This project develops a scientific approach to testing hypotheses about network security when those tests must consider layers of complex interacting policies within the network stack. The work is motivated by observation that the infrastructure of large networks is hideously complex, and so is vulnerable to various attacks on services and data. Coping with these vulnerabilities consumes significant human management time, just trying to understand the network’s behavior. Unfortunately, even very simple behaviors – such as whether it is possible for any packet (however unusual) to flow between two devises – are difficult for operators to test, and synthesizing these low-level behaviors into a high-level quantitative understanding of network security has been beyond reach.
We propose to develop the analysis methodology needed to support scientific reasoning about the security of networks, with a particular focus on information and data flow security. The core of this vision is Network Hypothesis Testing Methodology (NetHTM), a set of techniques for performing and integrating security analyses applied at different network layers, in different ways, to pose and rigorously answer quantitative hypotheses about the end-to-end security of a network.