Robustness-as-evolvability: building a dynamic control plane with Software-Defined Networking

Lead Research Organisation: University of Edinburgh
Department Name: Sch of Informatics

Abstract

Abstracts are not currently available in GtR for all funded research. This is normally because the abstract was not required at the time of proposal submission, but may be because it included sensitive information such as personal details.
 
Description Our findings concerned several new techniques to analyse complex networks used in data centres, to ensure that they are performing securely and efficiently.

First, we developed some new techniques for debugging or detecting security in datacenters based on analysing network activity between external devices ("edges"), without needing to employ increasingly complex methods necessary to inspect behaviour inside the network. These prevalent "in-network" methods are becoming complex and difficult to apply as the networking infrastructure itself becomes more complicated, they also impact performance. Our simpler model, demonstrated in a tool called PathDump, uses a sophisticated query language to provide much of the functionality of more complex in-network methods.

Second, also with the aim to provide more efficient analysis of networks and their design, we introduced a technique combining several mathematical models of covert channels in data centre networks. We exemplified the techniques by examining an attack called "sneak peak" where an insider leaks data to an attacker outside an organisation (but to hosts inside the same cloud data centre), by using a shared network connection to covertly send information, without directly contacting the attacker. The importance of the method is that it allows to analyse trade-offs between performance and mitigations implemented to thwart the attack. (The situation is a bit like the famous "Meltdown" and "Spectre" CPU vulnerabilities, but inside a datacentre rather than a CPU).
Exploitation Route We are building on our techniques with more research. In the future, our methods may be adopted by network engineers, network security analysts and designers, to help design and inspect complex networking infrastructures.
Sectors Digital/Communication/Information Technologies (including Software)

URL http://groups.inf.ed.ac.uk/security/RasE/publications/
 
Description Research Institute in Verified Trustworthy Software Systems (VeTSS)
Amount £654,850 (GBP)
Funding ID EP/P021921/1 
Organisation Engineering and Physical Sciences Research Council (EPSRC) 
Sector Public
Country United Kingdom
Start 03/2017 
End 02/2023
 
Title Software models of cloud computing data exfiltration attacks and defences 
Description The software was developed for a paper published in the conference IFIP 2018. It is made available for other researchers building on our work. 
Type Of Technology Software 
Year Produced 2018 
Open Source License? Yes  
Impact N/A 
URL http://groups.inf.ed.ac.uk/security/RasE/ifipsec18/