Visible to the public A Hypothesis Testing Framework for Network SecurityConflict Detection Enabled

TitleA Hypothesis Testing Framework for Network Security
Publication TypePresentation
Year of Publication2015
AuthorsBrighten Godfrey, University of Illions at Urbana-Champagin, Anduo Wang, Temple University, Dong Jin, Illinois Institute of Technology, Jason Croft, University of Illinois at Urbana-Champaign, Matthew Caesar, University of Illinois at Urbana-Champaign
KeywordsA Hypothesis Testing Framework for Network Security, Network security, network verification, NSA SoS Lablets Materials, science of security, UIUC
Abstract

We rely on network infrastructure to deliver critical services and ensure security. Yet networks today have reached a level of complexity that is far beyond our ability to have confidence in their correct behavior - resulting in significant time investment and security vulnerabilities that can cost millions of dollars, or worse. Motivated by this need for rigorous understanding of complex networks, I will give an overview of our or Science of Security lablet project, A Hypothesis Testing Framework for Network Security.

First, I will discuss the emerging field of network verification, which transforms network security by rigorously checking that intended behavior is correctly realized across the live running network. Our research developed a technique called data plane verification, which has discovered problems in operational environments and can verify hypotheses and security policies with millisecond-level latency in dynamic networks. In just a few years, data plane verification has moved from early research prototypes to production deployment. We have built on this technique to reason about hypotheses even under the temporal uncertainty inherent in a large distributed network. Second, I will discuss a new approach to reasoning about networks as databases that we can query to determine answers to behavioral questions and to actively control the network. This talk will span work by a large group of folks, including Anduo Wang, Wenxu an Zhou, Dong Jin, Jason Croft, Matthew Caesar, Ahmed Khurshid, and Xuan Zou.

Notes

Presented at the Illinois ITI Joint Trust and Security/Science of Security Seminar, September 15, 2015.

URLhttps://recordings.engineering.illinois.edu:8443/ess/echo/presentation/dd935ea1-57b9-4ad6-8253-dae71...
Citation Keynode-29753

Other available formats:

09152015 Godfrey slides.pdf