Date post: | 17-Jan-2016 |
Category: |
Documents |
Upload: | bartholomew-evans |
View: | 213 times |
Download: | 0 times |
A Virtual Network Topology Security Assessment Process
Presented by Rich Goyette
23-04-21 1
Overview
• Motivation• Virtual Network Concept• Security Model Development• Assessment Process Summary• An Example• Conclusions and Future Work
23-04-21 2
Motivation
• Network Virtualization: Trust and Security challenges.
• Security is hard to quantify. – Expert judgement is an alternative but:
• Time and labour intensive;• Inconsistent;
• Our approach – model expert judgement:– Repeatable;– Uses available VNet attributes.
23-04-21 3
Concept of Virtual Networks
Logical Plane
Physical Plane
Service Provider(SP)
Requirements
Virtual Network Provider (VNP)
InfrastructureProvider 1 (InP 1)
InfrastructureProvider 2 (InP 2)
InfrastructureProvider 3 (InP 3)Attribute Search
and Comparison
23-04-21 4
VNet Attributes are Key!
Each physical network element (node and link) has attributes.
Attributes are stored in resource discovery framework.
RDFRDF
We use the attribute values to characterize VNet security.
23-04-21 5
How We Model Expert Judgement
• For each network element (nodes, links), expert judgement of security is modeled using the additive form of multi-attribute value function:
xi: A security relevant attribute (operating system, media type, etc.). v(xi): A value function for a single attribute xi.
x: A vector of attributes {x1, x2, … xj} for an element.δi: A scaling constant for attribute xi.V(x): An expert value function for attribute vector x.
(V(x) is the security value of a node or link with attributes x).23-04-21 6
Some Conditions
• The additive form is only valid when attributes are mutually preference independent;
• A line of questioning is needed for attribute independence testing following attribute selection.
Example Alternatives Independent?
Computer selection [1TB, 2GHz, 1GB][1TB, 4GHz, 1GB]
Yes
Dinner selection [Potato, Fish, White][Potato, Beef, White]
No
23-04-21 7
Decision Support Tools
• We use MACBETH (Measuring Attractiveness by a Categorical Based Evaluation Technique) to illustrate the development of value functions and scaling constants.
• Other methods can be used by the must result in measurable value functions on an ordinal scale.
23-04-21 8
Single Attribute Value Functions
• Assume we are considering a Link network element with respect to confidentiality.
• Link confidentiality can be characterized by:– Channel Mode (CM)– Encryption (ENC)– Media Type (MT)
23-04-21 9
Single Attribute Value Functions
• “In your professional judgement, with respect to confidentiality, what is your strength of preference for fiber over wireless media?”
• “Twisted pair?”• “Coax?”
23-04-21 10
Single Attribute Value Functions
• Based on pairs comparison, a value function is proposed;
• Values are normalized between the best and worst cases on MACBETH proposed scale (pre-cardinal);
• Judges can adjust positions to some extent (cardinal).
23-04-21 11
Single Attribute Value Functions
• Encryption and Channel Mode value functions developed similarly;
23-04-21 12
Scaling Constant Development• Scaling constants in
MACBETH are developed using the same process.
• “Consider the worst case combination of these attributes with respect to confidentiality”
• “Characterize your strength of preference with respect to this case in going from {wireless, no encryption, no channels} to {fiber, no encryption, no channels}”
23-04-21 13
Scaling Constant Development
• MACBETH fills in remainder of weights and suggests scaling constants.
Security Value of Link i:
23-04-21 14
Security Value Aggregation
• We combine network element security values using the following simple aggregation model:
• The low value is included to manage “weakest link” concerns.
• We end up with a 3X2 matrix representing C, I, and A for VNet Nodes and Links.
23-04-21 15
Assessment Process Summary
Gather Security Experts
Gather Security Experts
Compute Attribute Value
Function
Compute Attribute Value
Function
Develop Attribute Value
Functions
Develop Attribute Value
Functions
Compute Security Value
for Element
Compute Security Value
for Element
Develop Element Value
Function
Develop Element Value
Function
Obtain Attribute Values
Obtain Attribute Values
Identify Relevant
Attributes
Identify Relevant
Attributes
For Each Element:For Each Element:
For Each Element in Topology:
For Each Element in Topology:
Identify all Types of VNet ElementIdentify all Types of VNet Element
Aggregate Security Values
Aggregate Security Values
Nodes and LinksMAVT
Model Generation
Model Application23-04-21 16
Example:Identify Relevant Attributes
23-04-21 17
Example: Develop Attribute Value Functions
23-04-21 18
Example: Develop Scaling Constants
23-04-21 19
Example:Evaluate Topology
23-04-21 20
Conclusions
• Our process is passive;• Our process compares current VNet security
to expert “best effort”;• Once our model is generated, security
assessment is relatively straightforward;• Model can be generated as a separate
business enterprise.
23-04-21 21
Future Work
• Gathering experts for model generation is problematic:– Time, schedule, frequency.– Dynamics of group decision making.
• Physical network components will change, migrate, and/or evolve.
• Providers will lie.
23-04-21 22