Runtime Verification for Programmable Switches

We introduce a runtime verification framework for programmable switches that complements static analysis. To evaluate our approach, we design and develop <monospace>P6</monospace>, a runtime verification system that automatically detects, localizes, and patches software bugs in P4 programs. Bugs are reported via a violation of pre-specified expected behavior that is captured by <monospace>P6</monospace>. <monospace>P6</monospace> is based on machine learning-guided fuzzing that tests P4 switch non-intrusively, i.e., without modifying the P4 program for detecting runtime bugs. This enables an automated and real-time localization and patching of bugs. We used a <monospace>P6</monospace> prototype to detect and patch existing bugs in various publicly available P4 application programs deployed on two different switch platforms, namely, behavioral model (bmv2) and Tofino. Our evaluation shows that <monospace>P6</monospace> significantly outperforms bug detection baselines while generating fewer packets and patches bugs in large P4 programs, e.g., <monospace>switch.p4</monospace> without triggering any regressions.

[1]  Justine Sherry,et al.  SurgeProtector: mitigating temporal algorithmic complexity attacks using adversarial scheduling , 2022, SIGCOMM.

[2]  Mina Tahmasbi Arashloo,et al.  DBVal: Validating P4 Data Plane Runtime Behavior , 2021, SOSR.

[3]  Hongqiang Harry Liu,et al.  Aquila: a practically usable verification system for production-scale programmable data planes , 2021, SIGCOMM.

[4]  Anja Feldmann,et al.  Fix with P6: Verifying Programmable Switches at Runtime , 2021, IEEE INFOCOM 2021 - IEEE Conference on Computer Communications.

[5]  Jiarong Xing,et al.  Probabilistic profiling of stateful data planes for adversarial testing , 2021, ASPLOS.

[6]  Costin Raiciu,et al.  bf4: towards bug-free P4 programs , 2020, SIGCOMM.

[7]  Stefan Schmid,et al.  P4Consist: Toward Consistent P4 SDNs , 2020, IEEE Journal on Selected Areas in Communications.

[8]  Anja Feldmann,et al.  Toward Consistent SDNs: A Case for Network State Fuzzing , 2020, IEEE Transactions on Network and Service Management.

[9]  Jennifer Rexford,et al.  Tracking P4 Program Execution in the Data Plane , 2020, SOSR.

[10]  Claire Le Goues,et al.  Automated program repair , 2019, Commun. ACM.

[11]  G. Rubenfeld Fault. , 2019, Annals of internal medicine.

[12]  Mario Baldi,et al.  daPIPE a Data Plane Incremental Programming Environment , 2019, 2019 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS).

[13]  Stefan Schmid,et al.  Runtime Verification of P4 Switches with Reinforcement Learning , 2019, NetAI@SIGCOMM.

[14]  Miguel C. Neves,et al.  Verification of P4 programs in feasible time using assertions , 2018, CoNEXT.

[15]  Nick McKeown,et al.  p4v: practical verification for programmable data planes , 2018, SIGCOMM.

[16]  Costin Raiciu,et al.  Debugging P4 programs with vera , 2018, SIGCOMM.

[17]  Marcel Böhme,et al.  Assurances in Software Testing: A Roadmap , 2018, 2019 IEEE/ACM 41st International Conference on Software Engineering: New Ideas and Emerging Results (ICSE-NIER).

[18]  Chris Cummins,et al.  Compiler fuzzing through deep learning , 2018, ISSTA.

[19]  François Chollet,et al.  Keras: The Python Deep Learning library , 2018 .

[20]  Mathias Payer,et al.  T-Fuzz: Fuzzing by Program Transformation , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[21]  Kirill Levchenko,et al.  Uncovering Bugs in P4 Programs with Assertion-based Verification , 2018, SOSR.

[22]  Peter M. Athanas,et al.  p4pktgen: Automated Test Case Generation for P4 Programs , 2018, SOSR.

[23]  Rishabh Singh,et al.  Not all bytes are equal: Neural byte sieve for fuzzing , 2017, ArXiv.

[24]  Nick Feamster,et al.  Why (and How) Networks Should Run Themselves , 2017, ANRW.

[25]  Rishabh Singh,et al.  Learn&Fuzz: Machine learning for input fuzzing , 2017, 2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[26]  George Varghese,et al.  Automatically verifying reachability and well-formedness in P4 Networks , 2016 .

[27]  Tom Schaul,et al.  Prioritized Experience Replay , 2015, ICLR.

[28]  David Silver,et al.  Deep Reinforcement Learning with Double Q-Learning , 2015, AAAI.

[29]  Alex Graves,et al.  Playing Atari with Deep Reinforcement Learning , 2013, ArXiv.

[30]  George Varghese,et al.  P4: programming protocol-independent packet processors , 2013, CCRV.

[31]  George Varghese,et al.  Forwarding metamorphosis: fast programmable match-action processing in hardware for SDN , 2013, SIGCOMM.

[32]  George Varghese,et al.  Automatic Test Packet Generation , 2012, IEEE/ACM Transactions on Networking.

[33]  Brighten Godfrey,et al.  VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[34]  George Varghese,et al.  Header Space Analysis: Static Checking for Networks , 2012, NSDI.

[35]  Patrice Godefroid,et al.  SAGE: Whitebox Fuzzing for Security Testing , 2012, ACM Queue.

[36]  David R. Anderson,et al.  AIC model selection and multimodel inference in behavioral ecology: some background, observations, and comparisons , 2011, Behavioral Ecology and Sociobiology.

[37]  Mary Jean Harrold,et al.  Empirical evaluation of the tarantula automatic fault-localization technique , 2005, ASE.

[38]  Philipp Slusallek,et al.  Introduction to real-time ray tracing , 2005, SIGGRAPH Courses.

[39]  Dan S. Wallach,et al.  Denial of Service via Algorithmic Complexity Attacks , 2003, USENIX Security Symposium.

[40]  James A. Jones,et al.  Visualization of test information to assist fault localization , 2002, Proceedings of the 24th International Conference on Software Engineering. ICSE 2002.

[41]  I. Good THE POPULATION FREQUENCIES OF SPECIES AND THE ESTIMATION OF POPULATION PARAMETERS , 1953 .

[42]  H. Rice Classes of recursively enumerable sets and their decision problems , 1953 .

[43]  Artificial Intelligence A Modern Approach 3rd Edition , 2021 .

[44]  Apoorv Shukla,et al.  Towards runtime verification of programmable networks , 2020 .

[45]  Jianping Wu,et al.  Poseidon: Mitigating Volumetric DDoS Attacks with Programmable Switches , 2020, NDSS.

[46]  Sujata Banerjee,et al.  Alembic: Automated Model Inference for Stateful Network Functions , 2019, NSDI.

[47]  O. Colhoun Switch , 2019, Springer Reference Medizin.

[48]  Jean-Baptiste Jeannin,et al.  Correct by Construction Networks Using Stepwise Refinement , 2017, NSDI.

[49]  Christopher Krügel,et al.  Driller: Augmenting Fuzzing Through Selective Symbolic Execution , 2016, NDSS.

[50]  Anirudh Sivaraman,et al.  In-band Network Telemetry via Programmable Dataplanes , 2015 .

[51]  N. McKeown,et al.  Real Time Network Policy Checking using Header Space Analysis , 2013 .

[52]  Richard S. Sutton,et al.  Reinforcement Learning: An Introduction , 1998, IEEE Trans. Neural Networks.

[53]  John Stasko,et al.  Visualization for Fault Localization , 2003 .

[54]  William A. Gale,et al.  Good-Turing Frequency Estimation Without Tears , 1995, J. Quant. Linguistics.

[55]  Long-Ji Lin,et al.  Reinforcement learning for robots using neural networks , 1992 .