论文信息 - Design and Verification of Software Middleboxes using Gravel

Design and Verification of Software Middleboxes using Gravel

Middleboxes play a critical role in modern networks, yet providing bug-free middleboxes implementations remains challenging. This paper presents Gravel, a framework for building formally verified middleboxes. Gravel allows developers to specify high-level middlebox-specific properties, as opposed to generic robustness and liveness conditions, and checks correctness in low-level implementations without manual proofs. Further, Gravel reduces the proof burden by breaking down middlebox functionalities into smaller packet processing elements that can be independently verified. We build a NAT, a load balancer, and a firewall with Gravel and then verify their correctness. Our evaluation shows that middleboxes built with Gravel avoid bugs similar to those found in today’s middleboxes and achieve similar performance to their unverified counterparts.

Aditya Akella | A. Krishnamurthy | Danyang Zhuo | Kaiyuan Zhang | Xi Wang

[1] Costin Raiciu,et al. Debugging P4 programs with vera , 2018, SIGCOMM.

[2] Nick McKeown,et al. p4v: practical verification for programmable data planes , 2018, SIGCOMM.

[3] Xi Wang,et al. Hyperkernel: Push-Button Verification of an OS Kernel , 2017, SOSP.

[4] Minlan Yu,et al. SilkRoad: Making Stateful Layer-4 Load Balancing Fast and Cheap Using Switching ASICs , 2017, SIGCOMM.

[5] Ratul Mahajan,et al. A General Approach to Network Configuration Verification , 2017, SIGCOMM.

[6] Katerina J. Argyraki,et al. Verifying Reachability in Networks with Mutable Datapaths , 2016, NSDI.

[7] Nicolas Christin,et al. Push-Button Verification of File Systems via Crash Refinement , 2016, USENIX Annual Technical Conference.

[8] Carlo Contavalli,et al. Maglev: A Fast and Reliable Software Network Load Balancer , 2016, NSDI.

[9] David Walker,et al. SNAP: Stateful Network-Wide Abstractions for Packet Processing , 2015, SIGCOMM.

[10] Ming Zhang,et al. Duet: cloud scale load balancing with hardware and software , 2015, SIGCOMM.

[11] R. Govindan,et al. Flow-level state transition as a new switch primitive for SDN , 2014, SIGCOMM.

[12] Katerina J. Argyraki,et al. Software dataplane verification , 2014, NSDI.

[13] Brighten Godfrey,et al. VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[14] George Varghese,et al. Header Space Analysis: Static Checking for Networks , 2012, NSDI.