Secure Diagnostics and Forensics with Network Provenance / Ang Chen.

Chen, Ang, author.
[Philadelphia, Pennsylvania]: University of Pennsylvania ; Ann Arbor : ProQuest Dissertations & Theses, 2017.
1 online resource (166 pages)
Contained In:
Dissertation Abstracts International 79-01B(E).

Location Notes Your Loan Policy


Local subjects:
Computer science. (search)
Computer and Information Science -- Penn dissertations. (search)
Penn dissertations -- Computer and Information Science. (search)
System Details:
Mode of access: World Wide Web.
In large-scale networks, many things can go wrong: routers can be misconfigured, programs can be buggy, and computers can be compromised by an attacker. As a result, there is a constant need to perform network diagnostics and forensics. In this dissertation, we leverage the concept of provenance to build better support for diagnostic and forensic tasks. At a high level, provenance tracks causality between network states and events, and produces a detailed explanation of any event of interest, which makes it a good starting point for investigating network problems.
However, in order to use provenance for network diagnostics and forensics, several challenges need to be addressed. First, existing provenance systems cannot provide security properties on high-speed network traffic, because the cryptographic operations would cause enormous overhead when the data rates are high. To address this challenge, we design secure packet provenance, a system that comes with a novel lightweight security protocol, to maintain secure provenance with low overhead. Second, in large-scale distributed systems, the provenance of a network event can be quite complex, so it is still challenging to identify the problem root cause from the complex provenance. To address this challenge, we design differential provenance, which can identify a symptom event's root cause by reasoning about the differences between its provenance and the provenance of a similar "reference" event. Third, provenance can only explain why a current network state came into existence, but by itself, it does not reason about changes to the network state to fix a problem. To provide operators with more diagnostic support, we design causal networks -- a generalization of network provenance -- to reason about network repairs that can avoid undesirable side effects in the network. Causal networks can encode multiple diagnostic goals in the same data structure, and, therefore, generate repairs that satisfy multiple constraints simultaneously. We have applied these techniques to Software-Defined Networks, Hadoop MapReduce, as well as the Internet's data plane. Our evaluation with real-world traffic traces and network topologies shows that our systems can run with reasonable overhead, and that they can accurately identify root causes of practical problems and generate repairs without causing collateral damage.
Source: Dissertation Abstracts International, Volume: 79-01(E), Section: B.
Advisors: Andreas Haeberlen; Committee members: Zachary G. Ives; Vincent Liu; Boon T. Loo; Wenchao Zhou.
Department: Computer and Information Science.
Ph.D. University of Pennsylvania 2017.
Local notes:
School code: 0175
Haeberlen, Andreas, degree supervisor.
Zhou, Wenchao, degree committee member.
Loo, Boon T., degree committee member.
Liu, Vincent, degree committee member.
Ives, Zachary G., degree committee member.
University of Pennsylvania. Computer and Information Science, degree granting institution.
Access Restriction:
Restricted for use by site license.