Formal approach for resilient reachability based on end-system route agility

Usman Rauf; Fida Gillani; Ehab Al-Shaer; Mahantesh Halappanavar; Samrat Chatterjee; Christopher Oehmen

doi:10.1145/2995272.2995275

Formal approach for resilient reachability based on end-system route agility

Usman Rauf
, Fida Gillani
, Ehab Al-Shaer
, Mahantesh Halappanavar
, Samrat Chatterjee
, Christopher Oehmen

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

15 Scopus citations

Abstract

The deterministic nature of existing routing protocols has resulted into an ossified Internet with static and predictable network routes. This gives persistent attackers (e.g. eavesdroppers and DDoS attackers) plenty of time to study the network and identify the vulnerable (critical) links to plan devastating and stealthy attacks. Recently, Moving Target Defense (MTD) based approaches have been proposed to to defend against DoS attacks. However, MTD based approaches for route mutation are oriented towards reconfiguring the parameters in Local Area Networks (LANs), and do not provide any protection against infrastructure level attacks, which inherently limits their use for mission critical services over the Internet infrastructure. To cope with these issues, we extend the current routing architecture to consider end-hosts as routing elements, and present a formal method based agile defense mechanism to embed resiliency in the existing cyber infrastructure. The major contributions of this paper include: (1) formalization of efficient and resilient End to End (E2E) reachability problem as a constraint satisfaction problem, which identifies the potential end-hosts to reach a destination while satisfying resilience and QoS constraints, (2) design and implementation of a novel decentralized End Point Route Mutation (EPRM) protocol, and (3) design and implementation of planning algorithm to minimize the overlap between multiple flows, for the sake of maximizing the agility in the system. Our PlanetLab based implementation and evaluation validates the correctness, effectiveness and scalability of the proposed approach.

Original language	English
Title of host publication	MTD 2016 - Proceedings of the 2016 ACM Workshop on Moving Target Defense, co-located with CCS 2016
Publisher	Association for Computing Machinery, Inc
Pages	117-127
Number of pages	11
ISBN (Electronic)	9781450345705
DOIs	https://doi.org/10.1145/2995272.2995275
State	Published - 24 Oct 2016
Externally published	Yes
Event	2016 ACM Workshop on Moving Target Defense, MTD 2016 - Vienna, Austria Duration: 24 Oct 2016 → …

Publication series

Name	MTD 2016 - Proceedings of the 2016 ACM Workshop on Moving Target Defense, co-located with CCS 2016

Conference

Conference	2016 ACM Workshop on Moving Target Defense, MTD 2016
Country/Territory	Austria
City	Vienna
Period	24/10/16 → …

Bibliographical note

Publisher Copyright:
© 2016 ACM.

ASJC Scopus subject areas

Computer Networks and Communications
Control and Systems Engineering
Computer Science Applications

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1145/2995272.2995275

Cite this

Rauf, U., Gillani, F., Al-Shaer, E., Halappanavar, M., Chatterjee, S., & Oehmen, C. (2016). Formal approach for resilient reachability based on end-system route agility. In MTD 2016 - Proceedings of the 2016 ACM Workshop on Moving Target Defense, co-located with CCS 2016 (pp. 117-127). (MTD 2016 - Proceedings of the 2016 ACM Workshop on Moving Target Defense, co-located with CCS 2016). Association for Computing Machinery, Inc. https://doi.org/10.1145/2995272.2995275

Rauf, Usman ; Gillani, Fida ; Al-Shaer, Ehab et al. / Formal approach for resilient reachability based on end-system route agility. MTD 2016 - Proceedings of the 2016 ACM Workshop on Moving Target Defense, co-located with CCS 2016. Association for Computing Machinery, Inc, 2016. pp. 117-127 (MTD 2016 - Proceedings of the 2016 ACM Workshop on Moving Target Defense, co-located with CCS 2016).

@inproceedings{3f51397e1dee48fda4cf0a656ee4a8bf,

title = "Formal approach for resilient reachability based on end-system route agility",

abstract = "The deterministic nature of existing routing protocols has resulted into an ossified Internet with static and predictable network routes. This gives persistent attackers (e.g. eavesdroppers and DDoS attackers) plenty of time to study the network and identify the vulnerable (critical) links to plan devastating and stealthy attacks. Recently, Moving Target Defense (MTD) based approaches have been proposed to to defend against DoS attacks. However, MTD based approaches for route mutation are oriented towards reconfiguring the parameters in Local Area Networks (LANs), and do not provide any protection against infrastructure level attacks, which inherently limits their use for mission critical services over the Internet infrastructure. To cope with these issues, we extend the current routing architecture to consider end-hosts as routing elements, and present a formal method based agile defense mechanism to embed resiliency in the existing cyber infrastructure. The major contributions of this paper include: (1) formalization of efficient and resilient End to End (E2E) reachability problem as a constraint satisfaction problem, which identifies the potential end-hosts to reach a destination while satisfying resilience and QoS constraints, (2) design and implementation of a novel decentralized End Point Route Mutation (EPRM) protocol, and (3) design and implementation of planning algorithm to minimize the overlap between multiple flows, for the sake of maximizing the agility in the system. Our PlanetLab based implementation and evaluation validates the correctness, effectiveness and scalability of the proposed approach.",

author = "Usman Rauf and Fida Gillani and Ehab Al-Shaer and Mahantesh Halappanavar and Samrat Chatterjee and Christopher Oehmen",

note = "Publisher Copyright: {\textcopyright} 2016 ACM.; 2016 ACM Workshop on Moving Target Defense, MTD 2016 ; Conference date: 24-10-2016",

year = "2016",

month = oct,

day = "24",

doi = "10.1145/2995272.2995275",

language = "English",

series = "MTD 2016 - Proceedings of the 2016 ACM Workshop on Moving Target Defense, co-located with CCS 2016",

publisher = "Association for Computing Machinery, Inc",

pages = "117--127",

booktitle = "MTD 2016 - Proceedings of the 2016 ACM Workshop on Moving Target Defense, co-located with CCS 2016",

}

Rauf, U, Gillani, F, Al-Shaer, E, Halappanavar, M, Chatterjee, S & Oehmen, C 2016, Formal approach for resilient reachability based on end-system route agility. in MTD 2016 - Proceedings of the 2016 ACM Workshop on Moving Target Defense, co-located with CCS 2016. MTD 2016 - Proceedings of the 2016 ACM Workshop on Moving Target Defense, co-located with CCS 2016, Association for Computing Machinery, Inc, pp. 117-127, 2016 ACM Workshop on Moving Target Defense, MTD 2016, Vienna, Austria, 24/10/16. https://doi.org/10.1145/2995272.2995275

Formal approach for resilient reachability based on end-system route agility. / Rauf, Usman; Gillani, Fida; Al-Shaer, Ehab et al.
MTD 2016 - Proceedings of the 2016 ACM Workshop on Moving Target Defense, co-located with CCS 2016. Association for Computing Machinery, Inc, 2016. p. 117-127 (MTD 2016 - Proceedings of the 2016 ACM Workshop on Moving Target Defense, co-located with CCS 2016).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Formal approach for resilient reachability based on end-system route agility

AU - Rauf, Usman

AU - Gillani, Fida

AU - Al-Shaer, Ehab

AU - Halappanavar, Mahantesh

AU - Chatterjee, Samrat

AU - Oehmen, Christopher

PY - 2016/10/24

Y1 - 2016/10/24

N2 - The deterministic nature of existing routing protocols has resulted into an ossified Internet with static and predictable network routes. This gives persistent attackers (e.g. eavesdroppers and DDoS attackers) plenty of time to study the network and identify the vulnerable (critical) links to plan devastating and stealthy attacks. Recently, Moving Target Defense (MTD) based approaches have been proposed to to defend against DoS attacks. However, MTD based approaches for route mutation are oriented towards reconfiguring the parameters in Local Area Networks (LANs), and do not provide any protection against infrastructure level attacks, which inherently limits their use for mission critical services over the Internet infrastructure. To cope with these issues, we extend the current routing architecture to consider end-hosts as routing elements, and present a formal method based agile defense mechanism to embed resiliency in the existing cyber infrastructure. The major contributions of this paper include: (1) formalization of efficient and resilient End to End (E2E) reachability problem as a constraint satisfaction problem, which identifies the potential end-hosts to reach a destination while satisfying resilience and QoS constraints, (2) design and implementation of a novel decentralized End Point Route Mutation (EPRM) protocol, and (3) design and implementation of planning algorithm to minimize the overlap between multiple flows, for the sake of maximizing the agility in the system. Our PlanetLab based implementation and evaluation validates the correctness, effectiveness and scalability of the proposed approach.

AB - The deterministic nature of existing routing protocols has resulted into an ossified Internet with static and predictable network routes. This gives persistent attackers (e.g. eavesdroppers and DDoS attackers) plenty of time to study the network and identify the vulnerable (critical) links to plan devastating and stealthy attacks. Recently, Moving Target Defense (MTD) based approaches have been proposed to to defend against DoS attacks. However, MTD based approaches for route mutation are oriented towards reconfiguring the parameters in Local Area Networks (LANs), and do not provide any protection against infrastructure level attacks, which inherently limits their use for mission critical services over the Internet infrastructure. To cope with these issues, we extend the current routing architecture to consider end-hosts as routing elements, and present a formal method based agile defense mechanism to embed resiliency in the existing cyber infrastructure. The major contributions of this paper include: (1) formalization of efficient and resilient End to End (E2E) reachability problem as a constraint satisfaction problem, which identifies the potential end-hosts to reach a destination while satisfying resilience and QoS constraints, (2) design and implementation of a novel decentralized End Point Route Mutation (EPRM) protocol, and (3) design and implementation of planning algorithm to minimize the overlap between multiple flows, for the sake of maximizing the agility in the system. Our PlanetLab based implementation and evaluation validates the correctness, effectiveness and scalability of the proposed approach.

UR - https://www.scopus.com/pages/publications/84999040159

U2 - 10.1145/2995272.2995275

DO - 10.1145/2995272.2995275

M3 - Conference contribution

AN - SCOPUS:84999040159

T3 - MTD 2016 - Proceedings of the 2016 ACM Workshop on Moving Target Defense, co-located with CCS 2016

SP - 117

EP - 127

BT - MTD 2016 - Proceedings of the 2016 ACM Workshop on Moving Target Defense, co-located with CCS 2016

PB - Association for Computing Machinery, Inc

T2 - 2016 ACM Workshop on Moving Target Defense, MTD 2016

Y2 - 24 October 2016

ER -

Rauf U, Gillani F, Al-Shaer E, Halappanavar M, Chatterjee S, Oehmen C. Formal approach for resilient reachability based on end-system route agility. In MTD 2016 - Proceedings of the 2016 ACM Workshop on Moving Target Defense, co-located with CCS 2016. Association for Computing Machinery, Inc. 2016. p. 117-127. (MTD 2016 - Proceedings of the 2016 ACM Workshop on Moving Target Defense, co-located with CCS 2016). doi: 10.1145/2995272.2995275

Formal approach for resilient reachability based on end-system route agility

Abstract

Publication series

Conference

Bibliographical note

ASJC Scopus subject areas

UN SDGs

Access to Document

Fingerprint

Cite this