Arts & Sciences Events
This calendar presented by
Arts & Sciences
[PAST EVENT] Colloquium on Monday, April 13 at 3:30PM, MS 020
April 13, 2015
3:30pm
TITLE: Efficient Network Connectivity Analysis
Speaker: David M. Nicol, Franklin W. Woeltege Professor of Electrical and Computer Engineering, University of Illinois at Urbana-Champaign
ABSTRACT: Complex computer networks are usually protected by multiple firewalls that limit access into and out of network zones. Firewall configuration is tedious and error-prone, and most systems allow unneeded and/or undesired access. Software tools that analyze firewall configurations and determine connectivity can help identify which flows are permitted through the system, and whether any of these flows violate desired access policy.
We have developed a such a tool, called NP-View. This talk describes a number of algorithmic problems and solutions we have developed in an effort to make connectivity analysis feasible on systems with many firewalls. These problems include:
-- means by which all flows that are permitted in a network can be discovered efficiently
-- means by which only flows that pass through selected VPN tunnels, devices, access control lists, or individual rules in access control lists can be discovered efficiently
-- means by which firewalls from different vendors, with different behaviors can be integrated in a single analysis
BIOGRAPHY: David M. Nicol is the Franklin W. Woeltge Professor of Electrical and Computer Engineering at the University of Illinois at Urbana-Champaign, as well as the Director of UIUC's Information Trust Institute. Previously, he was Professor of Computer Science at Dartmouth College, where he helped establish and lead the Institute for Security Technology Studies, first as Associate Director of Research, and then as Acting Director. He is widely known for his research contributions in modeling and simulation methodologies for discrete systems, and in rigorous methods for studying the security of large complex systems. Currently his research focuses on means of providing cyber-security to industrial control systems such as the electric power grid. He was elected Fellow of the IEEE, and also Fellow of the ACM for his research contributions, and is the inaugural recipient of ACM SIGSIM's Distinguished Contributions Award.
He began his academic career at the College of William & Mary, where he was Assistant, and then Associate Professor of Computer Science. Prior to joining William & Mary he held the position of Staff Scientist at the Institute for Computer Applications in Science and Engineering, at NASA Langley Research Center. He holds the M.S. and Ph.D. degrees in Computer Science from the University of Virginia, and a B.A. in Mathematics from Carleton College.
Speaker: David M. Nicol, Franklin W. Woeltege Professor of Electrical and Computer Engineering, University of Illinois at Urbana-Champaign
ABSTRACT: Complex computer networks are usually protected by multiple firewalls that limit access into and out of network zones. Firewall configuration is tedious and error-prone, and most systems allow unneeded and/or undesired access. Software tools that analyze firewall configurations and determine connectivity can help identify which flows are permitted through the system, and whether any of these flows violate desired access policy.
We have developed a such a tool, called NP-View. This talk describes a number of algorithmic problems and solutions we have developed in an effort to make connectivity analysis feasible on systems with many firewalls. These problems include:
-- means by which all flows that are permitted in a network can be discovered efficiently
-- means by which only flows that pass through selected VPN tunnels, devices, access control lists, or individual rules in access control lists can be discovered efficiently
-- means by which firewalls from different vendors, with different behaviors can be integrated in a single analysis
BIOGRAPHY: David M. Nicol is the Franklin W. Woeltge Professor of Electrical and Computer Engineering at the University of Illinois at Urbana-Champaign, as well as the Director of UIUC's Information Trust Institute. Previously, he was Professor of Computer Science at Dartmouth College, where he helped establish and lead the Institute for Security Technology Studies, first as Associate Director of Research, and then as Acting Director. He is widely known for his research contributions in modeling and simulation methodologies for discrete systems, and in rigorous methods for studying the security of large complex systems. Currently his research focuses on means of providing cyber-security to industrial control systems such as the electric power grid. He was elected Fellow of the IEEE, and also Fellow of the ACM for his research contributions, and is the inaugural recipient of ACM SIGSIM's Distinguished Contributions Award.
He began his academic career at the College of William & Mary, where he was Assistant, and then Associate Professor of Computer Science. Prior to joining William & Mary he held the position of Staff Scientist at the Institute for Computer Applications in Science and Engineering, at NASA Langley Research Center. He holds the M.S. and Ph.D. degrees in Computer Science from the University of Virginia, and a B.A. in Mathematics from Carleton College.
Contact
[[cs|liqun, Qun Li]]