A Virtual Network Topology Security Assessment Process Presented by Rich Goyette 12/12/20151.

Slides:

Advertisements

Similar presentations

Three-Step Database Design

Advertisements

Modellistica e Gestione dei Sistemi Ambientali A tool for multicriteria analysis: The Analytic Hierarchy Process Chiara Mocenni University of.

Network Virtualization and Service Awareness Properties of FNs

Secure Network Bootstrapping Infrastructure May 15, 2014.

Systems Analysis and Design in a Changing World

Alternative Approach to Systems Analysis Structured analysis

Research Methods for Counselors COUN 597 University of Saint Joseph Class # 8 Copyright © 2015 by R. Halstead. All rights reserved.

An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.

Topology Generation Suat Mercan. 2 Outline Motivation Topology Characterization Levels of Topology Modeling Techniques Types of Topology Generators.

MEASUREMENT. Measurement “If you can’t measure it, you can’t manage it.” Bob Donath, Consultant.

An Assessment of Mobile Ad-Hoc Network (MANET) Issues Jerry Usery CS 526 May 12 th, 2008.

Multivariate Data Analysis Chapter 10 - Multidimensional Scaling

Chapter 41 Information Technology For Management 6 th Edition Turban, Leidner, McLean, Wetherbe Lecture Slides by L. Beaubien, Providence College John.

Improvements in the Spatial and Temporal representation of the Model Owen Woodberry Bachelor of Computer Science, Honours.

Copyright c 2001 The McGraw-Hill Companies, Inc.1 Chapter 2 The Research Process: Getting Started Researcher as a detective Seeking answers to questions.

8 Systems Analysis and Design in a Changing World, Fifth Edition.

Presented by Johanna Lind and Anna Schurba Facility Location Planning using the Analytic Hierarchy Process Specialisation Seminar „Facility Location Planning“

Attention Deficit Hyperactivity Disorder (ADHD) Student Classification Using Genetic Algorithm and Artificial Neural Network S. Yenaeng 1, S. Saelee 2.

Security Metrics - a brief introduction Erland Jonsson Department of Computer Science and Engineering Chalmers University of Technology.

Modeling (Chap. 2) Modern Information Retrieval Spring 2000.

CHAPTER 12 ADVANCED INTELLIGENT SYSTEMS © 2005 Prentice Hall, Decision Support Systems and Intelligent Systems, 7th Edition, Turban, Aronson, and Liang.

COGNITIVE RADIO FOR NEXT-GENERATION WIRELESS NETWORKS: AN APPROACH TO OPPORTUNISTIC CHANNEL SELECTION IN IEEE BASED WIRELESS MESH Dusit Niyato,

Measurement and Scaling

Using Network Simulation Heung - Suk Hwang, Gyu-Sung Cho

1 Secure Cooperative MIMO Communications Under Active Compromised Nodes Liang Hong, McKenzie McNeal III, Wei Chen College of Engineering, Technology, and.

1 Trust Mechanisms in Ad Hoc Networks Azar Rahimi Dehaghani Lei Hu Trust and Security Case Study 2.

VTT-STUK assessment method for safety evaluation of safety-critical computer based systems - application in BE-SECBS project.

Quantitative Analysis for Management Multifactor Evaluation Process and Analytic Hierarchy Process Dr. Mohammad T. Isaai Graduate School of Management.

Preferences and Decision-Making Decision Making and Risk, Spring 2006: Session 7.

Department of Computer Science at Florida State LFTI: A Performance Metric for Assessing Interconnect topology and routing design Background ‒ Innovations.

Argumentation and Trust: Issues and New Challenges Jamal Bentahar Concordia University (Montreal, Canada) University of Namur, Belgium, June 26, 2007.

Social Networking Algorithms related sections to read in Networked Life: 2.1,

Multi-Criteria Decision Making by: Mehrdad ghafoori Saber seyyed ali

A Framework for Elastic Execution of Existing MPI Programs Aarthi Raveendran Graduate Student Department Of CSE 1.

INTERACTIVE ANALYSIS OF COMPUTER CRIMES PRESENTED FOR CS-689 ON 10/12/2000 BY NAGAKALYANA ESKALA.

Virtual Data Grid Architecture Ewa Deelman, Ian Foster, Carl Kesselman, Miron Livny.

Chapter 4 Issues and Techniques for IT Project Evaluation Management of Computer System Performance.

1 Optical Packet Switching Techniques Walter Picco MS Thesis Defense December 2001 Fabio Neri, Marco Ajmone Marsan Telecommunication Networks Group

EPA Enterprise Data Architecture Metadata Framework Assessment Kevin J. Kirby, Enterprise Data Architect EPA Enterprise Architecture Team

An overview of multi-criteria analysis techniques The main role of the techniques is to deal with the difficulties that human decision-makers have been.

Department of Electronic Engineering Challenges & Proposals INFSO Information Day e-Infrastructure Grid Initiatives 26/27 May.

Semantic Wordfication of Document Collections Presenter: Yingyu Wu.

Facilitating Document Annotation using Content and Querying Value.

© 2006 by The McGraw-Hill Companies, Inc. All rights reserved. 1 Chapter 2 The Research Process: Getting Started Researcher as a detective –Seeking answers.

Doc.: IEEE /0493r0 Submission May 2010 Changsoon Choi, IHP microelectronicsSlide 1 Beamforming training for IEEE ad Date: Authors:

Harvesting Social Knowledge from Folksonomies Harris Wu, Mohammad Zubair, Kurt Maly, Harvesting social knowledge from folksonomies, Proceedings of the.

Research Tools and Techniques The Research Process: Step 6 (Research Design for Experiments Part C) Lecture 24.

KAIS T On the problem of placing Mobility Anchor Points in Wireless Mesh Networks Lei Wu & Bjorn Lanfeldt, Wireless Mesh Community Networks Workshop, 2006.

Copyright © 2011 Wolters Kluwer Health | Lippincott Williams & Wilkins Chapter 21 Evidence in Learning and Teaching.

The Design of XML-Based Model and Experiment Description Languages for Network Simulation Andrew Hallagan Bucknell University Dept. of Computer Science.

20. september 2006TDT55 - Case-based reasoning1 Retrieval, reuse, revision, and retention in case-based reasoning.

A Security Framework with Trust Management for Sensor Networks Zhiying Yao, Daeyoung Kim, Insun Lee Information and Communication University (ICU) Kiyoung.

On Exploiting Diversity and Spatial Reuse in Relay-enabled Wireless Networks Karthikeyan Sundaresan, and Sampath Rangarajan Broadband and Mobile Networking,

Partially Overlapped Channels Not Considered Harmful Arunesh Mishra, Vivek Shrivastava, Suman Banerjee, William Arbaugh (ACM SIGMetrics 2006) Slides adapted.

Facilitating Document Annotation Using Content and Querying Value.

1 A Methodology for automatic retrieval of similarly shaped machinable components Mark Ascher - Dept of ECE.

Overview of the handbook Chapter 5: Levee inspection, assessment and risk attribution.

Fast Transmission to Remote Cooperative Groups: A New Key Management Paradigm.

Wireless LAN Concepts. Wireless LAN Standards.

Lecture 20. Graphs and network models 1. Recap Binary search tree is a special binary tree which is designed to make the search of elements or keys in.

GCSE Computer Science Content Overview

An assessment framework for Intrusion Prevention System (IPS)

Framework of Network Virtualization for Future Networks

Networking: Discovery, Communication, Collaboration

Hashing: is an alternative search technique (earlier we had BST) Motivation: Try to access directly each possible keys! Suggestion: Enumerate possible.

Presented by Rich Goyette

Chapter 13 Quality Management

ETSI Contribution to 3rd Meeting of EC Expert Group on RRS

2019/9/14 The Deep Learning Vision for Heterogeneous Network Traffic Control Proposal, Challenges, and Future Perspective Author: Nei Kato, Zubair Md.

Presentation transcript:

A Virtual Network Topology Security Assessment Process Presented by Rich Goyette 12/12/20151

Overview Motivation Virtual Network Concept Security Model Development Assessment Process Summary An Example Conclusions and Future Work 12/12/20152

Motivation Network Virtualization: Trust and Security challenges. Security is hard to quantify. – Expert judgement is an alternative but: Time and labour intensive; Inconsistent; Our approach – model expert judgement: – Repeatable; – Uses available VNet attributes. 12/12/20153

Concept of Virtual Networks Logical Plane Physical Plane Service Provider (SP) Requirements Virtual Network Provider (VNP) Infrastructure Provider 1 (InP 1) Infrastructure Provider 2 (InP 2) Infrastructure Provider 3 (InP 3) Attribute Search and Comparison 12/12/20154

VNet Attributes are Key! Each physical network element (node and link) has attributes. Attributes are stored in resource discovery framework. RDF We use the attribute values to characterize VNet security. 12/12/20155

How We Model Expert Judgement For each network element (nodes, links), expert judgement of security is modeled using the additive form of multi-attribute value function: x i :A security relevant attribute (operating system, media type, etc.). v(x i ):A value function for a single attribute x i. x: A vector of attributes {x1, x2, … xj} for an element. δ i :A scaling constant for attribute x i. V(x):An expert value function for attribute vector x. (V(x) is the security value of a node or link with attributes x). 12/12/20156

Some Conditions The additive form is only valid when attributes are mutually preference independent; A line of questioning is needed for attribute independence testing following attribute selection. ExampleAlternativesIndependent? Computer selection[1TB, 2GHz, 1GB] [1TB, 4GHz, 1GB] Yes Dinner selection[Potato, Fish, White] [Potato, Beef, White] No 12/12/20157

Decision Support Tools We use MACBETH (Measuring Attractiveness by a Categorical Based Evaluation Technique) to illustrate the development of value functions and scaling constants. Other methods can be used by the must result in measurable value functions on an ordinal scale. 12/12/20158

Single Attribute Value Functions Assume we are considering a Link network element with respect to confidentiality. Link confidentiality can be characterized by: – Channel Mode (CM) – Encryption (ENC) – Media Type (MT) 12/12/20159

Single Attribute Value Functions “In your professional judgement, with respect to confidentiality, what is your strength of preference for fiber over wireless media?” “Twisted pair?” “Coax?” 12/12/201510

Single Attribute Value Functions Based on pairs comparison, a value function is proposed; Values are normalized between the best and worst cases on MACBETH proposed scale (pre-cardinal); Judges can adjust positions to some extent (cardinal). 12/12/201511

Single Attribute Value Functions Encryption and Channel Mode value functions developed similarly; 12/12/201512

Scaling Constant Development Scaling constants in MACBETH are developed using the same process. “Consider the worst case combination of these attributes with respect to confidentiality” “Characterize your strength of preference with respect to this case in going from {wireless, no encryption, no channels} to {fiber, no encryption, no channels}” 12/12/201513

Scaling Constant Development MACBETH fills in remainder of weights and suggests scaling constants. Security Value of Link i: 12/12/201514

Security Value Aggregation We combine network element security values using the following simple aggregation model: The low value is included to manage “weakest link” concerns. We end up with a 3X2 matrix representing C, I, and A for VNet Nodes and Links. 12/12/201515

Assessment Process Summary Gather Security Experts Compute Attribute Value Function Develop Attribute Value Functions Compute Security Value for Element Develop Element Value Function Obtain Attribute Values Identify Relevant Attributes For Each Element: For Each Element in Topology : Identify all Types of VNet Element Aggregate Security Values Nodes and Links MAVT Model Generation Model Application 12/12/201516

Example: Identify Relevant Attributes 12/12/201517

Example: Develop Attribute Value Functions 12/12/201518

Example: Develop Scaling Constants 12/12/201519

Example: Evaluate Topology 12/12/201520

Conclusions Our process is passive; Our process compares current VNet security to expert “best effort”; Once our model is generated, security assessment is relatively straightforward; Model can be generated as a separate business enterprise. 12/12/201521

Future Work Gathering experts for model generation is problematic: – Time, schedule, frequency. – Dynamics of group decision making. Physical network components will change, migrate, and/or evolve. Providers will lie. 12/12/201522