Demonstrating topoS: Theorem-Prover-Based Synthesis of Secure Network   Configurations

Cornelius Diekmann; Andreas Korsten; Georg Carle

arXiv:1604.00273·cs.NI·April 4, 2016

Demonstrating topoS: Theorem-Prover-Based Synthesis of Secure Network Configurations

Cornelius Diekmann, Andreas Korsten, Georg Carle

PDF

TL;DR

This paper introduces topoS, a formally verified tool that automatically synthesizes secure network configurations from high-level security goals, reducing human errors in network management.

Contribution

The paper presents topoS, a novel tool that automates the synthesis of network configurations from security goals with formal verification, covering both firewall and SDN setups.

Findings

01

Successfully demonstrated complete transition from high-level goals to configurations

02

Formal verification with Isabelle/HOL ensures implementation correctness

03

First case study showing end-to-end synthesis from goals to configurations

Abstract

In network management, when it comes to security breaches, human error constitutes a dominant factor. We present our tool topoS which automatically synthesizes low-level network configurations from high-level security goals. The automation and a feedback loop help to prevent human errors. Except for a last serialization step, topoS is formally verified with Isabelle/HOL, which prevents implementation errors. In a case study, we demonstrate topoS by example. For the first time, the complete transition from high-level security goals to both firewall and SDN configurations is presented.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.