APAN Home

 Network Security Workshop
 Chairman :  Yoshiaki Kasahara <kasahara@nc.kyushu-u.ac.jp>
 Yasuichi Kitamura <kita@jp.apan.net>
 Objectives :  
  1. To raise the security awareness and knowledge within APAN community.
  2. To exchange experience and knowledge in network security technologies and issues.
  3. To cooperate with other international security efforts to raise security awareness, capabilities and interoperation globally.
 Security related topics includes protection of the physical, intellectual, and electronic assets of the APAN and other network, including its security policies, network access controls, virus protection, network administration, auditing, and transaction security.


 Target Audience :  Researchers, Scientists, Network Engineers
 Expected Number of Participants :  40
 Agenda :  

Session Chair: Yoshiaki Kasahara

1. Tutorial: High Speed Network Traffic Analysis for Security: Challenges and Approaches (60 min)


Presented by: C-DAC, Electronics City, Bangalore

Abstract
Wide scale deployment of High Speed Network (HSN) Infrastructure across the globe motivates various user communities going online. Along with E-Science and education HSN is being utilized by mission critical applications such as SCADA, Health, etc., In parallel, compute and storage resources are also becoming common over HSN deployments. Combination of High-Speed Networks and Compute & Storage opens up concerns related to security. New protocols, middle ware and applications demands HPN specific security analysis. This tutorial firstly tables open areas of research related to security in HSN and secondly brings out possible approaches to address some of the challenges.

Specific challenges related to security analysis include ensuring throughput and latency, handling new attacks against evolving applications & protocols, intelligent data analysis and behavior modeling etc. Detailed discussions on key security challenges and approaches in HSN due to number of packets & sessions, attack signatures, protocols, Stream reassembly, and deep packet inspection shall be carried out.

Participants of this tutorial would be able to understand the specific research challenges and open issues in security analysis over High Speed Network. They would be introduced to tools, methods, development environment to carry out high speed security analysis.

Goal and Objectives:
The objective of the proposed tutorial is to provide an in-depth understanding of different approaches for carrying out security analysis in High-Speed Networking environment.

Scope:
This tutorial will be suitable for academicians and practitioners with exposure to High Speed Network.

Teaching Method:
It is proposed to be organized as an hour long session divided into to two parts of 30 minutes each as given below.

Session-1 (30 min)

Title: High Speed Network Traffic Analysis for Security: State of Art Research, Challenges and Open issues.   Presentation Slides

[ International Research, problem statements and open issues will be discussed ]
Speaker: Subramanian N, Senior Research Scientist, C-DAC

Session-2 (30 min)

Title: Multicore Based Packet Splitting Approaches for High Speed Network Security   Presentation Slides

[ Practical insight and possible code walk through and demo ]
Speaker: Muraleedharan N, Senior Staff Scientist, C-DAC


2. Carving Rule-based Filters within a Spatio-Temporal Logic for Dynamic Firewalls (30 min)

  Presentation Slides
Presented by: Shyamanta M Hazarika, Tezpur University, India

Abstract
Firewalls are the frontier defense in network security, filtering out unwanted packets coming from or going to the secured network. Filtering is rule-based; in essence firewall is a set of ordered filtering rules configured primarily based on predefined security policy.

There are implementations supporting dynamism in firewall products and services. Some of those implementations use session related information as a mechanism for adaptation. Few of the existing products support the implementation of dynamic firewall by applying the static rules dynamically to the interfaces. There are few or no implementations, which support a well-defined mechanism for adaptation and conducting a through verification and validation of the dynamically created rules. An adaptive firewall must be able to learn and devise new rules based on the history information of the attackers and the log information provided by other defense mechanisms such as IDS/IPS. In order to design and develop a firewall that in turn provides adaptive mechanisms as well as dynamically create new firewall rules, there is a necessity of a mechanism to ensure the consistency and validation of such rules. This is what is proposed to be done within a spatiotemporal logic.

Rule includes a condition which is a set of network fields. Conditions can be seen as points in a finite discrete space; consequently, rules can be seen as 'spatial' regions carved out of this space of points. Rules are applied sequentially. Such sequential order of rules is 'temporal'. Herein is the appeal for characterizing rule-based filters within a spatio-temporal logic. Exploiting logics from qualitative spatio-temporal reasoning, we present an approach to carving rule-based filters within a spatio-temporal logic ST0.

Filtering policy within a firewall is dependent on the ordering of filtering rules. Note that for a set of completely disjoint filter rules, the ordering is insignificant. This is not usually the case and therefore ordering is important. Else, some rules may be always 'screened' by other rules producing an incorrect policy. Further, as number of rules increases, there is possibility of generating conflicting or redundant rules. Intra-firewall policy anomaly is the existence of two or more filtering rules that may match the same packet or existence of a rule that can never match any packet that cross the firewall. Anomalies are properties of filters that hint at possible misconfiguration and have been well studied in the literature. An intra-firewall policy anomaly results from misconfiguration and need to be detected. The best known traditional anomaly detecting algorithms have been shown to run in time exponential in the number of filter rules. Rule relations and intra-network anomalies (that can exist among filtering rules) are ST0 definable spatio-temporal properties of a rule-based filter. Anomaly detection within such a framework is the model-checking problem of a ST0-formula. Elsewhere, it has been shown that the satisfiability problem for the languages ST0 in topological temporal models over various flows of time is decidable. If we consider the flow of time (N,<), then ST0 is PSPACE-complete. Thus anomaly detection here is not more expensive than the existing algorithms. Further, existing algorithms account for only subset of anomalies, model-checking covers all anomalies at once.

 Remarks :  

© Copyright 2009 - 2011 APAN | | Last updated: 23 June 2011