SLIDE 1
A Vulnerable Network!
Networks: explosion of unknown network elements à leave gaps for attacks
End-user devices Network functions Applications
2
Re Re-thinking Ne Network Security in the Presence of Unknown Ne - - PowerPoint PPT Presentation
Re Re-thinking Ne Network Security in the Presence of Unknown Ne - - PowerPoint PPT Presentation
Re Re-thinking Ne Network Security in the Presence of Unknown Ne Network Elements Soo-Jin Moon 4 th year Ph.D. Student Carnegie Mellon University Advisor: Vyas Sekar Research Area: Network Security A Vulnerable Network! Networks: explosion
SLIDE 2
SLIDE 3
A Vulnerable Network!
Networks: explosion of unknown network elements à leave gaps for attacks
End-user devices Network functions Applications
How do we secure networks composed of network elements whose security implications are unknown?
3
Motivating Question
SLIDE 4
Vision: Black-box Approach to Network Security
4
End-user devices Network functions Applications
- Automatically infer behavioral models (e.g., state machine)
- Automatically discover potential attack vectors
Limited access to code / binary
Methodologies
SLIDE 5
Vision: Black-box Approach to Network Security
5
End-user devices Network functions Applications
- Automatically infer behavioral models (e.g., state machine)
- Automatically discover potential attack vectors
Limited access to code / binary
From black-box observations Methodologies
SLIDE 6
Vision: Black-box Approach to Network Security
6
End-user devices Network functions Applications
- Automatic patching
- Verification and testing
- Understand adversaries’ capabilities à
Proactively mitigate adversaries from inferring the system
Limited access to code / binary
Purposes
SLIDE 7
My Work
7
Inferring the behavioral models of network elements
- Alembic: Black-box Model Inference for Stateful Network Functions.
(Under submission)
Discovering potential attack vectors
- AmpMap: Map of Amplification-Inducing Queries to Network Servers.