A Hypothesis Testing Framework for Network Security - July 2014

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s): P. Brighten Godfrey (UIUC)
Co-PI(s): Matthew Caesar, David Nicol, and Bill Sanders (UIUC), and Kevin Jin (Illinois Institute of Technology)
Researchers:

HARD PROBLEM(S) ADDRESSED

This project covers four hard problems:

* Scalability and composability
* Policy-governed secure collaboration
* Predictive security metrics
* Resilient architectures

PUBLICATIONS
Report papers written as a result of this research. Include title, authors, venue published/presented, and a short description or abstract. Also, please identify which hard problem(s) the publication addressed.

[1] Soudeh Ghorbani and Brighten Godfrey. Towards Correct Network Virtualization. To appear, ACM Workshop on Hot Topics in Software Defined Networks (HotSDN), August 2014.

ACCOMPLISHMENT HIGHLIGHTS

* The first step in network hypothesis testing is rigorous network modeling. We developed an initial design to model network behavior under timing uncertainty; that is, in a dynamic network, we will have only imperfect information about the exact time changes take place.

* We began investigation of how to model virtualized networks. A virtual network may be mapped onto a more complex physical network and behavior of the two may differ if the mapping is performed using simplistic techniques.
* We began to design new network models and algorithms for testing hypothesis related to general network-wide properties, such as reachability, end-to-end delay and throughput, and conducted preliminary experiments using VeriFlow, a system developed under our earlier SoS lablet, to inform our designs.