Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Virtual Network Topology Security Assessment Process Presented by Rich Goyette 12/12/20151.

Published byBartholomew Evans Modified over 9 years ago

Similar presentations

Presentation on theme: "A Virtual Network Topology Security Assessment Process Presented by Rich Goyette 12/12/20151."— Presentation transcript:

1 A Virtual Network Topology Security Assessment Process Presented by Rich Goyette 12/12/20151

2 Overview Motivation Virtual Network Concept Security Model Development Assessment Process Summary An Example Conclusions and Future Work 12/12/20152

3 Motivation Network Virtualization: Trust and Security challenges. Security is hard to quantify. – Expert judgement is an alternative but: Time and labour intensive; Inconsistent; Our approach – model expert judgement: – Repeatable; – Uses available VNet attributes. 12/12/20153

4 Concept of Virtual Networks Logical Plane Physical Plane Service Provider (SP) Requirements Virtual Network Provider (VNP) Infrastructure Provider 1 (InP 1) Infrastructure Provider 2 (InP 2) Infrastructure Provider 3 (InP 3) Attribute Search and Comparison 12/12/20154

5 VNet Attributes are Key! Each physical network element (node and link) has attributes. Attributes are stored in resource discovery framework. RDF We use the attribute values to characterize VNet security. 12/12/20155

6 How We Model Expert Judgement For each network element (nodes, links), expert judgement of security is modeled using the additive form of multi-attribute value function: x i :A security relevant attribute (operating system, media type, etc.). v(x i ):A value function for a single attribute x i. x: A vector of attributes {x1, x2, … xj} for an element. δ i :A scaling constant for attribute x i. V(x):An expert value function for attribute vector x. (V(x) is the security value of a node or link with attributes x). 12/12/20156

7 Some Conditions The additive form is only valid when attributes are mutually preference independent; A line of questioning is needed for attribute independence testing following attribute selection. ExampleAlternativesIndependent? Computer selection[1TB, 2GHz, 1GB] [1TB, 4GHz, 1GB] Yes Dinner selection[Potato, Fish, White] [Potato, Beef, White] No 12/12/20157

8 Decision Support Tools We use MACBETH (Measuring Attractiveness by a Categorical Based Evaluation Technique) to illustrate the development of value functions and scaling constants. Other methods can be used by the must result in measurable value functions on an ordinal scale. 12/12/20158

9 Single Attribute Value Functions Assume we are considering a Link network element with respect to confidentiality. Link confidentiality can be characterized by: – Channel Mode (CM) – Encryption (ENC) – Media Type (MT) 12/12/20159

10 Single Attribute Value Functions “In your professional judgement, with respect to confidentiality, what is your strength of preference for fiber over wireless media?” “Twisted pair?” “Coax?” 12/12/201510

11 Single Attribute Value Functions Based on pairs comparison, a value function is proposed; Values are normalized between the best and worst cases on MACBETH proposed scale (pre-cardinal); Judges can adjust positions to some extent (cardinal). 12/12/201511

12 Single Attribute Value Functions Encryption and Channel Mode value functions developed similarly; 12/12/201512

13 Scaling Constant Development Scaling constants in MACBETH are developed using the same process. “Consider the worst case combination of these attributes with respect to confidentiality” “Characterize your strength of preference with respect to this case in going from {wireless, no encryption, no channels} to {fiber, no encryption, no channels}” 12/12/201513

14 Scaling Constant Development MACBETH fills in remainder of weights and suggests scaling constants. Security Value of Link i: 12/12/201514

15 Security Value Aggregation We combine network element security values using the following simple aggregation model: The low value is included to manage “weakest link” concerns. We end up with a 3X2 matrix representing C, I, and A for VNet Nodes and Links. 12/12/201515

16 Assessment Process Summary Gather Security Experts Compute Attribute Value Function Develop Attribute Value Functions Compute Security Value for Element Develop Element Value Function Obtain Attribute Values Identify Relevant Attributes For Each Element: For Each Element in Topology : Identify all Types of VNet Element Aggregate Security Values Nodes and Links MAVT Model Generation Model Application 12/12/201516

17 Example: Identify Relevant Attributes 12/12/201517

18 Example: Develop Attribute Value Functions 12/12/201518

19 Example: Develop Scaling Constants 12/12/201519

20 Example: Evaluate Topology 12/12/201520

21 Conclusions Our process is passive; Our process compares current VNet security to expert “best effort”; Once our model is generated, security assessment is relatively straightforward; Model can be generated as a separate business enterprise. 12/12/201521

22 Future Work Gathering experts for model generation is problematic: – Time, schedule, frequency. – Dynamics of group decision making. Physical network components will change, migrate, and/or evolve. Providers will lie. 12/12/201522

Download ppt "A Virtual Network Topology Security Assessment Process Presented by Rich Goyette 12/12/20151."

Similar presentations

Three-Step Database Design

Three-Step Database Design
Modellistica e Gestione dei Sistemi Ambientali 2007-2008 A tool for multicriteria analysis: The Analytic Hierarchy Process Chiara Mocenni University of.

Modellistica e Gestione dei Sistemi Ambientali A tool for multicriteria analysis: The Analytic Hierarchy Process Chiara Mocenni University of.
Network Virtualization and Service Awareness Properties of FNs

Network Virtualization and Service Awareness Properties of FNs
Www.opendaylight.org Secure Network Bootstrapping Infrastructure May 15, 2014.

Secure Network Bootstrapping Infrastructure May 15, 2014.
Systems Analysis and Design in a Changing World

Systems Analysis and Design in a Changing World
Alternative Approach to Systems Analysis Structured analysis

Alternative Approach to Systems Analysis Structured analysis
Research Methods for Counselors COUN 597 University of Saint Joseph Class # 8 Copyright © 2015 by R. Halstead. All rights reserved.

Research Methods for Counselors COUN 597 University of Saint Joseph Class # 8 Copyright © 2015 by R. Halstead. All rights reserved.
An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.

An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.
Topology Generation Suat Mercan. 2 Outline Motivation Topology Characterization Levels of Topology Modeling Techniques Types of Topology Generators.

Topology Generation Suat Mercan. 2 Outline Motivation Topology Characterization Levels of Topology Modeling Techniques Types of Topology Generators.
MEASUREMENT. Measurement “If you can’t measure it, you can’t manage it.” Bob Donath, Consultant.

MEASUREMENT. Measurement “If you can’t measure it, you can’t manage it.” Bob Donath, Consultant.
An Assessment of Mobile Ad-Hoc Network (MANET) Issues Jerry Usery CS 526 May 12 th, 2008.

An Assessment of Mobile Ad-Hoc Network (MANET) Issues Jerry Usery CS 526 May 12 th, 2008.
Multivariate Data Analysis Chapter 10 - Multidimensional Scaling

Multivariate Data Analysis Chapter 10 - Multidimensional Scaling
Chapter 41 Information Technology For Management 6 th Edition Turban, Leidner, McLean, Wetherbe Lecture Slides by L. Beaubien, Providence College John.

Chapter 41 Information Technology For Management 6 th Edition Turban, Leidner, McLean, Wetherbe Lecture Slides by L. Beaubien, Providence College John.
Improvements in the Spatial and Temporal representation of the Model Owen Woodberry Bachelor of Computer Science, Honours.

Improvements in the Spatial and Temporal representation of the Model Owen Woodberry Bachelor of Computer Science, Honours.
Copyright c 2001 The McGraw-Hill Companies, Inc.1 Chapter 2 The Research Process: Getting Started Researcher as a detective Seeking answers to questions.

Copyright c 2001 The McGraw-Hill Companies, Inc.1 Chapter 2 The Research Process: Getting Started Researcher as a detective Seeking answers to questions.
8 Systems Analysis and Design in a Changing World, Fifth Edition.

8 Systems Analysis and Design in a Changing World, Fifth Edition.
Presented by Johanna Lind and Anna Schurba Facility Location Planning using the Analytic Hierarchy Process Specialisation Seminar „Facility Location Planning“

Presented by Johanna Lind and Anna Schurba Facility Location Planning using the Analytic Hierarchy Process Specialisation Seminar „Facility Location Planning“
Attention Deficit Hyperactivity Disorder (ADHD) Student Classification Using Genetic Algorithm and Artificial Neural Network S. Yenaeng 1, S. Saelee 2.

Attention Deficit Hyperactivity Disorder (ADHD) Student Classification Using Genetic Algorithm and Artificial Neural Network S. Yenaeng 1, S. Saelee 2.
Security Metrics - a brief introduction Erland Jonsson Department of Computer Science and Engineering Chalmers University of Technology.

Security Metrics - a brief introduction Erland Jonsson Department of Computer Science and Engineering Chalmers University of Technology.
Modeling (Chap. 2) Modern Information Retrieval Spring 2000.

Modeling (Chap. 2) Modern Information Retrieval Spring 2000.

Similar presentations

Ads by Google