A Virtual Network Topology Security Assessment Process

Presented by Rich Goyette

23-04-21 1

Overview

• Motivation• Virtual Network Concept• Security Model Development• Assessment Process Summary• An Example• Conclusions and Future Work

23-04-21 2

Motivation

• Network Virtualization: Trust and Security challenges.

• Security is hard to quantify. – Expert judgement is an alternative but:

• Time and labour intensive;• Inconsistent;

• Our approach – model expert judgement:– Repeatable;– Uses available VNet attributes.

23-04-21 3

Concept of Virtual Networks

Logical Plane

Physical Plane

Service Provider(SP)

Requirements

Virtual Network Provider (VNP)

InfrastructureProvider 1 (InP 1)

InfrastructureProvider 2 (InP 2)

InfrastructureProvider 3 (InP 3)Attribute Search

and Comparison

23-04-21 4

VNet Attributes are Key!

Each physical network element (node and link) has attributes.

Attributes are stored in resource discovery framework.

RDFRDF

We use the attribute values to characterize VNet security.

23-04-21 5

How We Model Expert Judgement

• For each network element (nodes, links), expert judgement of security is modeled using the additive form of multi-attribute value function:

xi: A security relevant attribute (operating system, media type, etc.). v(xi): A value function for a single attribute xi.

x: A vector of attributes {x1, x2, … xj} for an element.δi: A scaling constant for attribute xi.V(x): An expert value function for attribute vector x.

(V(x) is the security value of a node or link with attributes x).23-04-21 6

Some Conditions

• The additive form is only valid when attributes are mutually preference independent;

• A line of questioning is needed for attribute independence testing following attribute selection.

Example Alternatives Independent?

Computer selection [1TB, 2GHz, 1GB][1TB, 4GHz, 1GB]

Yes

Dinner selection [Potato, Fish, White][Potato, Beef, White]

No

23-04-21 7

Decision Support Tools

• We use MACBETH (Measuring Attractiveness by a Categorical Based Evaluation Technique) to illustrate the development of value functions and scaling constants.

• Other methods can be used by the must result in measurable value functions on an ordinal scale.

23-04-21 8

Single Attribute Value Functions

• Assume we are considering a Link network element with respect to confidentiality.

• Link confidentiality can be characterized by:– Channel Mode (CM)– Encryption (ENC)– Media Type (MT)

23-04-21 9

Single Attribute Value Functions

• “In your professional judgement, with respect to confidentiality, what is your strength of preference for fiber over wireless media?”

• “Twisted pair?”• “Coax?”

23-04-21 10

Single Attribute Value Functions

• Based on pairs comparison, a value function is proposed;

• Values are normalized between the best and worst cases on MACBETH proposed scale (pre-cardinal);

• Judges can adjust positions to some extent (cardinal).

23-04-21 11

Single Attribute Value Functions

• Encryption and Channel Mode value functions developed similarly;

23-04-21 12

Scaling Constant Development• Scaling constants in

MACBETH are developed using the same process.

• “Consider the worst case combination of these attributes with respect to confidentiality”

• “Characterize your strength of preference with respect to this case in going from {wireless, no encryption, no channels} to {fiber, no encryption, no channels}”

23-04-21 13

Scaling Constant Development

• MACBETH fills in remainder of weights and suggests scaling constants.

Security Value of Link i:

23-04-21 14

Security Value Aggregation

• We combine network element security values using the following simple aggregation model:

• The low value is included to manage “weakest link” concerns.

• We end up with a 3X2 matrix representing C, I, and A for VNet Nodes and Links.

23-04-21 15

Assessment Process Summary

Gather Security Experts

Gather Security Experts

Compute Attribute Value

Function

Compute Attribute Value

Function

Develop Attribute Value

Functions

Develop Attribute Value

Functions

Compute Security Value

for Element

Compute Security Value

for Element

Develop Element Value

Function

Develop Element Value

Function

Obtain Attribute Values

Obtain Attribute Values

Identify Relevant

Attributes

Identify Relevant

Attributes

For Each Element:For Each Element:

For Each Element in Topology:

For Each Element in Topology:

Identify all Types of VNet ElementIdentify all Types of VNet Element

Aggregate Security Values

Aggregate Security Values

Nodes and LinksMAVT

Model Generation

Model Application23-04-21 16

Example:Identify Relevant Attributes

23-04-21 17

Example: Develop Attribute Value Functions

23-04-21 18

Example: Develop Scaling Constants

23-04-21 19

Example:Evaluate Topology

23-04-21 20

Conclusions

• Our process is passive;• Our process compares current VNet security

to expert “best effort”;• Once our model is generated, security

assessment is relatively straightforward;• Model can be generated as a separate

business enterprise.

23-04-21 21

Future Work

• Gathering experts for model generation is problematic:– Time, schedule, frequency.– Dynamics of group decision making.

• Physical network components will change, migrate, and/or evolve.

• Providers will lie.

23-04-21 22