Download presentation
Presentation is loading. Please wait.
Published bySuzan Carson Modified over 3 years ago
1
VeriCon: Towards Verifying Controller Programs in SDNs (PLDI 2014) Thomas Ball, Nikolaj Bjorner, Aaron Gember, Shachar Itzhaky, Aleksandr Karbyshev, Mooly Sagiv, Michael Schapira, Asaf Valadarsky
2
Traditional Computer Networks Data plane: packet streaming Control plane: distributed algorithms 2
3
New Paradigm: Software Defined Networking (SDN) API to the data plane (e.g., OpenFlow) logically-centralized control in software switches smart but slow software dumb but fast hardware 3
4
Controller: Programmability Controller events from switches topology changes, traffic statistics, arriving packets commands to switches (un)install rules, query statistics APP 4
5
Desired Network Properties Routing – No forwarding loops, no black holes, … Security – ACL, firewall, middleboxes, … Traffic Engineering – Load balancing, VM migration, … … 5
6
How can we guarantee such properties? 6
7
Traditional Networks vs. SDN Guaranteeing these properties in a traditional network is nearly impossible – Switch / Router code is a “black box” – Protocols are distributed across devices. SDN opens up the possibility of applying formal software verification to networks! – Accessible code – Centralized control 7
8
Existing Approaches Finite-state model checking – E.g., NICE & Verificare Analyzing network snapshots – E.g., HSA Run-time checks – E.g., VeriFlow & NetPlumber 8 Might miss bugs! Discover bugs too late & run-time overhead
9
Dream Scenario Verify network-wide properties in compile time – Find violations before they occur! Provable verification – Prove correctness for correct programs – Find a counterexample for incorrect programs (useful for debugging) 9
10
The VeriCon Tool Controller Code (P) Desired Properties Verification Conditions Generator T P “ ” SAT Solver Counterexample Proof Restrictions on Topology (T) 10
11
Running Times – Correct Programs ProgramDescriptionTime to prove (seconds) FirewallA basic firewall abstraction.0.11 MigFirewallFirewall supporting migration of “safe” hosts.0.12 LearningA simple learning switch.0.14 ResonanceAccess control for host authentication in enterprises.0.18 StratosForwarding traffic through a sequence of middleboxes.0.09 11
12
Running Times – Incorrect Programs ProgramDescriptionTime to disprove (seconds) Firewall-Bug 1Forgot to check if packets in port 2 are from a trusted location. 0.13 Firewall-Bug 2Forgot to add the definition for a “trusted host”. 0.09 Learning-Bug 3Forgot to forward the packets.0.15 Resonance-Bug 1Forgot to define that the states a host could be at are mutually exclusive. 0.07 12
13
VeriCon: Challenges and Solutions Programmer must specify properties in 1 st -order logic – We build a tool that infers formulas for SDN programs – Future research: static analysis SDN programs must be coded in a specific language (CSDN) – VeriCon can be extended to support Java, Python, etc. SAT solver might not terminate! – SDN programs considered are in a sub-family of FOL – … solver termination guaranteed! VeriCon assumes atomicity of events – “Existing” solutions – Future research: verify stronger properties 13
14
Summary SDN opens up the possibility for applying formal verification to networks VeriCon is the first system to provably verify SDN programs at compile time – for unbounded topology, #packets, etc. 14
15
Thank You 15
Similar presentations
© 2018 SlidePlayer.com Inc.
All rights reserved.
Ppt on tsunami the killer sea waves Download ppt on electricity Ppt on political parties and electoral process in the united Seminar ppt on 5g technology Ppt on computer software and hardware Ppt on covalent and ionic bonds Ppt on power diodes Ppt on how to improve your communication skills Ppt on l&t finance jobs Ppt on classification of resources and conservation