Ph.D Annual report II

Matteo AvalleAnnual Oral Presentation For Ph.D Evaluation2012 (Second Ph.D year)

Main research topic:regexp-based packet processing

• Background

• Research directions

• Results

Ou

tlin

e

Background

• Regexp-based data processing:– Powerful technique to analyze data– Several possible application fields (e.g NIDS).

• Rule sets must be transformed in automata (in our case NFAs)

• NFAs can then be used to parse data by using a packet processor– iNFAnt, a GPU-based packet processor

• Processing throughput is critical

2/10Main: • • • • Sec: • • •

Main research directionsThere is a technique, called multi-stride:•Based on transforming the NFA into a more efficient form•Multiplies the processing throughput by a factor of 2n

For these reasons:•A new, faster multistride algorithm has been developed•Test cases have been developed by applying multistride to huge rule sets

But:• “n” depends on the size

of the rule set, and is usually very small

• Obtaining a 4x NFA of a medium ruleset requires several months of computation

• Inapplicable to big rulesets

3/10Main: • • • • Sec: • • •

Main research directions• The new multistride algorithm pushes forwards the limits of

the previous algorithms

For these reasons:•A new technique, called multi-map multistride has been developed•It exploits GPU architecture•It allows to further push forward the limits of the original multistride

But:• Even with faster

algorithms, multi stride still have limits

• It should be possible to optimize NFAs to achieve better results when using GPU-based processors

4/10Main: • • • • Sec: • • •

Obtained results

• With the new “Multi-Stride” algorithm it is now possible to quadruple the processing throughput of medium-sized NFAs while the previous algorithms did not allow to achieve more than a 2x boost on the same NFAs

– M. Avalle, F. Risso, R. Sisto, “Efficient Multistriding of Large Non-deterministic Finite State Automata for Deep Packet Inspection”, in Proc. of the IEEE International Conference on Communications (ICC) 2012 – Communication and Information Systems Security Symposium.

• The new “Multi-Map Multistride” technique further extends the previous limits by multiplying the processing throughput of bigger NFAs and with higher coefficients

– A paper is under development to present results of this algorithm

5/10Main: • • • • Sec: • • •

Secondary research topic:Design and implementation of Security protocols with javaSPI

• Background

• Our solution: JavaSPI

• Results

Ou

tlin

e

Background• Developing a security protocol is an hard, error-

prone task even for experts• Formal methods can be the key to simplify this

process– Mathematical demonstration of the claimed security

properties

– Semi-automated generation of the implementation code to reduce the presence of bugs

• Anyway, using formal methods is still a complex task as the formal languages are usually unknown to the developers

7/10Main: • • • • Sec: • • •

Our solution: JavaSPI

8/10Main: • • • • Sec: • • •

Results

• The javaSPI tool has been developed

• A case study, regarding a particular configuration of the SSL 3.0 handshake protocol, has been developed

– M. Avalle, A. Pironti, R. Sisto D. Pozza, “The Java SPI Framework for Security Protocol Implementation”, in Proc. of the Sixth International Conference on Availability, Reliability and Security (ARES), Vienna, Austria, pp. 746-751, IEEE, 2011.

• Moreover, there is an article under development to present the mathematical Soundness proofs of javaSPI.

• A survey regarding the state of the art of formal methods applied to security protocols have been written

– M. Avalle, A. Pironti, R. Sisto, “Formal Verification of Security Protocol Implementations: A Survey”, accepted for publication in Formal Aspects of Computing, Springer.

9/10Main: • • • • Sec: • • •

Future work

• The first, short-term objective is to finish the actual work by publishing the papers under development regarding both the research topics

• Moreover, there should still be room to improve the performance of actual techniques by implementing new GPU-specific optimization techniques.

10/10

Questions?