Configuration Detection and Verification in Computer Networks Yuko Murayama Thesis submitted for the degree of PhD Department of Computer Science University College London Gower Street, London WC1E 6BT ProQuest Number: 10609799 All rights reserved INFORMATION TO ALL USERS The quality of this reproduction is dependent upon the quality of the copy submitted. In the unlikely event that the author did not send a com plete manuscript and there are missing pages, these will be noted. Also, if material had to be removed, a note will indicate the deletion. uest ProQuest 10609799 Published by ProQuest LLC(2017). Copyright of the Dissertation is held by the Author. All rights reserved. This work is protected against unauthorized copying under Title 17, United States C ode Microform Edition © ProQuest LLC. ProQuest LLC. 789 East Eisenhower Parkway P.O. Box 1346 Ann Arbor, Ml 48106- 1346 Abstract This thesis identifies a problem which we have termed Configuration Detection , and proposes a solution to it. The problem is: how can one learn what objects exist and where those objects are in a given environ­ ment? We consider the problem in a computer network environment, which is a collection of various hosts and routers connected together in a management domain. As internetworking has become popular in both wide area and local area networks, the growth in the number of network objects has been substantial and dynamic. In such an environment, the maintenance of knowledge of the current configuration of the network has become a practical problem. We identify that the real problems in configuration detection are inconsis­ tency and invalidity. Inconsistency arises because a host can be attached to the network without registration; invalidity is caused by there being no verification of the address announced by a host. These shortcomings could lead to network-level threats such as unauthorised tampering with routing and control, unauthorised use of resources, unauthorised traffic generation, and unauthorised disclosure of information. We suggest the use of a procedure for the authorisation of network addresses to solve the network level threats. We analyse the flow of an address and suggest where and how authorisation over the network takes place. The flow is verified by using the formal analysis methods suggested recently by Burrows, Abadi, and Needham. Finally the applicability of the model to other types of information than network addresses is examined. Acknowledgements This thesis would not have been possible without the support from my supervisor, Peter T. Kirstein. I would like to thank Cathy Wittbrodt and Peter Williams for their criticism and encourage­ ment. I am grateful to Graham Knight, Robert Cole, Zonghou Ma, George Pavlou, James Malcolm, Jon Crowcroft, Ian Wakeman, Denis Timm, Raphael Carbonell, Nigel Chapman, Mike Roe, Steve Kille, Paul Barker, and S0ren-Aksel S0rensen all at UCL. Russel Winder, as postgraduate adviser, provided me with the T^X system for writing this thesis, and encouraged me constantly to write up. The people outside the College gave me a lot of help as well. I thank Craig Partridge, Mike Burrows, and Radia Perlman. Peter Hendrickson helped me in getting a copy of David Moon’s Chaosnet report. I am grateful to many people on the tcp-ip list, whose discussions were the source of my research development. I also thank my friends in the department for their support; those include Gordon Joly, John Andrews, Irshad Buchh, and Ping Hu. Ping Hu explained to me the birth registration scheme in Wuhan, China, as he had done this for his son not long ago. My parents, Keisuke and Saeko Murayama, believed in my determination and gave me a tremendous amount of support — including the financial aid, which was essential for my study here. Thank you all. for the delightful days at u k . a c . u c l . cs Contents 1 Introduction ........................................................................................................... 15 1.1. Overview ....................................................................................................................... 15 1.2. Thesis Organisation ....................................................................................................... 18 2 Related Work ......................................................................................................... 20 2.1. Overview ....................................................................................................................... 20 2.2. Information Systems ..................................................................................................... 21 2.2.1. Overview ....................................................................................................... 21 2.2.2. The Domain Name System .......................................................................... 22 2.2.3. The Directory ................................................................................................ 24 2.3. Network Management Systems .................................................................................... 26 2.3.1. Overview ....................................................................................................... 26 2.3.2. The Automated Network Management System at B B N ............................. 27 2.3.3. IBM’s NetView.............................................................................................. 28 2.3.4. The systems at UCL-CS................................................................................ 29 2.3.4.1. Overview ..................................................................................... 29 2.3.4.2. The Catenet M onitor ................................................................... 30 2.3.4.3. The Status and Alarm System (SA S) ........................................ 30 2.3.4.4. The INCA network management system ................................... 31 2.4. Integrated security in information and management systems ..................................... 32 2.4.1. Overview ....................................................................................................... 32 2.4.2. The Athena Project environment at M IT ..................................................... 32 2.5. Conclusion ...................................................................................................................... 34 5 Murayama 3 Configuration Management in Computer Networks ................................. 37 3.1. Overview ...................................................................................................................... 37 3.2. Network objects ............................................................................................................ 38 3.3. Configuration changes ................................................................................................... 38 3.4. Configuration management operations ........................................................................ 39 3.4.1. Overview ....................................................................................................... 39 3.4.2. Local configuration change operations ......................................................... 40 3.4.3. Recognition of configuration changes .......................................................... 41 3.4.4. Changing other objects ................................................................................. 42 3.4.5. Information control ....................................................................................... 42 3.5. Configuration Management M odel ............................................................................... 43 3.5.1. Overview ...................................................................................................... 43 3.5.2. The participants ............................................................................................. 43 3.5.3. The facilities required for the local change operation ................................. 44 3.5.4. The facilities for the network-wide change operations ............................... 45 3.5.5. The operation and information flow ............................................................ 45 3.5.6. The information in the management system ............................................... 46 3.5.7. The information maintained by the operator ............................................... 47 3.5.8. The information in a managed object .......................................................... 47 3.5.9. The information in the information systems ............................................... 48 3.6. A design exercise of a Directory for the management information ........................... 49 3.6.1. Overview ....................................................................................................... 49 3.6.2. The structure of the Directory....................................................................... 50 3.6.3. Creation of a subtree of the Directory ........................................................ 51 3.6.4. Problems arisen from the design exercise ................................................... 52 3.7. Conclusion ..................................................................................................................... 53 4 Configuration Detection ...................................................................................... 54 4.1. Introduction ..................................................................................................................