论文信息 - Model Checking Programmable Router Configurations with Spin

Model Checking Programmable Router Configurations with Spin

In this paper we describe the use of model checking techniques in the application area of programmable networks. Programmable networks offer the ability to customize router behaviour at run time, thus increasing flexibility of network administration. Programmable network routers are configured using domain-specific languages. The ability to evolve router programs dynamically creates potential for misconfigurations. By exploiting domain-specific abstractions, we are able to translate router configurations into Promela and validate them using the Spin model checker, thus providing reasoning support for our domain-specific language. To evaluate our approach we use our configuration language to express the IETF’s Differentiated Services specification and show that industrial-sized DiffServ router configurations can be validated using Spin on a standard PC.

[1] Jean-Yves Le Boudec,et al. SMART: A Many-to-Many Multicast Protocol for ATM , 1997, IEEE J. Sel. Areas Commun..

[2] Bernhard Plattner,et al. Router plugins: a software architecture for next-generation routers , 2000, TNET.

[3] Gerard J. Holzmann,et al. The SPIN Model Checker , 2003 .

[4] Edmund M. Clarke,et al. Model checking and abstraction , 1994, TOPL.

[5] H de Meer. Middleware and Management Support for Programmable QoS-Network Architectures , 2001 .

[6] Eddie Kohler,et al. The Click modular router , 1999, SOSP.

[7] Hermann de Meer,et al. A survey of programmable networks , 1999, CCRV.

[8] Bernhard Plattner,et al. Router plugins: a software architecture for next generation routers , 1998, SIGCOMM '98.

[9] David L. Black,et al. An Architecture for Differentiated Service , 1998 .

[10] Fred Kröger,et al. Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[11] James C. Corbett,et al. Bandera: extracting finite-state models from Java source code , 2000, ICSE.