Preserving confidentiality during the migration of virtual SDN topologies: A formal approach

Fabien Charmet; Richard Waldinger; Gregory Blanc; Christophe Kiennert; Khalifa Toumi

doi:10.1109/NCA.2017.8171392

Preserving confidentiality during the migration of virtual SDN topologies: A formal approach

Fabien Charmet
, Richard Waldinger
, Gregory Blanc
, Christophe Kiennert
, Khalifa Toumi

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Network virtualization provides a flexible solution to reduce costs, share network resources and improve recovery time upon failure. An important part of virtual network management consists in migrating them in order to optimize resource allocation and react to link failures. However, the migration process might entail the loss of security properties in the virtual network, such as confidentiality. In this paper, we present the first approach combining formal models and virtualization to prove confidentiality preservation during the migration process. We describe the network environment, the migration process and the confidentiality with a set of logical predicates that will be used by SNARK to obtain the formal proof of the preservation. We validate our theoretical approach by exhibiting confidentiality violation detection on an illustrative use case.

Original language	English
Title of host publication	2017 IEEE 16th International Symposium on Network Computing and Applications, NCA 2017
Editors	Dimiter R. Avresky, Aris Gkoulalas-Divanis, Dimiter R. Avresky, Miguel P. Correia
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	1-5
Number of pages	5
ISBN (Electronic)	9781538614655
DOIs	https://doi.org/10.1109/NCA.2017.8171392
Publication status	Published - 8 Dec 2017
Externally published	Yes
Event	16th IEEE International Symposium on Network Computing and Applications, NCA 2017 - Cambridge, United States Duration: 30 Oct 2017 → 1 Nov 2017

Publication series

Name	2017 IEEE 16th International Symposium on Network Computing and Applications, NCA 2017
Volume	2017-January

Conference

Conference	16th IEEE International Symposium on Network Computing and Applications, NCA 2017
Country/Territory	United States
City	Cambridge
Period	30/10/17 → 1/11/17

Keywords

Formal verification
Intrusion detection
Network security
Software defined networking

Access to Document

10.1109/NCA.2017.8171392

Cite this

Charmet, F., Waldinger, R., Blanc, G., Kiennert, C., & Toumi, K. (2017). Preserving confidentiality during the migration of virtual SDN topologies: A formal approach. In D. R. Avresky, A. Gkoulalas-Divanis, D. R. Avresky, & M. P. Correia (Eds.), 2017 IEEE 16th International Symposium on Network Computing and Applications, NCA 2017 (pp. 1-5). (2017 IEEE 16th International Symposium on Network Computing and Applications, NCA 2017; Vol. 2017-January). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/NCA.2017.8171392

Charmet, Fabien ; Waldinger, Richard ; Blanc, Gregory et al. / Preserving confidentiality during the migration of virtual SDN topologies : A formal approach. 2017 IEEE 16th International Symposium on Network Computing and Applications, NCA 2017. editor / Dimiter R. Avresky ; Aris Gkoulalas-Divanis ; Dimiter R. Avresky ; Miguel P. Correia. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 1-5 (2017 IEEE 16th International Symposium on Network Computing and Applications, NCA 2017).

@inproceedings{d018d04656b24791bd4906e5164ecb00,

title = "Preserving confidentiality during the migration of virtual SDN topologies: A formal approach",

abstract = "Network virtualization provides a flexible solution to reduce costs, share network resources and improve recovery time upon failure. An important part of virtual network management consists in migrating them in order to optimize resource allocation and react to link failures. However, the migration process might entail the loss of security properties in the virtual network, such as confidentiality. In this paper, we present the first approach combining formal models and virtualization to prove confidentiality preservation during the migration process. We describe the network environment, the migration process and the confidentiality with a set of logical predicates that will be used by SNARK to obtain the formal proof of the preservation. We validate our theoretical approach by exhibiting confidentiality violation detection on an illustrative use case.",

keywords = "Formal verification, Intrusion detection, Network security, Software defined networking",

author = "Fabien Charmet and Richard Waldinger and Gregory Blanc and Christophe Kiennert and Khalifa Toumi",

note = "Publisher Copyright: {\textcopyright} 2017 IEEE.; 16th IEEE International Symposium on Network Computing and Applications, NCA 2017 ; Conference date: 30-10-2017 Through 01-11-2017",

year = "2017",

month = dec,

day = "8",

doi = "10.1109/NCA.2017.8171392",

language = "English",

series = "2017 IEEE 16th International Symposium on Network Computing and Applications, NCA 2017",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "1--5",

editor = "Avresky, \{Dimiter R.\} and Aris Gkoulalas-Divanis and Avresky, \{Dimiter R.\} and Correia, \{Miguel P.\}",

booktitle = "2017 IEEE 16th International Symposium on Network Computing and Applications, NCA 2017",

}

Charmet, F, Waldinger, R, Blanc, G , Kiennert, C & Toumi, K 2017, Preserving confidentiality during the migration of virtual SDN topologies: A formal approach. in DR Avresky, A Gkoulalas-Divanis, DR Avresky & MP Correia (eds), 2017 IEEE 16th International Symposium on Network Computing and Applications, NCA 2017. 2017 IEEE 16th International Symposium on Network Computing and Applications, NCA 2017, vol. 2017-January, Institute of Electrical and Electronics Engineers Inc., pp. 1-5, 16th IEEE International Symposium on Network Computing and Applications, NCA 2017, Cambridge, United States, 30/10/17. https://doi.org/10.1109/NCA.2017.8171392

Preserving confidentiality during the migration of virtual SDN topologies: A formal approach. / Charmet, Fabien; Waldinger, Richard; Blanc, Gregory et al.
2017 IEEE 16th International Symposium on Network Computing and Applications, NCA 2017. ed. / Dimiter R. Avresky; Aris Gkoulalas-Divanis; Dimiter R. Avresky; Miguel P. Correia. Institute of Electrical and Electronics Engineers Inc., 2017. p. 1-5 (2017 IEEE 16th International Symposium on Network Computing and Applications, NCA 2017; Vol. 2017-January).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Preserving confidentiality during the migration of virtual SDN topologies

T2 - 16th IEEE International Symposium on Network Computing and Applications, NCA 2017

AU - Charmet, Fabien

AU - Waldinger, Richard

AU - Blanc, Gregory

AU - Kiennert, Christophe

AU - Toumi, Khalifa

PY - 2017/12/8

Y1 - 2017/12/8

N2 - Network virtualization provides a flexible solution to reduce costs, share network resources and improve recovery time upon failure. An important part of virtual network management consists in migrating them in order to optimize resource allocation and react to link failures. However, the migration process might entail the loss of security properties in the virtual network, such as confidentiality. In this paper, we present the first approach combining formal models and virtualization to prove confidentiality preservation during the migration process. We describe the network environment, the migration process and the confidentiality with a set of logical predicates that will be used by SNARK to obtain the formal proof of the preservation. We validate our theoretical approach by exhibiting confidentiality violation detection on an illustrative use case.

AB - Network virtualization provides a flexible solution to reduce costs, share network resources and improve recovery time upon failure. An important part of virtual network management consists in migrating them in order to optimize resource allocation and react to link failures. However, the migration process might entail the loss of security properties in the virtual network, such as confidentiality. In this paper, we present the first approach combining formal models and virtualization to prove confidentiality preservation during the migration process. We describe the network environment, the migration process and the confidentiality with a set of logical predicates that will be used by SNARK to obtain the formal proof of the preservation. We validate our theoretical approach by exhibiting confidentiality violation detection on an illustrative use case.

KW - Formal verification

KW - Intrusion detection

KW - Network security

KW - Software defined networking

U2 - 10.1109/NCA.2017.8171392

DO - 10.1109/NCA.2017.8171392

M3 - Conference contribution

AN - SCOPUS:85046536641

T3 - 2017 IEEE 16th International Symposium on Network Computing and Applications, NCA 2017

SP - 1

EP - 5

BT - 2017 IEEE 16th International Symposium on Network Computing and Applications, NCA 2017

A2 - Avresky, Dimiter R.

A2 - Gkoulalas-Divanis, Aris

A2 - Avresky, Dimiter R.

A2 - Correia, Miguel P.

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 30 October 2017 through 1 November 2017

ER -

Charmet F, Waldinger R, Blanc G , Kiennert C, Toumi K. Preserving confidentiality during the migration of virtual SDN topologies: A formal approach. In Avresky DR, Gkoulalas-Divanis A, Avresky DR, Correia MP, editors, 2017 IEEE 16th International Symposium on Network Computing and Applications, NCA 2017. Institute of Electrical and Electronics Engineers Inc. 2017. p. 1-5. (2017 IEEE 16th International Symposium on Network Computing and Applications, NCA 2017). doi: 10.1109/NCA.2017.8171392

Preserving confidentiality during the migration of virtual SDN topologies: A formal approach

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this