NFV Attestation Survey

Xitao Wen

1
 Attestation Architecture

Excerpted from [1] “Principles of remote attestation” in International Journal of Information Security, 10(2):63–81, 2011.
2
 Chain of Trust
• Trusted booting: TPM ->
BIOS -> Boot Loader -> OS
– Former entity measures the
integrity of binary and config
of latter entity, and sign the
hash in a certificate
– A sequence of certificates are
provided to appraiser as
evidence of system integrity
– Appraiser verifies hashes with
a list of trustworthy
implementations/configs

3
 Trust Base
• Service
– Endorsement key
– Memory curtaining
– Data sealing
• Implementation
– Hardware: Trust Platform Module (TPM),
measurement hardware
– Software: Secure kernel, secure hypervisor

4
 Attestation Service Provider (ASP)
1. Most based on code execution Attestation
– BIND [2]: critical code only; bind data/code integrety
– Pioneer [3]: no hardware trust base
– Schellekens et al. [4]: use TPM for fewer constraints
– Nexus [5]: hypervisor-style seperation
• Three categories
– Integrity attestation (earliest)
– Property-based Attestation
– Behavior-based Attestation [17]

2. Specific Purpose Attestation

– CoPilot [6]
5
– Gu et al. [7]
 Property-based Attestation (PBA)
• ASP signs properties rather than binary hashes
• How to Determining Properties?
– Delegation [12][13][14]: delegate hash-property mapping
to a trusted third party
– Behavior control [15][20][18]: behavior-based access
control or measurement
– Code analysis [11][16]: semantic code analysis
• Extend trust chain to verify the trustworthiness of
property measurement
– Enhanced boot loader [19]

6
PBA – Delegation Model

7
 PBA – Behavior Control
• Attest the behavior of security policies
– Usage control policy model [15]
– Dynamic OS properties [18]
• Verify security policies based on behavior
modeling
• Enforcement mechanism also needs
attestation

8
 PBA – Code Analysis
• [11] extends Java VM to
conduct byte-code
analysis and attestation
• [16] proposes attest
properties via proof-
carrying code

9
 Attestation in NFV, Cloud and Virtual Networks
All workshop papers, no real implementations, just high-level ideas

• Verifiable NFO [8]

– Framework to verify functionality, performance and accounting for NFV
– Very high-level roadmap
• TCCP [9]
– Framework to ensure confidentiality and integrity of computation in cloud
– Depends on trusted VM monitor and trusted coordinator
– Simply apply attestation to cloud environment
• Accountability in hosted virtual network [10]
– Account software integrity and functionality
– Two approaches
• Violation detection with measurement
• Verify software integrity with attestation

10
SDN/NFV Verification has some work on policy correctness [21-31]
 Uniqueness in NFV/SDN Environment
• Network policies + network functions
• Service composition/chaining
• Multiple distributed VNFs

11
 Properties to Attest in NFV/SDN
1. Correctness of NFV functionality [21][22]
2. Policy correctness and enforcement
1. Guaranteed traversal for packets
2. Correct order of service chains
3. Virtual Network Function (VNF) state consistency
1. Intra-VNF property
2. Inter-VNF property [32]
4. VNF version compatibility in a service chain
5. Performance monitoring (throughput, latency)
6. Resource accounting (memory, bw, CPU cycles)
7. Traffic confidentiality (seems impossible to prevent…)
12
 Potential Topics
• For the unique properties, what info and system
support are needed?
– SDN policy, controller, OS, network traffic, NFV software
– Two levels: read / write

• Focus more on systems than PL.

• What verification/attestation tools can be used? (Bo)
• What NFV code can be used? (Bo)
– Load balancer, security middleboxes, cache, TCP
performance enhancer/acceleration, Web Content
Optimization (WCO) 13
 NFV/SDN Attestation Architecture
Goals:
1. Policy compliance SDN
Controller
attestation
1. Attestation request
2. State consistency
attestation
Trusted 4. Attestation report
Delegate Client attester

2. Measurement setup

3. Measurement
collection
Internet Client network

Attestation Procedure:
0. Trust establishment
1. Attestation request
2. Measurement setup
3. Measurement collection
4. Attestation report

Trusted measurement Data path

points Control path
SDN switch Secure attestation 14
channel
 Policy Compliance Verification

• Evidence
– SDN behavior: verified SDN flow tables
– NFV behavior: inferred flow mappings of header modifying VNFs
– Session semantics: client supplied session binding (e.g., in-/out-
bound, TCP port bundle…)
• Session-level Policy
– Symmetric NF traversal path
– Connectivity in presence of cache
• Verification technique
– Session-level header space analysis
– Special treatment of cached traffic

15
 Session-level Header Space Analysis
• Original HSA only verifies flow connectivity, but real-world
sessions can involve several flows on both directions
• Goal: check session-level invariance by extending HSA
• Algorithm:
– Model end hosts as flow translation functions
– Iteratively run HSA until reach a fix point
– Verify session-level invariances

End host works

as transponder
that responds
one flow with
two flows composes one session another flow or
more flows.

16
 Header Space Analysis with Cache
In- Payload
port
Dst In- Out
Dst In- Out Conte 2,3 http port
port nt response
1. * 1
2. 1 2 Req
Cache 1 http request 1
*
1. * dro
3. 1 3 3.3.3.1 - Blob
2 p
*
2. * 2
1. 2,3 4 4 *
*
3. * 3
1. 4 1 1 3 1 3 *
*

2 2
1.1.*.* 3.*.*.*

1 3 Dst In- Out

port

1. * 1
*
2
2. * 2
*
Integrate
1.2.*.* cache into header space analysis (HSA), so
3. * 3
that this type of policy violation can* be accurately
discovered
17
2.*.*.*
 Modeling Caching Behavior

• Caching behavior
– Temporarily stores interested content/objects
• Certain bytes in request-response traffic in specific
application-level protocols
– Voluntarily responds to later requests
• Model Cache with HSA
– Model cache as a special transponder

18
 Middlebox State Taxonomy
Static Dynamic
Per-flow NAT mapping, socket context… IDS states, flow stat…
Multi-flow FW/IDS sigs, global settings… global stat, rule matching stat…

Consistency of dynamic states are generally more

expensive to keep as well as to verify.

Grey-box model of VNF states:

• View VNF states as opaque and movable byte chunk (OpenNF [36])
• Meters can checkpoint and hash snapshots of VNF states
• Attestation controller compares the hashes of state snapshots to
verify the consistency

19
 State Consistency Measurement
State Collection:
NFV Cloud ① At network entrance, the gateway
labels sampled packets or inserts
probing packets to instrument a flow
① ④ ② & ③ In the network, when a NF
meter recognizes the labeled packet, it
records current NF state and appends
the hash to the packet
④ At network exit, the gateway strips
off the tags and sends to attestation
③ controller
②
Attestation Controller:
1. Controller periodically instruments
every flow to keep an updated view of
NF states
2. Controller verifies the session
consistency (e.g., in-/out-bound flows
of a session) by comparing NF states
Hypervisor 3. When forwarding path changes,
controller instrument all packets, and
VNF verifies the level of consistency of NF
states (none, eventual, strong or strict)
Labeled Labeled
20
packet Original packet
 Trusted Measurement Points
1. VNF monitoring module in VM hypervisor
– Check VNF binary/config before launching
– Monitor runtime config change
– Measure flow and utility statistics
– Process FlowTag [34]
2. Trusted module in SDN switch agent or SDN controller
– Take snapshot of rules
– Setup rules for measurement tasks
3. Data-plane logging/injection points
– Insert testing packets
– Log trajectory and timestamp of testing packets

21
 Per-property Verification Technique
1. VNF correctness (use existing tech)
– Attest binary/config of VNF
– Verify functionality of binary/config offline
2. Policy correctness
– Conduct incremental header space analysis on flow table snapshot (use
existing tech)
– Inject test traces to test data-plane behavior
– Rule property
• Order, priority -> test explosion problem!
• Dependency graph for rescue?
• Incremental testing, depends on # of sub-space?
3. VNF state consistency
– Asymmetric routing lead to inconsistent forwarding for a security VNF
– Strong/eventual consistency
– Fast and efficient attestation/detection of such problem 22
Per-property Verification Technique
4. Version compatibility
– Combine VNF version with external compatibility information
– Checked by trusted delegate
5. Performance monitoring
– Latency: time sample packet at NFV hypervisor
– Throughput: measured by hypervisor
6. Resource accounting
– Depend on trusted hypervisor module
7. Traffic confidentiality
– In network: encryption?
– On NFV: Terra [35]?
23
 Reference
[1] G. Coker, J. Guttman, P. Loscocco, A. Herzog, J. Millen, B. OHanlon, J. Ramsdell, A. Segall, J. Sheehy, and B.
Sniffen. Principles of remote attestation. International Journal of Information Security, 10(2):63–81, 2011.
[2] Shi, E., Perrig, A., Van Doorn, L.: BIND: a time-of-use attestation service for secure distributed systems.
SOSP ‘05
[3] Seshadri, A., Luk, M., Shi, E., Perrig, A., van Doorn, L., Khosla, P. Pioneer: verifying integrity and
guaranteeing execution of code on legacy platforms. SOSP ’05
[4] Schellekens, D., Wyseur, B., Preneel, B.: Remote attestation on legacy operating systems with trusted
platform modules. Electron. Notes Theor. Comput. Sci. 197(1), 59–72 (2008)
[5] Shieh, A., Williams, D., Sirer, E., Schneider, F.B.: Nexus: a new operating system for trustworthy computing.
SOSP ’05
[6] Petroni, N.L. Jr., Fraser, T., Molina, J., Arbaugh, W.A.: Copilot—a coprocessor-based kernel runtime integrity
monitor. In: USENIX Security Symposium, pp. 179–194. USENIX (2004)
[7] Gu, L., Ding, X., Deng, R.H., Xie, B., Mei, H.: Remote attetation on program execution. In: STC ’08
[8] Seyed Kaveh Fayazbakhsh, Michael K Reiter, Vyas Sekar, Verifiable Network Function Outsourcing:
Requirements, Challenges, and Roadmap. HotMiddlebox ’13
[9] Santos, N., Gummadi, K. P., & Rodrigues, R. (2009, June). Towards trusted cloud computing. HotCloud
‘09 (pp. 3-3).
[10] Keller, E., Lee, R. B., & Rexford, J. (2009, August). Accountability in hosted virtual networks. In Proceedings
of the 1st ACM workshop on Virtualized infrastructure systems and architectures (pp. 29-36). ACM.

24
 Reference
[11] Haldar, V., Chandra, D., & Franz, M. (2004, May). Semantic remote attestation: a virtual machine directed
approach to trusted computing. In USENIX Virtual Machine Research and Technology Symposium (Vol. 2004).
[12] Chen, L., Landfermann, R., Löhr, H., Rohe, M., Sadeghi, A. R., & Stüble, C. (2006, November). A protocol for
property-based attestation. In ACM STC ‘06.
[13] A.-R. Sadeghi and C. Stuble. Property-based attestation for computing platforms: Caring about properties,
not mechanisms. In ACM SIGSAC ‘04
[14] J. Poritz, M. Schunter, E.V. Herreweghen, and M. Waidner. Property attestation — scalable and privacy-
friendly security assessment of peer computers, IBM Research Report RZ 3548, 2004
[15] Alam, M., Zhang, X., Nauman, M., Ali, T., & Seifert, J. P. (2008, June). Model-based behavioral attestation.
In Proceedings of the 13th ACM symposium on Access control models and technologies (pp. 175-184). ACM
[16] G. C. Necula and P. Lee. The design and implementation of a certifying compiler. In PLDI’98
[17] Xiao-Yong Li, Chang xiang Shen, and Xiao-Dong Zuo. An Efficient Attestation for Trustworthiness of
Computing Platform. In IIH-MSP, pages 625–630, 2006
[18] Kil, C., Sezer, E. C., Azab, A. M., Ning, P., & Zhang, X. (2009, June). Remote attestation to dynamic system
properties: Towards providing complete system integrity evidence. In DSN'09.
[19] Kühn, U., Selhorst,M., Stüble, C.: Realizing property-based attestation and sealing with commonly available
hard- and software. In: STC ’07
[20] J. Marchesini, S. Smith, O. Wild, A. Barsamian, and J. Stabiner. Open-source applications of TCPA hardware.
In ACSAC’04

25
 Reference
[21] M. Dobrescu and K. Argyraki. Software Dataplane Verification. In NSDI, 2014
[22] Fayaz, S. K., Tobioka, Y., Chaki, S., & Sekar, V. (2014). BUZZ: Testing Context-Dependent Policies in Stateful
Data Planes (CMU-CyLab-14-013).
[23] Panda, A., Lahav, O., Argyraki, K., Sagiv, M., & Shenker, S. (2014). Verifying Isolation Properties in the
Presence of Middleboxes. arXiv preprint arXiv:1409.7687.
[24] A. Guha, M. Reitblatt, and N. Foster. Machine-verified network controllers. In PLDI’13
[25] P. Kazemian, M. Chang, H. Zeng, G. Varghese, N. McKeown, and S. Whyte. Real time network policy
checking using header space analysis. In NSDI, 2013.
[26] P. Kazemian, G. Varghese, and N. McKeown. Header space analysis: Static checking for networks. In NSDI,
2012.
[27] A. Khurshid, X. Zou, W. Zhou, M. Caesar, and P. B. Godfrey. Veriflow: Verifying network-wide invariants in
real time. In NSDI’13
[28] T. Nelson, A. D. Ferguson, M. J. G. Scheer, and S. Krishnamurthi. A balance of power: Expressive, analyzable
controller programming. NSDI, 2014.
[29] D. Sethi, S. Narayana, and S. Malik. Abstractions for model checking sdn controllers. In FMCAD, 2013
[30] R. Skowyra, A. Lapets, A. Bestavros, and A. Kfoury. A verification platform for sdn-enabled applications. In
HiCoNS, 2013

26
 Reference
[31] H. Zeng, S. Zhang, F. Ye, V. Jeyakumar, M. Ju, J. Liu, N. McKeown, and A. Vahdat. Libra: Divide and Conquer
to Verify Forwarding Tables in Huge Networks. In NSDI, 2014.
[32] Soudeh Ghorbani and Brighten Godfrey. Towards Correct Network Virtualization. In HotSDN’14.
[33] Seyed K. Fayaz, Vyas Sekar. Testing Stateful and Dynamic Data Planes with FlowTest. In HotSDN’14.
[34] S. K. Fayazbakhsh, L. Chiang, V. Sekar, M. Yu, and J. C. Mogul. Enforcing network-wide policies in the
presence of dynamic middlebox actions using FlowTags. In Proc. NSDI, 2014.
[35] T. Garfinkel, B. Pfaff, J. Chow, M. Rosenblum, and D. Boneh. Terra: A Virtual Machine-Based Platform for
Trusted Computing. In SOSP’03.
[36] Gember-Jacobson, A., Viswanathan, R., Prakash, C., Grandl, R., Khalid, J., Das, S., & Akella, A. (2014,
August). OpenNF: enabling innovation in network function control. In SIGCOMM ‘14.
[37] Agarwal, Kanak, et al. "SDN traceroute: tracing SDN forwarding without changing network
behavior." Proceedings of the third workshop on Hot topics in software defined networking. ACM, 2014.
[38] Maciej Kuzniar, Peter Peresini, Dejan Kostic. ProboScope: “Data Plane Probe Packet Generation.” Technical
Report. http://infoscience.epfl.ch/record/201824
[39] Nuno Lopes, Nikolaj Bjorner, Patrice Godefroid, Karthick Jayaraman, and George Varghese. “Checking
Beliefs in Dynamic Networks.” Technical Report. http://131.107.65.14/apps/pubs/default.aspx?id=215431
[40] Stoenescu, R., Popovici, M., Negreanu, L., & Raiciu, C. (2013, December). SymNet: static checking for
stateful networks. In Proceedings of the 2013 workshop on Hot topics in middleboxes and network function
virtualization (pp. 31-36). ACM.

27
 Reference
[41] Handigol, N., Heller, B., Jeyakumar, V., Mazieres, D., & McKeown, N. (2014, April). I know what your packet
did last hop: using packet histories to troubleshoot networks. In NSDI’14
[42] Zeng, H., Kazemian, P., Varghese, G., & McKeown, N. (2012, December). Automatic test packet generation.
In Co-NEXT’12
[43] Kuzniar, M., Perešıni, P., & Kostic, D. (2014). What you need to know about SDN control and data
planes. Technical Report. http://infoscience.epfl.ch/record/199497/files/switches-tr-oct14_1.pdf?version=1
[44] Kuzniar, M., Peresini, P., & Kostic, D. (2014). Providing Reliable FIB Update Acknowledgments in SDN.
In CoNEXT’14.
[45] Gember, A., Krishnamurthy, A., John, S. S., Grandl, R., Gao, X., Anand, A., ... & Akella, A. (2013). Stratos: A
Network-Aware Orchestration Layer for Virtual Middleboxes in Clouds. arXiv preprint arXiv:1305.0209.

28
 Switch as
injection point

Gateway as
Injection point &
Interception point

29
 Controller, Postcard Processor
and Probe Engine

Virtual 100M 1GE Virtual

Control Link Control Link Postcard Link Control Link

1GE Data Link 1GE Data Link

OVS OVS
VM 1 Pica8 P-3297 VM 2

30