Matteo Avalle Annual Oral Presentation For Ph.D Evaluation 2012 (Second Ph.D year)
Matteo AvalleAnnual Oral Presentation For Ph.D Evaluation2012 (Second Ph.D year)
Main research topic:regexp-based packet processing
• Background
• Research directions
• Results
Ou
tlin
e
Background
• Regexp-based data processing:– Powerful technique to analyze data– Several possible application fields (e.g NIDS).
• Rule sets must be transformed in automata (in our case NFAs)
• NFAs can then be used to parse data by using a packet processor– iNFAnt, a GPU-based packet processor
• Processing throughput is critical
2/10Main: • • • • Sec: • • •
Main research directionsThere is a technique, called multi-stride:•Based on transforming the NFA into a more efficient form•Multiplies the processing throughput by a factor of 2n
For these reasons:•A new, faster multistride algorithm has been developed•Test cases have been developed by applying multistride to huge rule sets
But:• “n” depends on the size
of the rule set, and is usually very small
• Obtaining a 4x NFA of a medium ruleset requires several months of computation
• Inapplicable to big rulesets
3/10Main: • • • • Sec: • • •
Main research directions• The new multistride algorithm pushes forwards the limits of
the previous algorithms
For these reasons:•A new technique, called multi-map multistride has been developed•It exploits GPU architecture•It allows to further push forward the limits of the original multistride
But:• Even with faster
algorithms, multi stride still have limits
• It should be possible to optimize NFAs to achieve better results when using GPU-based processors
4/10Main: • • • • Sec: • • •
Obtained results
• With the new “Multi-Stride” algorithm it is now possible to quadruple the processing throughput of medium-sized NFAs while the previous algorithms did not allow to achieve more than a 2x boost on the same NFAs
– M. Avalle, F. Risso, R. Sisto, “Efficient Multistriding of Large Non-deterministic Finite State Automata for Deep Packet Inspection”, in Proc. of the IEEE International Conference on Communications (ICC) 2012 – Communication and Information Systems Security Symposium.
• The new “Multi-Map Multistride” technique further extends the previous limits by multiplying the processing throughput of bigger NFAs and with higher coefficients
– A paper is under development to present results of this algorithm
5/10Main: • • • • Sec: • • •
Secondary research topic:Design and implementation of Security protocols with javaSPI
• Background
• Our solution: JavaSPI
• Results
Ou
tlin
e
Background• Developing a security protocol is an hard, error-
prone task even for experts• Formal methods can be the key to simplify this
process– Mathematical demonstration of the claimed security
properties
– Semi-automated generation of the implementation code to reduce the presence of bugs
• Anyway, using formal methods is still a complex task as the formal languages are usually unknown to the developers
7/10Main: • • • • Sec: • • •
Our solution: JavaSPI
8/10Main: • • • • Sec: • • •
Results
• The javaSPI tool has been developed
• A case study, regarding a particular configuration of the SSL 3.0 handshake protocol, has been developed
– M. Avalle, A. Pironti, R. Sisto D. Pozza, “The Java SPI Framework for Security Protocol Implementation”, in Proc. of the Sixth International Conference on Availability, Reliability and Security (ARES), Vienna, Austria, pp. 746-751, IEEE, 2011.
• Moreover, there is an article under development to present the mathematical Soundness proofs of javaSPI.
• A survey regarding the state of the art of formal methods applied to security protocols have been written
– M. Avalle, A. Pironti, R. Sisto, “Formal Verification of Security Protocol Implementations: A Survey”, accepted for publication in Formal Aspects of Computing, Springer.
9/10Main: • • • • Sec: • • •
Future work
• The first, short-term objective is to finish the actual work by publishing the papers under development regarding both the research topics
• Moreover, there should still be room to improve the performance of actual techniques by implementing new GPU-specific optimization techniques.
10/10
Questions?