220 likes | 371 Vues
A Virtual Network Topology Security Assessment Process. Presented by Rich Goyette. Overview. Motivation Virtual Network Concept Security Model Development Assessment Process Summary An Example Conclusions and Future Work. Motivation.
E N D
A Virtual Network Topology Security Assessment Process Presented by Rich Goyette
Overview • Motivation • Virtual Network Concept • Security Model Development • Assessment Process Summary • An Example • Conclusions and Future Work
Motivation • Network Virtualization: Trust and Security challenges. • Security is hard to quantify. • Expert judgement is an alternative but: • Time and labour intensive; • Inconsistent; • Our approach – model expert judgement: • Repeatable; • Uses available VNet attributes.
Concept of Virtual Networks Service Provider (SP) Virtual Network Provider (VNP) Logical Plane Requirements Physical Plane Infrastructure Provider 1 (InP 1) Infrastructure Provider 2 (InP 2) Infrastructure Provider 3 (InP 3) Attribute Search and Comparison
VNet Attributes are Key! Each physical network element (node and link) has attributes. Attributes are stored in resource discovery framework. We use the attribute values to characterize VNet security. RDF
How We Model Expert Judgement • For each network element (nodes, links), expert judgement of security is modeled using the additive form of multi-attribute value function: xi: A security relevant attribute (operating system, media type, etc.). v(xi): A value function for a single attribute xi. x: A vector of attributes {x1, x2, … xj} for an element. δi: A scaling constant for attribute xi. V(x): An expert value function for attribute vector x. (V(x) is the security value of a node or link with attributes x).
Some Conditions • The additive form is only valid when attributes are mutually preference independent; • A line of questioning is needed for attribute independence testing following attribute selection.
Decision Support Tools • We use MACBETH (Measuring Attractiveness by a Categorical Based Evaluation Technique) to illustrate the development of value functions and scaling constants. • Other methods can be used by the must result in measurable value functions on an ordinal scale.
Single Attribute Value Functions • Assume we are considering a Link network element with respect to confidentiality. • Link confidentiality can be characterized by: • Channel Mode (CM) • Encryption (ENC) • Media Type (MT)
Single Attribute Value Functions • “In your professional judgement, with respect to confidentiality, what is your strength of preference for fiber over wireless media?” • “Twisted pair?” • “Coax?”
Single Attribute Value Functions • Based on pairs comparison, a value function is proposed; • Values are normalized between the best and worst cases on MACBETH proposed scale (pre-cardinal); • Judges can adjust positions to some extent (cardinal).
Single Attribute Value Functions • Encryption and Channel Mode value functions developed similarly;
Scaling Constant Development • Scaling constants in MACBETH are developed using the same process. • “Consider the worst case combination of these attributes with respect to confidentiality” • “Characterize your strength of preference with respect to this case in going from {wireless, no encryption, no channels} to {fiber, no encryption, no channels}”
Scaling Constant Development • MACBETH fills in remainder of weights and suggests scaling constants. Security Value of Link i:
Security Value Aggregation • We combine network element security values using the following simple aggregation model: • The low value is included to manage “weakest link” concerns. • We end up with a 3X2 matrix representing C, I, and A for VNet Nodes and Links.
Assessment Process Summary Model Generation Gather Security Experts MAVT Identify all Types of VNet Element Nodes and Links For Each Element: Identify Relevant Attributes Develop Attribute Value Functions Develop Element Value Function For Each Element in Topology: Obtain Attribute Values Compute Attribute Value Function Compute Security Value for Element Aggregate Security Values Model Application
Conclusions • Our process is passive; • Our process compares current VNet security to expert “best effort”; • Once our model is generated, security assessment is relatively straightforward; • Model can be generated as a separate business enterprise.
Future Work • Gathering experts for model generation is problematic: • Time, schedule, frequency. • Dynamics of group decision making. • Physical network components will change, migrate, and/or evolve. • Providers will lie.