Doctorate thesis defense of Amina Saâdaoui

Committee

Abstract

The widely used equipment for the network Security are firewalls and intrusion detection systems (IDSs). Therefore their good configuration is a requirement to guarantee that they do their work efficiently. In this context, any conflict or inconsistencies that arise in these configurations create ambiguity in classification of new traffic, not only affecting their performance, but also putting the system in a vulnerable position. Recently, in the same context Software-Defined Networking (SDN) was suggested to overcome the limitations of conventional network architecture, which is inflexible compared to the server environment. SDN brings a significant flexibility and visibility to networking but at the same time creates new security challenges such as devices misconfigurations. Manual management of security equipment misconfigurations can be overwhelming and potentially inaccurate. Therefore, there is a need of automated methods to analyze, detect and fix misconfigurations. The purpose of this dissertation is to deal with this problem. Based on the insights gained from the literature, we have designed new techniques to tackle this problematic from several angles. Four solutions have been proposed: (1) Firewall configuration verification approach: we propose a new technique to allow the automatic detection and correction of single and distributed firewalls misconfigurations using a data structure (FDD: Firewall Decision Diagram). (2) IDS Configuration Anomalies discovering approach: we propose a new method that allows to discover anomalies between IDS rules in an automatic manner. Our detection approach is totally automatic and allows an optimal optimization of IDS rules by removing automatically redundant rules. (3) SDN Configurations verification approach: we propose a new approach to automatically identify Flow-tables anomalies in SDN environment, using the Firewall to bring out real misconfigurations and proposing automatic method to deal with set-field action of flow entries. (4) Security Equipment Advisor: A tool that automates and implements proposed techniques. Our tool provides initial results on the speed and accuracy of the proposed techniques to discover and resolve security equipment misconfigurations in real-world conditions. All proposed techniques have been implemented and opposed to related work we proved the correctness of our method and demonstrated its applicability and scalability.

Keywords :

Firewall, Security Policy, IDS, FDD, misconfiguration, anomalies, OpenFlow, automatic verification.