Synaptic: A formal checker for SDN-based security policies

Nicolas Schnepf, Rémi Badonnel, Abdelkader Lahmadi, and Stephan Merz

Abstract

Software-defined networking offers new opportunities for protecting end users by designing dynamic security policies. In particular, security chains can be built by combining security functions, such as firewalls, intrusion detection systems and services for preventing data leakage. The configuration of these security functions and their associated policies is based on behavioural models of end-user applications when accessing the network. In this demo, we present our tool \synaptic, a SDN-based framework intended for the formal verification of security policies as well as for automatically generating such policies based on automata learning methods applied on NetFlow records of end-user applications collected at the device level.

Available as: PDF

Reference

@inproceedings{schnepf:generation,
  author    = {Nicolas Schnepf and R{\'e}mi Badonnel and
               Abdelkader Lahmadi and Stephan Merz},
  title     = {{Synaptic}: A formal checker for {SDN}-based security policies},
  booktitle = {Network Operations and Management Symposium, {NOMS 2018}},
  pages     = {1--2},
  publisher = {{IEEE}},
  year      = {2018},
  address   = {Taipei, Taiwan},
}