Formal verification of standards for distance vector routing protocols

We show how to use an interactive theorem prover, HOL, together with a model checker, SPIN, to prove key properties of distance vector routing protocols. We do three case studies: correctness of the RIP standard, a sharp real-time bound on RIP stability, and preservation of loop-freedom in AODV, a distance vector protocol for wireless networks. We develop verification techniques suited to routing protocols generally. These case studies show significant benefits from automated support in reduced verification workload and assistance in finding new insights and gaps for standard specifications.

[1]  David H. Su,et al.  Formal Specification, Verification, and Automatic Test Generation of ATM Routing Protocol: PNNI | NIST , 1998 .

[2]  Charles E. Perkins,et al.  Ad-hoc on-demand distance vector routing , 1999, Proceedings WMCSA'99. Second IEEE Workshop on Mobile Computing Systems and Applications.

[3]  Richard G. Ogier,et al.  A reliable, efficient topology broadcast protocol for dynamic networks , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[4]  Constance L. Heitmeyer,et al.  Applying the SCR requirements method to a weapons control panel: an experience report , 1998, FMSP '98.

[5]  Insup Lee,et al.  Verisim: Formal analysis of network simulations , 2000, ISSTA '00.

[6]  Gary Scott Malkin,et al.  RIP Version 2 Carrying Additional Information , 1993, RFC.

[7]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[8]  Gordon T. Wilfong,et al.  An analysis of BGP convergence properties , 1999, SIGCOMM '99.

[9]  Daniel Jackson,et al.  A Nitpick Analysis of Mobile IPv6 , 1999, Formal Aspects of Computing.

[10]  M. Gordon,et al.  Introduction to HOL: a theorem proving environment for higher order logic , 1993 .

[11]  Davor Obradovic,et al.  Real-time model and convergence time of BGP , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[12]  Radia J. Perlman,et al.  An algorithm for distributed computation of a spanningtree in an extended LAN , 1985, SIGCOMM '85.

[13]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[14]  Martin Peschke,et al.  Design and Validation of Computer Protocols , 2003 .

[15]  Lixin Gao,et al.  Stable Internet routing without global coordination , 2000, SIGMETRICS '00.

[16]  Gordon T. Wilfong,et al.  A safe path vector protocol , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[17]  Charles L. Hedrick,et al.  Routing Information Protocol , 1988, RFC.

[18]  Christian Huitema,et al.  Routing in the Internet , 1995 .

[19]  C C. Chiang,et al.  Routing in Clustered Multihop, Mobile Wireless Networks With Fading Channel , 1997 .

[20]  Elizabeth M. Belding-Royer,et al.  A review of current routing protocols for ad hoc mobile wireless networks , 1999, IEEE Wirel. Commun..

[21]  Vitaly Shmatikov,et al.  Finite-State Analysis of SSL 3.0 , 1998, USENIX Security Symposium.

[22]  Radia Perlman Interconnections: Bridges and Routers , 1992 .

[23]  Deborah Estrin,et al.  Persistent route oscillations in inter-domain routing , 2000, Comput. Networks.

[24]  Mittal S. Bhiogade Secure Socket Layer , 2001 .

[25]  Dimitri P. Bertsekas,et al.  Data Networks , 1986 .

[26]  Edmund M. Clarke,et al.  Model checking and abstraction , 1994, TOPL.

[27]  John Moy,et al.  OSPF Version 2 , 1998, RFC.

[28]  Gerard J. Holzmann,et al.  The SPIN Model Checker , 2003 .

[29]  J. J. Garcia-Luna-Aceves,et al.  An efficient routing protocol for wireless networks , 1996, Mob. Networks Appl..

[30]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[31]  Charles E. Perkins,et al.  Highly dynamic Destination-Sequenced Distance-Vector routing (DSDV) for mobile computers , 1994, SIGCOMM.

[32]  Carl A. Gunter,et al.  Fault origin adjudication , 2000, FMSP '00.

[33]  Mahesh Viswanathan,et al.  Verisim: Formal analysis of network simulations , 2000, ISSTA '00.

[34]  Radia Perlman,et al.  An algorithm for distributed computation of a spanningtree in an extended LAN , 1985, SIGCOMM '85.

[35]  Charles E. Perkins,et al.  Ad hoc On-Demand Distance Vector (AODV) Routing , 2001, RFC.