Presentation is loading. Please wait.

Presentation is loading. Please wait.

BUZZ: Testing Context-Dependent Policies in Stateful Networks Seyed K. Fayaz, Tianlong Yu, Yoshiaki Tobioka, Sagar Chaki, Vyas Sekar.

Published byJames Leonard Modified over 8 years ago

Similar presentations

Presentation on theme: "BUZZ: Testing Context-Dependent Policies in Stateful Networks Seyed K. Fayaz, Tianlong Yu, Yoshiaki Tobioka, Sagar Chaki, Vyas Sekar."— Presentation transcript:

1 BUZZ: Testing Context-Dependent Policies in Stateful Networks Seyed K. Fayaz, Tianlong Yu, Yoshiaki Tobioka, Sagar Chaki, Vyas Sekar

2 Overview of checking network policies Does the network do what I want it to do? Network operator 2 Policies What I want the network to do Reality What the network does ??? network A B

3 R1R1 R2R2 R3R3 R4R4 A B Existing work on checking network policies 3 Static verification – HSA, NSDI’12 – Veriflow, NSDI’13 – NOD, NSDI’15 – Batfish, NSDI’15 reachability policies A can talk to B Active testing – Ping, Traceroute – ATPG, CoNext’12 – Pingmesh, SIGCOMM’15 Network operator stateless network

4 R1R1 R2R2 R3R3 R4R4 Light IPS Heavy IPS A B Real networks are about more than reachability context-dependent policies Network operator 4 stateful network A  B traffic Block Allow suspicious benign Heavy IPS bad signature found otherwise Light IPS # bad conn. >= 10 state context Light IPS suspicious How can we check context-dependent policies in stateful networks? Reachability policies  Context-dependent policies Stateless networks  Stateful networks Scalability: How to explore the state space? Expressiveness: How to capture stateful behaviors? Challenges:

5 Our solution: BUZZ Operator stateful data plane FW Proxy IPS Pass Fail 5 BUZZ is an active testing framework to check context-dependent policies in stateful data planes BUZZ test traffic context-dependent policies

6 Outline Motivation and challenges Design of BUZZ Implementation and evaluation 6

7 Data plane model Operator stateful data plane FW Proxy IPS Test traffic generation Pass Fail 7 context-dependent policies Challenge 1: Expressive models? Challenge 2: Scalable state space exploration test traffic Challenge 1: Expressive data plane model

8 2.How to model a network function (e.g., an IPS)? 8 Challenge 1: Expressive data plane model ? ? 1.How to model the traffic unit? ? NF 1 NF 2 NF 4 NF 3

9 9 Our idea: BDU as model of traffic unit Light IPS suspicious? or benign? Located packet (e.g., Pyretic, HSA) struct locPkt { IPHder ipHdr; NetworkPort port; }; Context-carrying located packet struct CntxlocPkt { IPHder ipHdr; NetworkPort port; Context context; }; struct BDU{ IPHeader ipHdr; NetworkPort port; Context context; … HTTPHdr httpHdr … }; BUZZ Data Unit (BDU) Expressive Scalable Expressive Scalable ✗ ✔ ✔ ✔ ✗ … IP packets … BDU

10 10 Our idea: NF as an ensemble of FSMs Light IPS NF model expressiveness NF model scalability Transfer function (e.g., Pyretic, HSA) Yes No Yes state? middlebox code large codebase (e.g., 300K LoC) bugs? A monolithic FSM count host1, count host2,… count host1 ++, count host2,… host 1 makes a conn. attempt … Ensemble of FSMs count host1 count host1 ++ count host2 count host2 ++ … Insight 1: Decoupling independent connections Insight 2: Decoupling independent tasks host 1 host 2 ✔ ✔ T(.) located packet located packet

11 Putting it together: Composing NF models 11 Individual NF models Data plane model

12 Data plane model Operator stateful data plane FW Proxy IPS Test traffic generation Pass Fail 12 context-dependent policies Challenge 1: Expressive models? Challenge 2: Scalable state space exploration test traffic Challenge 2: Scalable test traffic generation

13 Challenge 2: Exploring data plane state space 13 Conceptual view of test traffic generation: How to reach a colored state through a sequence of traffic units? Challenge of scalability wrt traffic space and state space – Strawman 1: All possible sequences of traffic units – Strawman 2: Generate random traffic units (e.g., fuzzing) – Strawman 3: Naïve use of exploration tools (e.g., model checking) Light IPS host 1 host 2 suspicious?

14 Our idea: Test traffic generation using optimized symbolic execution Optimized symbolic execution: – Minimize the number of symbolic BDUs – Scoping values of symbolic BDUs 14 Our high-level approach: Symbolic execution Light IPS host 1 host 2 suspicious?

15 Outline Motivation and challenges Design of BUZZ Implementation and evaluation 15

16 Implementation 16 https://github.com/network-policy-tester/buzz Policy parser Network operator Data plane model instantiation (C) BDU-level test traffic generation (KLEE+optimizations) Translation into test scripts (custom library + code) Library of NF models (C) Test resolution (custom code) monitoring logs (tcpdump) intended policies stateful data plane under test FW Proxy IPS Pass Fail

17 Evaluation: Effectiveness of BUZZ Found new bugs in recent SDN-based systems – Violations due to reactive control in Kinetic – Incorrect state migration in OpenNF – Faulty policy composition in PGA – Incorrect traffic tagging in FlowTags … Found known violations – Broken link – Incorrect NAT configuration – SDN controller bug … 17

18 Evaluation: Scalability of BUZZ 18 Test generation takes < 2min for a network with 600 switches and 60 middleboxes

19 Existing work has fundamental limitations in checking context-dependent policies in stateful data planes Challenges: Expressive-yet-scalable model of stateful data planes Scalable state space exploration Our solution is BUZZ: BUZZ Data Unit (BDU) as traffic unit model Ensemble of FSMs as a network function (NF) model Scalable exploration via domain-specific optimizations BUZZ can help find bugs and is scalable 19 Conclusions

Download ppt "BUZZ: Testing Context-Dependent Policies in Stateful Networks Seyed K. Fayaz, Tianlong Yu, Yoshiaki Tobioka, Sagar Chaki, Vyas Sekar."

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Data-Plane Accountability with In-Band Path Diagnosis Murtaza Motiwala, Nick Feamster Georgia Tech Andy Bavier Princeton University.

Data-Plane Accountability with In-Band Path Diagnosis Murtaza Motiwala, Nick Feamster Georgia Tech Andy Bavier Princeton University.
Seyed K. Fayazbakhsh Vyas Sekar Minlan Yu Jeff Mogul

Seyed K. Fayazbakhsh Vyas Sekar Minlan Yu Jeff Mogul
Verifiable Network Function Outsourcing Seyed K. FayazbakhshMichael K. ReiterVyas Sekar 1.

Verifiable Network Function Outsourcing Seyed K. FayazbakhshMichael K. ReiterVyas Sekar 1.
Compiling Path Queries in Software-Defined Networks Srinivas Narayana Jennifer Rexford and David Walker Princeton University.

Compiling Path Queries in Software-Defined Networks Srinivas Narayana Jennifer Rexford and David Walker Princeton University.
Network Performance Measurement

Network Performance Measurement
Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi, Cheng-Chun Tu, Luis Chiang Vyas Sekar Rui Miao Minlan Yu.

Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi, Cheng-Chun Tu, Luis Chiang Vyas Sekar Rui Miao Minlan Yu.
Toward Practical Integration of SDN and Middleboxes

Toward Practical Integration of SDN and Middleboxes
SIMPLE-fying Middlebox Policy Enforcement Using SDN

SIMPLE-fying Middlebox Policy Enforcement Using SDN
SDN Applications Jennifer Rexford Princeton University.

SDN Applications Jennifer Rexford Princeton University.
Programmable Measurement Architecture for Data Centers Minlan Yu University of Southern California 1.

Programmable Measurement Architecture for Data Centers Minlan Yu University of Southern California 1.
Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S.

Slick: A control plane for middleboxes Bilal Anwer, Theophilus Benson, Dave Levin, Nick Feamster, Jennifer Rexford Supported by DARPA through the U.S.
Toward Practical Convergence of Middleboxes and Software-Defined Networking Vyas Sekar Joint work with: Seyed Kaveh Fayazbakhsh, Zafar Qazi, Luis Chiang,

Toward Practical Convergence of Middleboxes and Software-Defined Networking Vyas Sekar Joint work with: Seyed Kaveh Fayazbakhsh, Zafar Qazi, Luis Chiang,
Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi Cheng-Chun Tu Luis Chiang Vyas Sekar Rui Miao Minlan Yu.

Practical and Incremental Convergence between SDN and Middleboxes 1 Zafar Qazi Cheng-Chun Tu Luis Chiang Vyas Sekar Rui Miao Minlan Yu.
Header Space Analysis: Static Checking For Networks Peyman Kazemian, Nick McKeown (Stanford University) and George Varghese (UCSD and Yahoo Labs). Presented.

Header Space Analysis: Static Checking For Networks Peyman Kazemian, Nick McKeown (Stanford University) and George Varghese (UCSD and Yahoo Labs). Presented.
VeriCon: Towards Verifying Controller Programs in SDNs (PLDI 2014) Thomas Ball, Nikolaj Bjorner, Aaron Gember, Shachar Itzhaky, Aleksandr Karbyshev, Mooly.

VeriCon: Towards Verifying Controller Programs in SDNs (PLDI 2014) Thomas Ball, Nikolaj Bjorner, Aaron Gember, Shachar Itzhaky, Aleksandr Karbyshev, Mooly.
Measurement in Networks & SDN Applications. Interesting Questions Who is sending a lot to a subnet? – Heavy Hitters Is someone doing a port Scan? Is someone.

Measurement in Networks & SDN Applications. Interesting Questions Who is sending a lot to a subnet? – Heavy Hitters Is someone doing a port Scan? Is someone.
® Context Aware Firewall Policies Ravi Sahita Priya Rajagopal, Pankaj Parmar Intel Corp. June 8 th 2004 IEEE Policy (Security)

® Context Aware Firewall Policies Ravi Sahita Priya Rajagopal, Pankaj Parmar Intel Corp. June 8 th 2004 IEEE Policy (Security)
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Troubleshooting SDNs Peyman Kazemian. Why SDN Troubleshooting SDN decouples software (control plane) from hardware (data plane). Opens doors for innovation.

Troubleshooting SDNs Peyman Kazemian. Why SDN Troubleshooting SDN decouples software (control plane) from hardware (data plane). Opens doors for innovation.

Similar presentations

Ads by Google