Verifying Isolation Properties in the Presence of Middleboxes

Great progress has been made recently in verifying the correctness of router forwarding tables [17, 19, 20, 26]. However, these approaches do not work for networks containing middleboxes such as caches and firewalls whose forwarding behavior depends on previously observed traffic. We explore how to verify isolation properties in networks that include such “dynamic datapath” elements using model checking. Our work leverages recent advances in SMT solvers, and the main challenge lies in scaling the approach to handle large and complicated networks. While the straightforward application of model checking to this problem can only handle very small networks (if at all), our approach can verify simple realistic invariants on networks containing 30,000 middleboxes in a few minutes.

[1]  David Walker,et al.  Languages for software-defined networks , 2013, IEEE Communications Magazine.

[2]  Nick Feamster,et al.  Practical verification techniques for wide-area routing , 2004, Comput. Commun. Rev..

[3]  Martín Casado,et al.  Network Virtualization in Multi-tenant Datacenters , 2014, NSDI.

[4]  Brighten Godfrey,et al.  VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[5]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[6]  Paul Hudak,et al.  Maple: simplifying SDN programming using algorithmic policies , 2013, SIGCOMM.

[7]  Navendu Jain,et al.  Demystifying the dark side of the middle: a field study of middlebox failures in datacenters , 2013, Internet Measurement Conference.

[8]  Nick Feamster,et al.  Detecting BGP configuration faults with static analysis , 2005 .

[9]  Konstantin Korovin Non-cyclic Sorts for First-Order Satisfiability , 2013, FroCos.

[10]  Marco Canini,et al.  A SOFT way for openflow switch interoperability testing , 2012, CoNEXT '12.

[11]  Marco Canini,et al.  A NICE Way to Test OpenFlow Applications , 2012, NSDI.

[12]  Katerina J. Argyraki,et al.  Software dataplane verification , 2014, NSDI.

[13]  Ruzica Piskac,et al.  Deciding Effectively Propositional Logic Using DPLL and Substitution Sets , 2010, Journal of Automated Reasoning.

[14]  Azer Bestavros,et al.  A Verification Platform for SDN-Enabled Applications , 2014, 2014 IEEE International Conference on Cloud Engineering.

[15]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[16]  Sharad Malik,et al.  Abstractions for model checking SDN controllers , 2013, 2013 Formal Methods in Computer-Aided Design.

[17]  Michael Schapira,et al.  VeriCon: towards verifying controller programs in software-defined networks , 2014, PLDI.

[18]  David Walker,et al.  Incremental consistent updates , 2013, HotSDN '13.

[19]  Brighten Godfrey,et al.  Debugging the data plane with anteater , 2011, SIGCOMM.

[20]  Vyas Sekar,et al.  Making middleboxes someone else's problem: network processing as a cloud service , 2012, SIGCOMM '12.

[21]  Gabi Nakibly,et al.  Finding Security Vulnerabilities in a Network Protocol Using Parameterized Systems , 2013, CAV.

[22]  George Varghese,et al.  Real Time Network Policy Checking Using Header Space Analysis , 2013, NSDI.

[23]  Stephan Merz,et al.  Model Checking , 2000 .

[24]  Laurent Vanbever,et al.  HotSwap: correct and efficient controller upgrades for software-defined networks , 2013, HotSDN '13.

[25]  George Varghese,et al.  Header Space Analysis: Static Checking for Networks , 2012, NSDI.

[26]  Paul Ammann,et al.  Using model checking to analyze network vulnerabilities , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[27]  Neil Immerman,et al.  Modular reasoning about heap paths via effectively propositional formulas , 2014, POPL.

[28]  Arjun Guha,et al.  Machine-verified network controllers , 2013, PLDI.

[29]  Vyas Sekar,et al.  BUZZ: Testing Context-Dependent Policies in Stateful Data Planes (CMU-CyLab-14-013) , 2014 .

[30]  Somesh Jha,et al.  Using state space exploration and a natural deduction style message derivation engine to verify security protocols , 1998, PROCOMET.

[31]  Kathi Fisler,et al.  A balance of power: expressive, analyzable controller programming , 2013, HotSDN '13.

[32]  Koushik Sen,et al.  CUTE and jCUTE: Concolic Unit Testing and Explicit Path Model-Checking Tools , 2006, CAV.

[33]  Nate Foster,et al.  NetKAT: semantic foundations for networks , 2014, POPL.

[34]  Junda Liu,et al.  Libra: Divide and Conquer to Verify Forwarding Tables in Huge Networks , 2014, NSDI.