A Framework for User-Friendly Verification-Oriented VNF Modeling

Network Function Virtualization (NFV) architectures are emerging to increase networks flexibility. However, this renewed scenario poses new challenges, because virtualized networks, need to be carefully verified before being actually deployed in production environments in order to preserve network coherency (e.g., absence of forwarding loops, preservation of security on network traffic, etc.). Nowadays, model checking tools, SAT solvers, and Theorem Provers are available for formal verification of such properties in virtualized networks. Unfortunately, most of those verification tools accept input descriptions written in specification languages that are difficult to use for people not experienced in formal methods. Also, in order to enable the use of formal verification tools in real scenarios, vendors of Virtual Network Functions (VNFs) should provide abstract mathematical models of their functions, coded in the specific input languages of the verification tools. This process is error-prone, time-consuming, and often outside the VNF developers' expertise. This paper presents a framework that we designed for automatically extracting verification models starting from a Java based representation of a given VNF. It comprises a Java library of classes to define VNFs in a more developer-friendly way, and a tool to translate VNF definitions into formal verification models of different verification tools.

[1]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[2]  Klaus Havelund,et al.  Model checking JAVA programs using JAVA PathFinder , 2000, International Journal on Software Tools for Technology Transfer.

[3]  Antonio Manzalini,et al.  Formal Verification of Virtual Network Function Graphs in an SP-DevOps Context , 2015, ESOCC.

[4]  Matthew B. Dwyer,et al.  Bandera: extracting finite-state models from Java source code , 2000, Proceedings of the 2000 International Conference on Software Engineering. ICSE 2000 the New Millennium.

[5]  Natarajan Shankar,et al.  PVS: A Prototype Verification System , 1992, CADE.

[6]  Herbert B. Enderton,et al.  A mathematical introduction to logic , 1972 .

[7]  Tianlong Yu,et al.  BUZZ: Testing Context-Dependent Policies in Stateful Networks , 2016, NSDI.

[8]  Samuel T. King,et al.  Debugging the data plane with anteater , 2011, SIGCOMM 2011.

[9]  George Varghese,et al.  Checking Beliefs in Dynamic Networks , 2015, NSDI.

[10]  Costin Raiciu,et al.  SymNet: Scalable symbolic execution for modern networks , 2016, SIGCOMM.