Saeed Al-Haj

FlowChecker: configuration analysis and verification of federated openflow infrastructures

It is difficult to build a real network to test novel experiments. OpenFlow makes it easier for researchers to run their own experiments by providing a virtual slice and configuration on real networks. Multiple users can share the same network by assigning a different slice for each one. Users are given the responsibility to maintain and use their own slice by writing rules in a FlowTable. Misconfiguration problems can arise when a user writes conflicting rules for single FlowTable or even within a path of multiple OpenFlow switches that need multiple FlowTables to be maintained at the same time. In this work, we describe a tool, FlowChecker, to identify any intra-switch misconfiguration within a single FlowTable. We also describe the inter-switch or inter-federated inconsistencies in a path of OpenFlow switches across the same or different OpenFlow infrastructures. FlowChecker encodes FlowTables configuration using Binary Decision Diagrams and then uses the model checker technique to model the inter-connected network of OpenFlow switches.

Security-Aware Resource Allocation in Clouds

Elasticity and economic considerations make Infrastructure-as-a-Service (IaaS) clouds attractive propositions for hosting enterprise IT applications. However, for prospective cloud customers, that potential is tempered by concerns, chief among them being security. We consider the problem of resource allocation in IaaS clouds while factoring in reachability and access control requirements of the cloud virtual machines (VMs). We describe a security-aware resource allocation framework that allows for effective enforcement of defense-in-depth for cloud VMs by determining (1) the grouping of VMs into security groups based on the similarity of their reachability requirements, and (2) the placement of virtual machines in a manner that reduces residual risks for individual VMs as well as security groups. We formalize security-aware resource allocation as a Constraint Satisfaction Problem (CSP), which can be solved using widely available Satisfiability Modulo Theories (SMT) solvers. Our experimental evaluation shows the effectiveness of our approach in reducing risk and improving manageability of security configurations for the cloud VMs.

A formal approach for virtual machine migration planning

Cloud computing is an emerging paradigm in information technology. Virtualization is the corner stone for this paradigm in which resources are utilized by running multiple virtual machines (VMs) on a physical host. During the VMs life cycle, the cloud provider may migrate the VM from one host to another host. During the live migration process, some security, capacity, and dependency requirements are subject to violations due to the temporal relationship between migration steps. In this paper, we present a formal approach to plan VM migration; that is to find a sequence of migration steps such that all security, dependency, and performance requirements are met. The migration planning problem is modeled as a Constraints Satisfaction Problem and it is solved using Satisfiability Modulo Theory (SMT) solvers. We provide VMM-Planner, a formal framework that provides a VM migration plan to formally verify the given requirements in all intermediate migration steps.

Measuring firewall security

In the recent years, more attention is given to firewalls as they are considered the corner stone in Cyber defense perimeters. The ability to measure the quality of protection of a firewall policy is a key step to assess the defense level for any network. To accomplish this task, it is important to define objective metrics that are formally provable and practically useful. In this work, we propose a set of metrics that can objectively evaluate and compare the hardness and similarities of access policies of single firewalls based on rules tightness, the distribution of the allowed traffic, and security requirements. In order to analyze firewall polices based on the policy semantic, we used a canonical representation of firewall rules using Binary Decision Diagrams (BDDs) regardless of the rules format and representation. The contribution of this work comes in measuring and comparing firewall security deterministically in term of security compliance and weakness in order to optimize security policy and engineering.

Anomaly Discovery and Resolution in MySQL Access Control Policies

Managing hierarchical and fine grained DBMS policies for a large number of users is a challenging task and it increases the probability of introducing misconfigurations and anomalies. In this paper, we present a formal approach to discover anomalies in database policies using Binary Decision Diagrams (BDDs) which allow finer grain analysis and scalability. We present and formalize intra-table and inter-table redundancy anomalies using the popular MySQL database server as a case study. We also provide a mechanism for improving the performance of policy evaluation by upgrading rules from one grant table to another grant table. We implemented our proposed approach as a tool called MySQLChecker. The experimental results show the efficiency of MySQLChecker in finding and resolving policy anomalies.

Objective metrics for firewall security: A holistic view

Firewalls are the primary security devices in cyber defense. Yet, the security of firewalls depends on the quality of protection provided by the firewall policy. The lack of metrics and attack incident data makes measuring the security of firewall policies a challenging task. In this paper, we present a new set of quantitative metrics that can be used to measure, as well as, compare the security level of firewall policies in an enterprise network. The proposed metrics measure the risk of attacks on the network that is imposed due to weaknesses in the firewall policy. We also measure the feasibility of mitigating or removing that risk. The presented metrics are proven to be (1) valid as compared with the ground truth, and (2) practically useful as each one implies actionable security hardening.

FlowTable pipeline misconfigurations in Software Defined Networks

Software Defined Networks (SDNs) are a promising network architecture for future computer networks because they enable more dynamic, fine-grained control over network traffic. OpenFlow is an open standard network protocol that provides specifications for managing network traffic. Permissible (and impermissible) network flows are defined by OpenFlow policies that are translated into network switch FlowTables. Like other network types, SDNs are susceptible to misconfiguration that can negatively affect SDN behavior by leading to the execution of unintended network flows. In this paper, we present a formal method-based framework to detect pipeline misconfigurations in network switch FlowTables. Our framework can be used to: (a) formally verify the consistency of different network switches and OpenFlow controllers across SDN infrastructures; (b) formally validate the correctness of the configuration synthesis; (c) debug reachability and security problems; and, (d) formally assess the consistency of SDN policies. Our framework can also be used as a foundational methodology to conduct “what-if” analysis to study the impact of the new SDN network configurations by simply changing the state in the FlowTables and then analyzing the effects.

SensorChecker: reachability verification in mission-oriented sensor networks

This paper presents novel techniques to verify the global reachability in mission-oriented wireless sensor networks (Mission-Oriented WSN). The global reachability verification considers configurations such as forwarding information and awake/dormant schedule as generated by WSN protocols and algorithms. Our contribution is two-fold. First, we create a scalable model that represents the end-to-end reachability of WSN based on node configuration using Binary Decision Diagrams (BDDs) and Symbolic Model Checking, and then define generic reachability properties using Computational Tree Logic (CTL). Second, we encode the Mission-Oriented WSN topological information using Boolean functions to verify constraint-based reachability properties for WSN, and show soundness and completeness. We implement this in a tool called SensorChecker. The scalability and performance of SensorChecker is validated with very large WSN networks (10s of thousand of nodes) and wake-up scheduling parameters. To the best of our knowledge, this is the first formal approach for verifying large-scale WSN network configuration.

Build and Test Your Own Network Configuration

Access control policies play a critical role in the security of enterprise networks deployed with variety of policy-based devices (e.g., routers, firewalls, and IPSec). Usually, the security policies are configured in the network devices in a distributed fashion through sets of access control lists (ACL). However, the increasing complexity of access control configurations due to larger networks and longer policies makes configuration errors inevitable. Incorrect policy configuration makes the network vulnerable to different attacks and security breaches. In this paper, we present an imperative framework, namely, ConfigLEGO, that provides an open programming platform for building the network security configuration globally and analyzing it systematically. The ConfigLEGO engine uses Binary Decision Diagram (BDD) to build a Boolean model that represents the global system behaviors including all possible interaction between various components in extensible and scalable manner. Our tool also provides a C/C++ API as a software wrapper on top of the BDD engine to allow users in defining topology, configurations, and reachability, and then analyzing in various abstraction levels, without requiring knowledge of BDD representation or operations.

CloudChecker: An imperative framework for cloud configuration management

Cloud computing became one of the major research areas recently. The interest in cloud computing increases day by day because of the features provided by cloud providers. Pay-as-you-go is one of these features that attract customers to adopt this idea. Another feature is providing different levels of services to the customers; Software, Platform, and Infrastructure as a Service are the major services provided by clouds.