Sekar wins NSF CAREER Award to improve network security
By Daniel Tkacik
Network administrators’ jobs are getting tougher in today’s world, protecting their organizations’ valuable information from increasingly sophisticated
“What’s critically lacking is a principled way to check if the network correctly implements a given suite of policies,” said CyLab faculty member Vyas Sekar, an assistant professor of Electrical and Computer Engineering. “This problem is already very challenging even for very basic policy intents. As networks and policies both become more
The National Science Foundation (NSF) just awarded Sekar with an NSF Faculty Early Career Development (CAREER) Award to pave the way towards reliable network security assurances. The CAREER Award is one of NSF’s most prestigious awards in support of junior faculty who exemplify the role of teacher-scholars through outstanding research and education.
“With this award, my research team will lead the development of a principled model-based testing framework and open-source tool for identifying if, and how, policies are violated,” said Sekar. “The tool will also help network administrators automatically locate the sources of these violations.”
While there have been significant technological advances in software testing with the development of program analysis and formal verification techniques, network testing has lagged behind.
“If we take off-the-shelf machinery from the program analysis and formal verification community, it completely chokes,” said Sekar. “Even on a small network with four to five nodes, it takes several days of computing time to provide operators with assurances about the behavior of their networks with the types of dynamic policies we envision.”
An early proof-point of their research is a system called “BUZZ,” a testing framework that takes policy intents from a network operator and automatically generates test traffic to check if the policies are implemented correctly. If a policy is violated, the tool helps operators identify the root cause.
“Our novel approach to model network functions and their interactions significantly cuts down the time it takes to systematically test cases from days to a few tens of seconds,” Sekar said. “This can potentially change the operational workflows of real networks by offering network administrators near real-time capabilities to test the correctness of their networks.”
With this CAREER award, Sekar’s team is planning to tackle a number of significant and fundamental technical challenges toward realizing the vision of an end-to-end framework that network administrators can integrate into their everyday workflows to ensure the security and performance.
For example, Sekar’s team plans to deploy BUZZ and its successors in real operational network settings to help transition the results from an academic setting into practice. This means the team will need to
“Given the model-based testing approach that BUZZ adopts, one natural question that arises is where do the models come from?” Sekar said. To this end, the team plans to develop systematic techniques to automatically extract the relevant information from the network devices.
In BUZZ’s current form, which one can view as an effective “bug finding” tool, there may be subtle bugs that are difficult to find. Sekar’s team sees room for improvement.
“The ultimate goal is to get closer to providing exhaustive ‘bug-free’ guarantees to network administrators,” Sekar said.
Learn more about Sekar's other research projects on network security and improving video streaming.