

This paper presents a fast multi-stage method for on-line detection of RTP streams and codec identification of transmitted voice or video traffic. The method includes an RTP detector that filters packets based on specific values from UDP and RTP headers. When an RTP stream is successfully detected, codec identification is applied using codec feature sets. The paper shows advantages and limitations of the method and its comparison with other approaches. The method was implemented as a part of network forensics framework NetFox developed in project SEC6NET. Results show that the method can be successfully used for Lawful Interception as well as for network monitoring.

Formal analysis approach on networks with dynamic behaviours

Formal verification and validation techniques such as model checking are not widely used in computer networks. These methods are very useful to identify configuration errors, identify design problems and predict network behaviours under different network conditions. This paper describes the two main components of the formal verification process, formal modelling and the analysis process. For formal modelling, computer networks configured with dynamic routing protocols such as RIP, OSFP or EIGRP are considered. For the analysis, reachability and security properties are evaluated as the behavioural properties in the case of device or link failures. Graph Theory is used to implement the model and predict the network behaviours. The process of building the model, grouping the network states which have common behaviours and predicting behaviours are the core work of this paper. Furthermore this paper details a method to reduce the state space and hence eliminate the state space explosion.

Inter-university project based on LEGO NXT

The paper describes the mechanism for involving students from multilingual, geographically separated institutions in a coordinated educational experience and presents the observations and evaluation of outcomes related to the collaborative project. The project was realized as a part of ILERT (International Learning Environment for Real-Time Software Intensive Control System) EU/US activity sponsored by FIPSE/EC Atlantis Program. As a part of the pilot implementation phase of the ILERT project, international students teams have worked on robotic design and control experiments with LEGO MINDSTORMS NXT kits. The project has engaged on-site students and faculty of universities from four countries (USA, Poland, France, and Czech Republic). The robot maze navigation problem has been defined as an example. LEGO-MINDSTROMS NXT kit has been selected as a common platform for students teams. A Web-based Project Management System (WebPMS) has been used to improve communication and test Internet based tools for inter-university collaboration. Final evaluation of the project outcomes, including students survey results, are presented in this paper.

Towards identification of operating systems from the internet traffic: IPFIX monitoring with fingerprinting and clustering

This paper deals with identification of operating systems (OSs) from the Internet traffic. Every packet injected on the network carries a specific information in its packet header that reflects the initial settings of a hosts operating system. The set of such features forms a fingerprint. The OS fingerprint usually includes an initial TTL time, a TCP initial window time, a set of specific TCP options, and other values obtained from IP and TCP headers. Identification of OSs can be useful for monitoring a traffic on a local network and also for security purposes. In our paper we focus on the passive fingerprinting using TCP SYN packets that is incorporated to a IPFIX probe. Our tool enhances standard IPFIX records by additional information about OSs. Then, it sends the records to an IPFIX collector where network statistics are stored and presented to the network administrator. If identification is not successful, a further HTTP header check is employed and the fingerprinting database in the probe is updated. Our fingerprinting technique can be extended using cluster analysis as presented in this paper. As we show the clustering adds flexibility and dynamics to the fingerprinting. We also discuss the impact of IPv6 protocol on the passive fingerprinting.

Enhanced interior gateway routing protocol for OMNeT

Ciscos EIGRP is a hybrid routing protocol between distance vector and link-state routing protocols. EIGRP offers routing based on composite metric, which takes into account multiple factors and allows more granular and precise routing decisions based on the current state of the network. Cisco released basic specification of EIGRP as IETFs RFC draft in the beginning of 2013. This paper introduces one of the first freely available EIGRP design and a simulation model implementation that can be run and tested within OMNeT++ discrete event simulator.

From protecting protocols to layers: Designing, implementing and experimenting with security policies in RINA

Current Internet security is complex, expensive and ineffective. The usual argument is that the TCP/IP protocol suite was not designed having security in mind and security mechanisms have been added as add-ons or separate protocols. We argue that fundamental limitations in the Internet architecture are a major factor contributing to the insecurity of the Net. In this paper we explore the security properties of the Recursive InterNetwork Architecture, analyzing the principles that make RINA networks inherently more secure than TCP/IP-based ones. We perform the specification, implementation and experimental evaluation of the first authentication and SDU protection policies for RINA networks. RINAs approach to securing layers instead of protocols increases the security of networks, while reducing the complexity and cost of providing security.