Verifiable Policy-defined Networking for Security Management

Dinesha Ranathunga, Matthew Roughan, Phil Kernick, Nick Falkner, Hung Nguyen, Marian Mihailescu, Michelle McClintock


A common goal in network-management is security. Reliable security requires confidence in the level of protection provided. But, many obstacles hinder reliable security management; most prominent is the lack of built-in verifiability in existing management paradigms. This shortfall makes it difficult to provide assurance that the expected security outcome is consistent pre- and post-deployment. Our research tackles the problem from first principles: we identify the verifiability requirements of robust security management, evaluate the limitations of existing paradigms and propose a new paradigm with verifi- ability built in: Formally-Verifiable Policy-Defined Networking (FV-PDN). In particular, we pay attention to firewalls which protect network data and resources from unauthorised access. We show how FV-PDN can be used to configure firewalls reliably in mission critical networks to protect them from cyber attacks.


  1. Anderson, C. J., Foster, N., Guha, A., Jeannin, J.-B., Kozen, D., Schlesinger, C., and Walker, D. (2014). NetKAT: Semantic foundations for networks. ACM SIGPLAN Notices, 49(1):113-126.
  2. ANSI/ISA-62443-1-1 (2007). Security for industrial automation and control systems part 1-1: Terminology, concepts, and models.
  3. Bartal, Y., Mayer, A., Nissim, K., and Wool, A. (2004). Firmato: A novel firewall management toolkit. ACM TOCS, 22(4):381-420.
  4. BBC (2014). Hack attack causes 'massive damage' at steel works,
  5. Bhattacharjee, S., Calvert, K. L., and Zegura, E. W. (1997). An architecture for Active Networking. In High Performance Networking VII, pages 265-279. Springer.
  6. Byres, E., Karsch, J., and Carter, J. (2005). Good practice guide on firewall deployment for SCADA and process control networks. NISCC.
  7. Caesar, M., Caldwell, D., Feamster, N., Rexford, J., Shaikh, A., and van der Merwe, J. (2005). Design and implementation of a routing control platform. In USENIX NSDI, pages 15-28.
  8. Casado, M., Garfinkel, T., Akella, A., Freedman, M. J., Boneh, D., McKeown, N., and Shenker, S. (2006). SANE: A protection architecture for enterprise networks. In Usenix Security, pages 137-151.
  9. Cisco Systems Inc. (1998). Delivering end-to-end security in policy based systems. Technical Report.
  10. Cisco Systems Inc. (2010). Cisco ASA 5500 Series Configuration Guide using the CLI.
  11. Cleder Machado, C., Araujo Wickboldt, J., Zambenedetti Granville, L., and Schaeffer-Filho, A. (2015). Policy authoring for software-defined networking management. In IEEE IM, pages 216-224.
  12. Cohen, R., Barabash, K., Rochwerger, B., Schour, L., Crisan, D., Birke, R., Minkenberg, C., Gusat, M., Recio, R., and Jain, V. (2013). An intent-based approach for network virtualization. In IEEE IM, pages 42-50.
  13. Coots, J. F. and Gillespie, H. (1934). Santa Claus is Comin' to Town. Leo Feist Pub 6752-4, NY.
  14. Cranor, L., Langheinrich, M., Marchiori, M., PreslerMarshall, M., and Reagle, J. (2002). The platform for privacy preferences (P3P1. 0) specification. W3C.
  15. Di Vimercati, S., Foresti, S., Jajodia, S., and Samarati, P. (2007a). Access control policies and languages in open environments. In Secure Data Management in Decentralized Systems, pages 21-58. Springer.
  16. Di Vimercati, S., Foresti, S., Samarati, P., and Jajodia, S. (2007b). Access control policies and languages. IJCSE, 3(2):94-102.
  17. Endres, A. (1975). An analysis of errors and their causes in system programs. In ACM SIGPLAN Notices, volume 10, pages 327-336.
  18. Feamster, N., Balakrishnan, H., Rexford, J., Shaikh, A., and Van Der Merwe, J. (2004). The case for separating routing from routers. In ACM FDNA, pages 5-12.
  19. Feamster, N., Rexford, J., and Zegura, E. (2013). The road to SDN. Queue.
  20. Gupta, M., Sommers, J., and Barford, P. (2013). Fast, accurate simulation for SDN prototyping. In ACM HotSDN, pages 31-36.
  21. Hall, M. (2003). Understanding the file system architecture in Windows CE .NET,
  22. Han, W. (2012). A survey on policy languages in network and security management. pages 477-489. Elsevier.
  23. Jackson, D. (2011). Software Abstractions: Logic, Language, and Analysis. The MIT Press.
  24. Jajodia, S. and Samarati, P. (1997). A logical language for expressing authorizations. In IEEE S&P, pages 31-42.
  25. Kagal, L. (2002). Rei: a policy language for the Me-Centric project. HP Labs.
  26. Knight, S., Nguyen, H., Maennel, O., Phillips, I., Falkner, N., Bush, R., and Roughan, M. (2013). An automated system for emulated network experimentation. In ACM CoNEXT, pages 235-246.
  27. Lakshman, T., Nandagopal, T., Ramjee, R., and Woo, T. (2004). The softrouter architecture. ACM HotNets.
  28. Libes, D. (1995). Exploring Expect: A Tcl-based toolkit for automating interactive programs. O'Reilly.
  29. Liu, A. X. and Gouda, M. G. (2008). Diverse firewall design. IEEE TPDS, pages 1237-1251.
  30. Magedanz, T. and Popescu-Zeletin, R. (1996). Intelligent Networks: Basic Technology, Standards and Evolution. Thompson Computer Press.
  31. McKendrick, J. (2006). Another view:XML not meant to be human readable,
  32. McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., and Turner, J. (2008). OpenFlow: enabling innovation in campus networks. ACM SIGCOMM CCR, 38(2):69-74.
  33. OASIS (2016). OASIS Extensible Access Control Markup Language (XACML) version 3.0.
  34. Peterson, L., Anderson, T., Blumenthal, D., et al. (2006). GENI: Global Environment for Network Innovations,
  35. Prakash, C., Lee, J., Turner, Y., Kang, J.-M., Akella, A., Clark, C., Ma, Y., and Sharma, P. (2015). PGA: Using graphs to express and automatically reconcile network policies. In ACM SIGCOMM, pages 29-42.
  36. Ranathunga, D., Roughan, M., Kernick, P., and Falkner, N. (2015a). Towards standardising firewall reporting. In WOS-CPS. Springer LNCS.
  37. Ranathunga, D., Roughan, M., Kernick, P., and Falkner, N. (2016). Malachite: Firewall policy comparison. In IEEE ISCC.
  38. Ranathunga, D., Roughan, M., Kernick, P., Falkner, N., and Nguyen, H. (2015b). Identifying the missing aspects of the ANSI/ISA best practices for security policy. In ACM CPSS, pages 37-48.
  39. Reich, J., Monsanto, C., Foster, N., Rexford, J., and Walker, D. Modular SDN programming with Pyretic. Technical Report of USENIX, pages 40-47.
  40. Rubin, A. D. and Geer, D. E. (1998). A survey of Web security. IEEE Computer, pages 34-41.
  41. Soulé, R., Basu, S., Marandi, P. J., Pedone, F., Kleinberg, R., Sirer, E. G., and Foster, N. (2014). Merlin: A language for provisioning network resources. In ACM CoNEXT, pages 213-226.
  42. Stoneburner, G., Goguen, A. Y., and Feringa, A. (2002). Risk management guide for information technology systems. NIST Special Publication, 800(30).
  43. Stouffer, K., Falco, J., and Scarfone, K. (2008). Guide to Industrial Control Systems (ICS) security. NIST Special Publication, 800(82).
  44. Strassner, J. and Schleimer, S. (1998). Policy framework definition language. Internet Draft, IETF.
  45. Tao, H. (2005). A XACML-based access control model for Web service. In IEEE WiCOM, pages 1140-1144.
  46. Tennenhouse, D. L., Smith, J. M., Wetherall, D. J., and Minden, G. J. (1997). A survey of active network research. IEEE Communications Magazine, (1):80-86.
  47. Twidle, K., Dulay, N., Lupu, E., and Sloman, M. (2009). Ponder2: A policy system for autonomous pervasive environments. In ICAS, pages 330-335.
  48. Vacante, R. C. and Houck, P. T. (2003). Testing of policy prior to deployment in a policy-based network management system. US Patent 6,651,191.
  49. Vahdat, A., Clark, D., and Rexford, J. (2015). A purposebuilt global network: Google's move to SDN. Queue.
  50. Verkaik, P., Pei, D., Scholl, T., Shaikh, A., Snoeren, A. C., and Van Der Merwe, J. E. (2007). Wresting control from BGP: Scalable fine-grained route control. In USENIX ATC, pages 295-308.
  51. Verma, D. C. (2002). Simplifying network administration using policy-based management. IEEE Network, 16(2):20-26.
  52. Wetherall, D. (1999). ANTS: network services without the red tape. IEEE Computer, pages 42-48.
  53. Wijnen, B. (2015). Intent Based Network Modeling (IBNEMO),
  54. Wool, A. (2004). A quantitative study of firewall configuration errors. IEEE Computer, 37(6):62-67.

Paper Citation

in Harvard Style

Ranathunga D., Roughan M., Kernick P., Falkner N., Nguyen H., Mihailescu M. and McClintock M. (2016). Verifiable Policy-defined Networking for Security Management . In Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016) ISBN 978-989-758-196-0, pages 344-351. DOI: 10.5220/0005990303440351

in Bibtex Style

author={Dinesha Ranathunga and Matthew Roughan and Phil Kernick and Nick Falkner and Hung Nguyen and Marian Mihailescu and Michelle McClintock},
title={Verifiable Policy-defined Networking for Security Management},
booktitle={Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)},

in EndNote Style

JO - Proceedings of the 13th International Joint Conference on e-Business and Telecommunications - Volume 4: SECRYPT, (ICETE 2016)
TI - Verifiable Policy-defined Networking for Security Management
SN - 978-989-758-196-0
AU - Ranathunga D.
AU - Roughan M.
AU - Kernick P.
AU - Falkner N.
AU - Nguyen H.
AU - Mihailescu M.
AU - McClintock M.
PY - 2016
SP - 344
EP - 351
DO - 10.5220/0005990303440351