Model based testing techniques for software defined networks / Méthodes de test basées sur les modèles pour la validation des réseaux logiciels (SDN)

Berriri, Asma

22 October 2019

Les réseaux logiciels (connus sous l'éppellation: Software Defined Networking, SDN), qui s'appuient sur le paradigme de séparation du plan de contrôle et du plan d'acheminement, ont fortement progressé ces dernières années pour permettre la programmabilité des réseaux et faciliter leur gestion. Reconnu aujourd'hui comme des architectures logicielles pilotées par des applications, offrant plus de programmabilité, de flexibilité et de simplification des infrastructures, les réseaux logiciels sont de plus en plus largement adoptés et graduellement déployés par l'ensemble des fournisseurs. Néanmoins, l'émergence de ce type d'architectures pose un ensemble de questions fondamentales sur la manière de garantir leur correct fonctionnement. L'architecture logicielle SDN est elle-même un système complexe à plusieurs composants vulnérable aux erreurs. Il est essentiel d'en assurer le bon fonctionnement avant déploiement et intégration dans les infrastructures.Dans la littérature, la manière de réaliser cette tâche n'a été étudiée de manière approfondie qu'à l'aide de vérification formelle. Les méthodes de tests s'appuyant sur des modèles n'ont guère retenu l'attention de la communauté scientifique bien que leur pertinence et l'efficacité des tests associés ont été largement demontrés dans le domaine du développement logiciel. La création d'approches de test efficaces et réutilisables basées sur des modèles nous semble une approche appropriée avant tout déploiement de réseaux virtuels et de leurs composants. Le problème abordé dans cette thèse concerne l'utilisation de modèles formels pour garantir un comportement fonctionnel correct des architectures SDN ainsi que de leurs composants. Des approches formelles, structurées et efficaces de génération de tests sont les principale contributions de la thèse. En outre, l'automatisation du processus de test est mis en relief car elle peut en réduire considérablement les efforts et le coût.La première contribution consiste en une méthode reposant sur l'énumération de graphes et qui vise le test fonctionnel des architectures SDN. En second lieu, une méthode basée sur un circuit logique est développée pour tester la fonctionnalité de transmission d'un commutateur SDN. Plus loin, cette dernière méthode est étendue pour tester une application d'un contrôleur SDN. De plus, une technique basée sur une machine à états finis étendus est introduite pour tester la communication commutateur-contrôleur.Comme la qualité d'une suite de tests est généralement mesurée par sa couverture de fautes, les méthodes de test proposées introduisent différents modèles de fautes et génèrent des suites de tests avec une couverture de fautes guarantie. / Having gained momentum from its concept of decoupling the traffic control from the underlying traffic transmission, Software Defined Networking (SDN) is a new networking paradigm that is progressing rapidly addressing some of the long-standing challenges in computer networks. Since they are valuable and crucial for networking, SDN architectures are subject to be widely deployed and are expected to have the greatest impact in the near future. The emergence of SDN architectures raises a set of fundamental questions about how to guarantee their correctness. Although their goal is to simplify the management of networks, the challenge is that the SDN software architecture itself is a complex and multi-component system which is failure-prone. Therefore, assuring the correct functional behaviour of such architectures and related SDN components is a task of paramount importance, yet, decidedly challenging.How to achieve this task, however, has only been intensively investigated using formal verification, with little attention paid to model based testing methods. Furthermore, the relevance of models and the efficiency of model based testing have been demonstrated for software engineering and particularly for network protocols. Thus, the creation of efficient and reusable model based testing approaches becomes an important stage before the deployment of virtual networks and related components. The problem addressed in this thesis relates to the use of formal models for guaranteeing the correct functional behaviour of SDN architectures and their corresponding components. Formal, and effective test generation approaches are in the primary focus of the thesis. In addition, automation of the test process is targeted as it can considerably cut the efforts and cost of testing.The main contributions of the thesis relate to model based techniques for deriving high quality test suites. Firstly, a method relying on graph enumeration is proposed for the functional testing of SDN architectures. Secondly, a method based on logic circuit is developed for testing the forwarding functionality of an SDN switch. Further on, the latter method is extended to test an application of an SDN controller. Additionally, a technique based on an extended finite state machine is introduced for testing the switch-to-controller communication. As the quality of a test suite is usually measured by its fault coverage, the proposed testing methods introduce different fault models and seek for test suites with guaranteed fault coverage that can be stated as sufficient conditions for a test suite completeness / exhaustiveness.

Modèles formels

Testing

Réseaux logiciels (SDN)

Model based testing

Formal models

Testing

Software defined networking (SDN)

Virtualized network functions

Software-defined Situation-aware Cloud Security

January 2020

abstract: The use of reactive security mechanisms in enterprise networks can, at times, provide an asymmetric advantage to the attacker. Similarly, the use of a proactive security mechanism like Moving Target Defense (MTD), if performed without analyzing the effects of security countermeasures, can lead to security policy and service level agreement violations. In this thesis, I explore the research questions 1) how to model attacker-defender interactions for multi-stage attacks? 2) how to efficiently deploy proactive (MTD) security countermeasures in a software-defined environment for single and multi-stage attacks? 3) how to verify the effects of security and management policies on the network and take corrective actions? I propose a Software-defined Situation-aware Cloud Security framework, that, 1) analyzes the attacker-defender interactions using an Software-defined Networking (SDN) based scalable attack graph. This research investigates Advanced Persistent Threat (APT) attacks using a scalable attack graph. The framework utilizes a parallel graph partitioning algorithm to generate an attack graph quickly and efficiently. 2) models single-stage and multi-stage attacks (APTs) using the game-theoretic model and provides SDN-based MTD countermeasures. I propose a Markov Game for modeling multi-stage attacks. 3) introduces a multi-stage policy conflict checking framework at the SDN network's application plane. I present INTPOL, a new intent-driven security policy enforcement solution. INTPOL provides a unified language and INTPOL grammar that abstracts the network administrator from the underlying network controller's lexical rules. INTPOL develops a bounded formal model for network service compliance checking, which significantly reduces the number of countermeasures that needs to be deployed. Once the application-layer policy conflicts are resolved, I utilize an Object-Oriented Policy Conflict checking (OOPC) framework that identifies and resolves rule-order dependencies and conflicts between security policies. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2020

Computer science

Advanced Persistent Threat (APT)

Attack Graph

Bounded Model Checking

Markov Game

Moving Target Defense (MTD)

Software-defined Networking (SDN)

Design and prototyping of indoor positioning systems for Internet-of-Things sensor networks

Shakoori Moghadam Monfared, Shaghayegh

04 January 2021

Accurate indoor positioning of narrowband Internet-of-Things (IoT) sensors has drawn more attention in recent years. The introduction of Bluetooth Low Energy (BLE) technology is one of the latest developments of IoT and especially applicable for Ultra-Low Power (ULP) applications. BLE is an attractive technology for indoor positioning systems because of its low-cost deployment and reasonable accuracy. Efficient indoor positioning can be achieved by deducing the sensor position from the estimated signal Angle-of-Arrival (AoA) at multiple anchors. An anchor is a base station of known position and equipped with a narrowband multi-antenna array. However, the design and implementation of indoor positioning systems based on AoA measurements involve multiple challenges. The first part of this thesis mainly addresses the impact of hardware impairments on the accuracy of AoA measurements. In practice, the subspace-based algorithms such as Multiple Signal Classification (MUSIC) suffer from sensitivity to array calibration errors coming from hardware imperfections. A detailed experimental implementation is performed using a Software Defined Radio (SDR) platform to precisely evaluate the accuracy of AoA measurements. For this purpose, a new Over-the-Air (OTA) calibration method is proposed and the array calibration error is investigated. The experimental results are compared with the theoretical analysis. These results show that array calibration errors can cause some degrees of uncertainty in AoA estimation. Moreover, we propose iterative positioning algorithms based on AoA measurements for low capacity IoT sensors with high accuracy and fair computational complexity. Efficient positioning accuracy is obtained by iterating between the angle and position estimation steps. We first develop a Data-Aided Maximum a Posteriori (DA- MAP) estimator based on the preamble of the transmitted signal. DA-MAP estimator relies on the knowledge of the transmitted signal which makes it impractical for narrowband communications where the preamble is short. For this reason, a Non-Data- Aided Maximum a Posteriori (NDA-MAP) estimator is developed to improve the AoA accuracy. The iterative positioning algorithms are therefore classified as Data-Aided Iterative (DA-It) and Non-Data-Aided Iterative (NDA-It) depending on the knowledge of the transmitted signal that is used for estimation. Both numerical and experimental analyses are carried out to evaluate the performance of the proposed algorithms. The results show that DA-MAP and NDA-MAP estimators are more accurate than MUSIC. The results also show that DA-It comes very close to the performance of the optimal approach that directly estimates the position based on the observation of the received signal, known as Direct Position Estimation (DPE). Furthermore, the NDA-It algorithm significantly outperforms the DA-It because it can use a much higher number of samples; however, it needs more iterations to converge. In addition, we evaluate the computational savings achieved by the iterative schemes compared to DPE through a detailed complexity analysis. Finally, we investigate the performance degradation of the proposed iterative algorithms due to the impact of multipath and NLOS propagation in indoor environments. Therefore, we develop an enhanced iterative positioning algorithm with an anchor selection method in order to identify and exclude NLOS anchors. The numerical results show that applying the anchor selection strategy significantly improves the positioning accuracy in indoor environments. / Doctorat en Sciences de l'ingénieur et technologie / info:eu-repo/semantics/nonPublished

Anchor selection

Angle-of-Arrival

Array calibration errors

Bluetooth Low Energy

Internet-of-Things

Iterative positioning

Non-Line-of-Sight

Non-Data-Aided estimation

Software Defined Radio

AN EVALUATION OF SDN AND NFV SUPPORT FOR PARALLEL, ALTERNATIVE PROTOCOL STACK OPERATIONS IN FUTURE INTERNETS

Suresh, Bhushan

09 July 2018

Virtualization on top of high-performance servers has enabled the virtualization of network functions like caching, deep packet inspection, etc. Such Network Function Virtualization (NFV) is used to dynamically adapt to changes in network traffic and application popularity. We demonstrate how the combination of Software Defined Networking (SDN) and NFV can support the parallel operation of different Internet architectures on top of the same physical hardware. We introduce our architecture for this approach in an actual test setup, using CloudLab resources. We start of our evaluation in a small setup where we evaluate the feasibility of the SDN and NFV architecture and incrementally increase the complexity of the setup to run a live video streaming application. We use two vastly different protocol stacks, namely TCP/IP and NDN to demonstrate the capability of our approach. The evaluation of our approach shows that it introduces a new level of flexibility when it comes to operation of different Internet architectures on top of the same physical network and with this flexibility provides the ability to switch between the two protocol stacks depending on the application.

Software Defined Networks (SDN)

Network Function virtualization (NFV)

Named Data Networks (NDN)

Future Internet Architecture (FIA)

Live Video Streaming

Adaptive Bitrate Streaming (ABR)

Electrical and Computer Engineering

Jamming Detection and Classification via Conventional Machine Learning and Deep Learning with Applications to UAVs

Yuchen Li (11831105)

13 December 2021

<div>With the constant advancement of modern radio technology, the safety of radio communication has become a growing concern for us. Communication has become an essential component, particularly in the application of modern technology such as unmanned aerial vehicle (UAV). As a result, it is critical to ensure that a drone can fly safely and reliably while completing duties. Simultaneously, machine learning (ML) is rapidly developing in the twenty-first century. For example, ML is currently being used in social media and digital marking for predicting and addressing users' varies interests. This also serves as the impetus for this thesis. The goal of this thesis is to combine ML and radio communication to identify and classify UAV interference with high accuracy.</div><div>In this work, a ML approach is explored for detecting and classifying jamming attacks against orthogonal frequency division multiplexing (OFDM) receivers, with applicability to UAVs. Four types of jamming attacks, including barrage, protocol-aware, single-tone, and successive-pulse jamming, are launched and analyzed using software-defined radio (SDR). The jamming range, launch complexity, and attack severity are all considered qualitatively when evaluating each type. Then, a systematic testing procedure is established, where a SDR is placed in the vicinity of a drone to extract radiometric features before and after a jamming attack is launched. Traditional ML methods are used to create classification models with numerical features such as signal-to-noise ratio (SNR), energy threshold, and important OFDM parameters. Furthermore, deep learning method (i.e., convolutional neural networks) are used to develop classification models trained with spectrogram images filling in it. Quantitative indicators such as detection and false alarm rates are used to evaluate the performance of both methods. The spectrogram-based model correctly classifies jamming with a precision of 99.79% and a false-alarm rate of 0.03%, compared to 92.20% and 1.35% for the feature-based counterpart.</div>

Computer Engineering

Wireless Communications

Cybersecurity

Jamming

Unmanned Aerial Vehicles

Software Defined Radio

Spectrogram

Machine Learning

Deep Learning

Convolutional neural networks

Softwarový přijímač pro dálkový průzkum Země v pásmu X / X-band Earth Observation Satellite Software Defined Receiver

Zedka, Radim

January 2019

Práce se zabývá procesem návrhu digitálního přijímače pro signály družic dálkového průzkumu Země v pásmu X. V první části je uveden seznam družic které umožnují příjem vědeckých dat pomocí amatérských neautorizovaných stanic. Jsou zde vypsány základní signálové parametry některých družic, z nichž EOS-PM-1 je zvolena jako hlavní objekt pro návrh přijímače. Ve druhé části je použit software MATLAB pro simulaci družicového O-QPSK signálu v základním pásmu, mechanizmu kompenzace kmitočtového ofsetu, synchronizaci nosné, symbolové synchronizaci, rámcové synchronizaci a odstranění fázové dvojznačnosti vlivem modulace. Třetí část práce pojednává detailněji o implementaci jednotlivých bloků přijímače do FPGA při použití aritmetky s pevnou řádovou čárkou. Je zde popsána metoda pro verifikaci celého designu v reálném čase a závěrem je zde uvedeno porovnání výsledků měření touto metodou a výsledků simulace.

Analýza bezdrátové komunikace pomocí softwarově definovaného rádia / Wireless communication analysis using software defined radio

Štrajt, Martin

January 2020

The work deals with the use of software-defined radio as a probe for monitoring the operation of wireless communication according to the IEEE 802.11a/g standard. In the theoretical introduction, the concept of software-defined radio as a hardware device with software programmable circuits enabling the transmission or reception of signals in theoretically any frequency band is introduced. The introduction also contains adescription of selected devices and the IEEE 802.11 protocol with its most used additionsand modulations. In the first part of the practical part of the work, wireless communication is capturedusing a wireless network card in monitoring mode. The intercepted communication was decrypted and this decrypted traffic was compared with the data captured by the probe within the network. These results then served as acomparative basis for software-defined radio capturing. The focus of this work is to verify the capabilities of software-defined radio and its use for sniffing wireless communicationin the frequency band 2.4 GHz and 5 GHz. The attempt to use a software-defined radio here results from the scalability and adaptability that a wireless card cannot offer due to fixed hardware parameters. LimeSDR mini, LimeSDR and bladeRF 2.0 devices were used for capture. First, the configuration of the operating system, the installation of drivers and programs for control and work with selected devices are described. After verifying the functionality of the software-defined radio, a model of a signal decoder with the parameters of the IEEE 802.11g standard captured from the radio spectrum was put into operation. Finally, the data streams captured by the software-defined radio and the wireless network card were compared side by side. The results showed that the software-defined radio in the used configuration captures only a part of the total volume of transmitted frames.

Klasifikace typu digitální modulace / Classification of digital modulation type

Balada, Radek

January 2010

The aim of master’s thesis is a classification of digital modulation type. The interest in modulation classification has been growing for last years. It has several possible roles in both civilian and military applications such as spectrum sensing, signal confirmation, interference identification, monitoring and so on. Modulation classification is an intermediate step between signal detection and successful demodulation. Therefore the known methods are based on different statistics obtained from received signals. These statistics can be derived from continuous time signals and they hold for sampled signals.

Modulátor a demodulátor s více nosnými pro softwarově definované rádio / Multicarrier modulator and demodulator for software defined radio

Klučka, Jaroslav

January 2010

This thesis deals with computer simulation of the communication chain using the OFDM modulation. In the beginning of my thesis there is a brief description of digital modulations, especially OFDM. The model of the transmitter, radio channel and receiver, including a simple timing and frequency synchronization and equalization is designed and simulated in the Matlab environment. There is a designed communication system implemented into USRP development board in the Simulink environment. The development board could not work simultaneously as a transmitter and as a receiver. Function of the transmitter was verified by measuring on spectrum analyzer. Testing OFDM signal using the arbitrary waveform generator CompuGen 4302 was generated for the verification of the function of the receiver. Testing signal was received and demodulated on the development board which works as a receiver.

Softwarově definovaný transceiver pro radioamatérský provoz / Software defined transceiver for radio amateur use

Paus, Anton

January 2012

This project deals with possibilities of using the software defined radio conception for radio amateur use in a short wave band and its subsequent implementation into properly designed hardware. The aim of this work is to design a transceiver that would be capable of working in AM, FM, SSB, and CW modes. Within a theoretical part of the project the architectures of software defined radios and their components are discussed. This part was focused mainly on analog parts of the chain, such as amplifiers, filters and converters. Signal processing algorithms for both receiver and transmitter working in desired modes are studied subsequently and their computer models are built. Designed algorithms are implemented into FPGA structure (Virtex -5).