论文信息 - FlowTable pipeline misconfigurations in Software Defined Networks

FlowTable pipeline misconfigurations in Software Defined Networks

Software Defined Networks (SDNs) are a promising network architecture for future computer networks because they enable more dynamic, fine-grained control over network traffic. OpenFlow is an open standard network protocol that provides specifications for managing network traffic. Permissible (and impermissible) network flows are defined by OpenFlow policies that are translated into network switch FlowTables. Like other network types, SDNs are susceptible to misconfiguration that can negatively affect SDN behavior by leading to the execution of unintended network flows. In this paper, we present a formal method-based framework to detect pipeline misconfigurations in network switch FlowTables. Our framework can be used to: (a) formally verify the consistency of different network switches and OpenFlow controllers across SDN infrastructures; (b) formally validate the correctness of the configuration synthesis; (c) debug reachability and security problems; and, (d) formally assess the consistency of SDN policies. Our framework can also be used as a foundational methodology to conduct “what-if” analysis to study the impact of the new SDN network configurations by simply changing the state in the FlowTables and then analyzing the effects.

William J. Tolone | Saeed Al-Haj | Saeed Al-Haj

[1] Gail-Joon Ahn,et al. FLOWGUARD: building robust firewalls for software-defined networks , 2014, HotSDN.

[2] Martín Casado,et al. NOX: towards an operating system for networks , 2008, CCRV.

[3] Ehab Al-Shaer,et al. FlowChecker: configuration analysis and verification of federated openflow infrastructures , 2010, SafeConfig '10.

[4] Ehab Al-Shaer,et al. Modeling and verification of IPSec and VPN security policies , 2005, 13TH IEEE International Conference on Network Protocols (ICNP'05).

[5] Brighten Godfrey,et al. VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[6] H. Andersen. An Introduction to Binary Decision Diagrams , 1997 .

[7] Nick McKeown,et al. OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[8] Marco Canini,et al. A NICE Way to Test OpenFlow Applications , 2012, NSDI.

[9] Vinod Yegneswaran,et al. Model checking invariant security properties in OpenFlow , 2013, 2013 IEEE International Conference on Communications (ICC).