21 P They tend to think in terms of procedures, rather than goals Anderson Can people state them? Are they good enough?
22 P - P Help people with policy evolution: study what has changed
23 p.Int.ACL accepts p p. Int.NAT translates p to p p.dstprt = p.dstprt p.proto = p.proto p.ipdest = p.ipdest ((Ext.ACL denies p Ext.ACLNew accepts p) (Ext.ACL accepts p Ext.ACLNew denies p))
24 Presenting Change p.entry-interface = fw2_int p.ipsrc = employee p.ipdest in outIPs p.srcprt = any p.dstprt = www p.protocol = tcp p.entry-interface = fw2_int p.ipsrc = contractor p.ipdest in outIPs p.srcprt = any p.dstprt = www p.protocol = tcp packets Deny to Permit Permit to Deny A function mapping requests to changes in outcome
25 p.entry-interface = fw2_int p.ipsrc = manager p.ipdest in outIPs p.srcprt = any p.dstprt = www p.protocol = tcp p.entry-interface = fw2_int p.ipsrc = employee p.ipdest in outIPs p.srcprt = any p.dstprt = www p.protocol = tcp p.entry-interface = fw2_int p.ipsrc = contractor p.ipdest in outIPs p.srcprt = any p.dstprt = www p.protocol = tcp Denied Permit
26 Change as a First-Class Entity Restrict changes to External Firewall View Which machines lost privileges? Query Confirm no machines gained privileges Verification
27 Configuration checking Upgrade checkingFinding hotspots What if questions Mutation testing ? Refactoring testing
28 Scope of Margrave Most of XACML 1.0 and 2.0 Cisco IOS: –ACL: standard and extended –NAT: static; dynamic: ACL-based, map-based –routing: static and policy-based –limited: BGP announcements and VPN endpoints Amazon Access Policy Language (in SQS) Hypervisor, based on sHype (IBM) A Datalog-based intermediate language
29 Performance Production firewall (1108 rules): Change-impact: Time: 2.5 sec Space: baseline + 83 Mb List all superfluous rules: Time: 10 min Space: baseline + 467 Mb Production XACML policy: Verification: Time: <10 millisec Space: baseline + 316 Kb Change-impact: Time: 2 millisec Space: baseline + 16 Kb
30 Under the Hood Translation into first-order logic Propositionalize to BDDs and SAT Bernays-Schönfinkel-Ramsey class Extended to multi-sorted logic Some small theories for networking Aggregation to compress i. and o. Rule-tracing EDBs and IDBs in models
31 Upcoming Work More sophisticated modeling of state Visualization of output Generating constraints on components Suggesting repairs Handling numerics
32 Dan Dougherty [WPI] Kathi Fisler [WPI] Tim Nelson [WPI] Alums: –Leo Meyerovich [Brown u.g. Berkeley] –Michael Tschantz [Brown u.g. CMU] http://www.margrave-tool.org/
Your consent to our cookies if you continue to use this website.