network verification using atomic network verification
play

Network Verification Using Atomic Network Verification Using Atomic - PowerPoint PPT Presentation

Feb 08, 2024 •309 likes •760 views

Network Verification Using Atomic Network Verification Using Atomic Predicates Predicates Ne two rk Ve rific atio n U sing Ato mic Pre dic ate s (S. S. L am) 1 3/ 28/ 2017 Difficulty in Managing Large Networks Difficulty in Managing Large

  1. Network Verification Using Atomic Network Verification Using Atomic Predicates Predicates Ne two rk Ve rific atio n U sing Ato mic Pre dic ate s (S. S. L am) 1 3/ 28/ 2017

  2. Difficulty in Managing Large Networks Difficulty in Managing Large Networks  Complexity of network protocols o unexpected protocol interactions o links may be physical or virtual (e.g., point to point, Ethernet, VLAN) o access control list (ACL) - complex syntax, ACLs designed and configured by different people over a long period of time o packet transformations (e.g., NATs, MPLS and IP tunnels)  Operator error was the largest single cause of failures -  Operator error was the largest single cause of failures - with configuration errors being the largest category of operator errors p Ne two rk Ve rific atio n U sing Ato mic Pre dic ate s (S. S. L am) 2 3/ 28/ 2017

  3. Data Plane Verification Data Plane Verification  How do we know packet networks are working correctly?  A uniform model for verifying packet networks o Seminal framework by Xie et al. (IEEE Infocom 2005) o A graph where each node is a packet filter or a packet g p p p transformer Ne two rk Ve rific atio n U sing Ato mic Pre dic ate s (S. S. L am) 3 3/ 28/ 2017

  4. Prior Work Prior Work Two approaches: Reformulate the network verification problem within the Reformulate the network verification problem within the  context of a verification tool previously designed for another domain (less effort but inefficient) Symbolic model checking [2009] o SAT/SMT solvers [2011] o Datalog [2015] o Symbolic execution [2016] o Custom design new data structures and algorithms to Custom design new data structures and algorithms to   directly compute reachability trees (much more effort but much more efficient ) Header Space Analysis/Hassel in C [2012-2013] o Atomic Predicates Verifier [2013] o Ne two rk Ve rific atio n U sing Ato mic Pre dic ate s (S. S. L am) 4 3/ 28/ 2017

  5. Network Network Reachability Reachability Properties Properties  Properties o loop-freedom (no forwarding loop for any packet) o reachability via waypoints (e.g. firewalls) reachability via waypoints (e g firewalls) o nonexistence of black holes in routers o network slice isolation (i.e., virtual networks) ( , ) o . . .  Compute packet sets that can travel from port x to port y o forward reachability trees rooted at a source port o reverse reachability trees rooted at a destination port h b l d d Ne two rk Ve rific atio n U sing Ato mic Pre dic ate s (S. S. L am) 5 3/ 28/ 2017

  6. Packet Packet  Each packet has a header and a payload  A packet header is partitioned into multiple fields  Packets with identical values in their header fields are considered to be the same by packet filters are considered to be the same by packet filters header payload payload Ne two rk Ve rific atio n U sing Ato mic Pre dic ate s (S. S. L am) 6 3/ 28/ 2017

  7. Packet Network Packet Network (assume no transformer for now) Ne two rk Ve rific atio n U sing Ato mic Pre dic ate s (S. S. L am) 7 3/ 28/ 2017

  8. Packet filters Packet filters  Routers/switches o forwarding table determines packet sets to output ports g p p p  Access control list (ACL) o guard input and output ports of boxes o determines set of packets that can pass through o a firewall is an ACL with a large number of rules  The set of packets that can travel through a sequence of packet filters can be computed by intersection of the packet sets that represent the filters represent the filters o reachability set along multiple paths is the union of reachability sets along individual paths Ne two rk Ve rific atio n U sing Ato mic Pre dic ate s (S. S. L am) 8 3/ 28/ 2017

  9. Intersection and Union of Packet Sets Intersection and Union of Packet Sets are Computation are Computation- -intensive intensive  Multidimensional sets o with many allowed intervals in each dimension and arbitrary overlaps overlaps  Efficiency of these operations determines the efficiency of  Efficienc of these operations determines the efficienc of reachability analysis  The time and space performance of a network verification Th ti d f f t k ifi ti tool depends on o data structure for representing packet sets, and d t t t f ti k t t d o algorithm for computing reachability sets Ne two rk Ve rific atio n U sing Ato mic Pre dic ate s (S. S. L am) 9 3/ 28/ 2017

  10. Box Model in AP Verifier Box Model in AP Verifier  Each ACL is converted to a predicate specifying the packet set allowed by the ACL  For each output port, a predicate is computed from the forwarding table o specifying the packet set forwarded to the output port Ne two rk Ve rific atio n U sing Ato mic Pre dic ate s (S. S. L am) 10 3/ 28/ 2017

  11. Predicates represent packet sets Predicates represent packet sets  Each variable in a predicate represents one packet header bit  Predicate P specifies the set of packets for which P evaluates to true true  In AP Verifier, predicates are implemented as binary decision , p p y diagrams (BDDs) which are rooted, directed acyclic graphs o intersection and union of packet sets are replaced by conjunction and disjunction of predicates disjunction of predicates o BDD operations are performed using highly efficient graph algorithms [R. Bryant , 1986] Ne two rk Ve rific atio n U sing Ato mic Pre dic ate s (S. S. L am) 11 3/ 28/ 2017

  12. BDD Representation BDD Representation  Uniqueness  Representation size for each rule Theorem 1 If the length of a packet header is h bits and an ACL rule Theorem 1. If the length of a packet header is h bits, and an ACL rule specifies each header field by an interval, a prefix or a suffix, then the number of nodes in the BDD graph representing an ACL rule is less or equal to 2+2 h .  Logical operations  Logical operations o conjunction (disjunction) requires time proportional to the product of operand sizes in the worst case; complement is easy p ; p y h is the number of header bits relevant for verification h is the number of header bits relevant for verification Ne two rk Ve rific atio n U sing Ato mic Pre dic ate s (S. S. L am) 12 3/ 28/ 2017

  13. Datasets Datasets Statistics of three real networks. Statistics of three real networks. • All boxes in Stanford and Internet2 dataset are routers • Boxes in Purdue dataset consist of routers and switches Ne two rk Ve rific atio n U sing Ato mic Pre dic ate s (S. S. L am) 13 3/ 28/ 2017

  14. Representation Size Representation Size - p - ACL ACL Stanford network. Ne two rk Ve rific atio n U sing Ato mic Pre dic ate s (S. S. L am) 14 3/ 28/ 2017

  15. Representation Size Representation Size – – Table Table Stanford network. Ne two rk Ve rific atio n U sing Ato mic Pre dic ate s (S. S. L am) 15 3/ 28/ 2017

  16. Computation Times Computation Times Time to compute predicate for an ACL in Stanford network. Ne two rk Ve rific atio n U sing Ato mic Pre dic ate s (S. S. L am) 16 3/ 28/ 2017

  17. Computation Times Computation Times Time to compute all predicates of a forwarding table in Stanford network. Ne two rk Ve rific atio n U sing Ato mic Pre dic ate s (S. S. L am) 17 3/ 28/ 2017

  18. Observations Observations  Increasing the number of rules in an ACL or a forwarding table does not always mean more BDD nodes  Computing BDDs for ACLs and for forwarding Computing BDDs for ACLs and for forwarding tables is fast o in milliseconds for each ACL or table i illi d f h ACL t bl Ne two rk Ve rific atio n U sing Ato mic Pre dic ate s (S. S. L am) 18 3/ 28/ 2017

  19. Atomic Predicates - Atomic Predicates - Definition Definition Given a set of predicates, its set { p 1 , … , p k } of atomic predicates satisfies five properties 1. 2. 3. 4. Each predicate , is equal to the disj disjunction of a subset of atomic predicates: ctio of a s bset of ato ic redicates 5. k is the minimum number such that the set { p 1 , … , p k } 5 k i th i i b h th t th t { } satisfies the above four properties Ne two rk Ve rific atio n U sing Ato mic Pre dic ate s (S. S. L am) 19 3/ 28/ 2017

  20. Meaning of Atomic Predicates Meaning of Atomic Predicates  Given a set of predicates, there are numerous sets of predicates that satisfy the first four properties o interested in the set with the smallest number of predicates* i d i h i h h ll b f di *  An equivalence class C is a packet set o pkt 1 and pkt 2 both ∈ C if and only if each predicate in evaluates to k d k b h f d l f h d l the same value for both packets  The meaning of atomic predicates  The meaning of atomic predicates Theorem 2. For a given set P of predicates, the atomic predicates for P specify the equivalence classes in the set predicates for P specify the equivalence classes in the set of all packets with respect to P . *Note: The equivalence classes specified by atomic predicates are the q p y p coarsest equivalence classes. Ne two rk Ve rific atio n U sing Ato mic Pre dic ate s (S. S. L am) 20 3/ 28/ 2017

  21. Computing Atomic Predicates Computing Atomic Predicates  Compute the set of atomic predicates for predicate P :  In the worst case, the above set {a i } can have l m predicates; in practice most of , { i } p ; p them are false Ne two rk Ve rific atio n U sing Ato mic Pre dic ate s (S. S. L am) 21 3/ 28/ 2017

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

New Directions for Network Verification Aurojit Panda, Katerina Argyraki, Mooly Sagiv, Michael

New Directions for Network Verification Aurojit Panda, Katerina Argyraki, Mooly Sagiv, Michael

New Directions for Network Verification Aurojit Panda, Katerina Argyraki, Mooly Sagiv, Michael Schapira, Scott Shenker Brief Summary of This Talk Context : Proliferation of network verification tools. Build on assumption that the

813 views • 54 slides
Name Space Analysis (NSA): Verification of Named Data Network Data Planes Mohammad Jahanian and

Name Space Analysis (NSA): Verification of Named Data Network Data Planes Mohammad Jahanian and

Name Space Analysis (NSA): Verification of Named Data Network Data Planes Mohammad Jahanian and K. K. Ramakrishnan University of California, Riverside ACM ICN 2019 Network Verification is important Network data planes are complex and hard to

630 views • 49 slides
Run-time firmware integrity verification: what if you cant trust your network card? Loc

Run-time firmware integrity verification: what if you cant trust your network card? Loc

Run-time firmware integrity verification: what if you cant trust your network card? Loc Duflot , Yves-Alexis Perez , Benjamin Morin Agence Nationale de la Scurit des Systmes dInformation Introduction & reminder Last year...

467 views • 44 slides
Run-time firmware integrity verification: what if you cant trust your network card?

Run-time firmware integrity verification: what if you cant trust your network card?

Run-time firmware integrity verification: what if you cant trust your network card? International Symposium on Recent Advances in Intrusion Detection Menlo Park, September 2011 Loc Duflot, Yves-Alexis Perez, Benjamin Morin ANSSI French

627 views • 37 slides
Network verification and synthesis CSE 599N1 Sep 25, 2019 Who are we? Ratul Mahajan UW

Network verification and synthesis CSE 599N1 Sep 25, 2019 Who are we? Ratul Mahajan UW

Network verification and synthesis CSE 599N1 Sep 25, 2019 Who are we? Ratul Mahajan UW MSR Intentionet UW One of the first paper was Understanding BGP misconfiguration (2002) Ryan Beckett Princeton MSR

834 views • 23 slides
Introduction to Electronic Verification Electronic Verification of Educational Records

Introduction to Electronic Verification Electronic Verification of Educational Records

Introduction to Electronic Verification Electronic Verification of Educational Records OVERVIEW 01 04 Scope of Verification Peggys Picks Types of verification, Verifying exam results or parameters, privacy graduation using databases

1.25k views • 81 slides
Bayes Network Analysis by Program Verification Joost-Pieter Katoen Alan Turing Institute,

Bayes Network Analysis by Program Verification Joost-Pieter Katoen Alan Turing Institute,

Bayes Network Analysis by Program Verification Joost-Pieter Katoen Alan Turing Institute, January 2018 Joost-Pieter Katoen Bayes Network Analysis by Program Verification 1/62 Perspective There are several reasons why probabilistic

1.06k views • 62 slides
A 5G Media Delivery Network Demonstrator A Development and Verification platform Nikos Bakalos

A 5G Media Delivery Network Demonstrator A Development and Verification platform Nikos Bakalos

A 5G Media Delivery Network Demonstrator A Development and Verification platform Nikos Bakalos Research Engineer ICCS/NTUA Institute of Communications and Computer Systems National Technical University of Athens Internet Science Group 5G

63 views • 3 slides
DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification

DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification

DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification Projects Birth Record Verification State to State Verification DIVS State to State Verification Service (S2S) Program Benefits Mission

349 views • 8 slides
Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive

Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive

The Center for Verification and Evaluation (CVE) Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive Support Services Agenda What is Re-Verification? o Simplified Reverification Program VIP

320 views • 21 slides
Objectives Design rules Floorplan Routing Physical layout verification

Objectives Design rules Floorplan Routing Physical layout verification

Objectives Design rules Floorplan Routing Physical layout verification Clock network Power network Engineering changing order Package After completing logic/circuit design, the next phase in ASIC design flow

1.03k views • 92 slides
Verification & Validation Verification is getting the system right : Verification and

Verification & Validation Verification is getting the system right : Verification and

Verification & Validation Verification is getting the system right : Verification and Validation Does the program you built do what you designed it to do? Dr. James A. Bednar Validation is getting the right system : jbednar@inf.ed.ac.uk

331 views • 8 slides
Verification and Validation Steven Zeil February 13, 2013 Verification and Validation

Verification and Validation Steven Zeil February 13, 2013 Verification and Validation

Verification and Validation Verification and Validation Steven Zeil February 13, 2013 Verification and Validation Outline The Process 1 Non-Testing V&V 2 Code Review Mathematically-based verification Static analysis tools

790 views • 55 slides
NETWORK VERIFICATION: WHEN CLARKE MEETS CERF George Varghese UCLA (with collaborators from CMU,

NETWORK VERIFICATION: WHEN CLARKE MEETS CERF George Varghese UCLA (with collaborators from CMU,

FOR PUBLIC CLOUDS, PRIVATE CLOUDS, TOOLS ENTERPRISE NETWORKS, ISPs, . . . NETWORK VERIFICATION: WHEN CLARKE MEETS CERF George Varghese UCLA (with collaborators from CMU, MSR, Stanford, UCLA) 1 Model and Terminology 1.8.* 1.2.* 1.2.*,

578 views • 39 slides
Verification regulations: Description Draft to define model for meeting verification

Verification regulations: Description Draft to define model for meeting verification

Verification regulations: Description Draft to define model for meeting verification regulations Verification Code Extension (draft-gould-eppext-verificationcode) Purpose Separate verification details from registry interface

167 views • 6 slides
Part 1: Status of Interconnectivity verification in i-Visto Tetsuo Kawano and Takeaki

Part 1: Status of Interconnectivity verification in i-Visto Tetsuo Kawano and Takeaki

Part 1: Status of Interconnectivity verification in i-Visto Tetsuo Kawano and Takeaki Mochida NTT Laboratories (i-visto@core.ntt.co.jp) 1 Objective Extend i-Visto interconnectivity with network quipment (Router, Switch), network

223 views • 18 slides
access control 1 last time two phase commit and delayed messages simplifjcations in assignment

access control 1 last time two phase commit and delayed messages simplifjcations in assignment

access control 1 last time two phase commit and delayed messages simplifjcations in assignment quorum consensus: not requiring unanimity goal: use nodes for redundancy, but keep them consistent keep operating when suffjciently many nodes are

1k views • 62 slides
Access Control CS461/ECE422 Spring 2012 Reading Material

Access Control CS461/ECE422 Spring 2012 Reading Material

Access Control CS461/ECE422 Spring 2012 Reading Material Chapter 4 through sec=on 4.5 Chapters 25 and 26 For the access control aspects of

967 views • 40 slides
Security Concepts (cont) Deian Stefan Slides adopted from Kirill Levchenko and Stefan Savage

Security Concepts (cont) Deian Stefan Slides adopted from Kirill Levchenko and Stefan Savage

CSE 127: Computer Security Security Concepts (cont) Deian Stefan Slides adopted from Kirill Levchenko and Stefan Savage Incentives and Deterrents Attackers equation: (expected gain) > (cost of attack) Defenders equation:

301 views • 28 slides
Security (2) Summer 2016 Cornell University 1 Today Access control DAC MAC 2

Security (2) Summer 2016 Cornell University 1 Today Access control DAC MAC 2

CS 4410 Operating Systems Security (2) Summer 2016 Cornell University 1 Today Access control DAC MAC 2 Access control Confidentiality and integrity are often enforced using access control. Predefined operations are the

649 views • 17 slides
Access Control Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 - L17 1 Agenda of this

Access Control Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 - L17 1 Agenda of this

Access Control Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP4631 - L17 1 Agenda of this Lecture The basic concepts of access control, ACLs, capabilities, etc. Two approaches to access control Further reading C. Ding -

784 views • 35 slides
SDSI -- A S imple D istributed S ecurity I nfrastructure by Ronald L. Rivest MIT Lab for Computer

SDSI -- A S imple D istributed S ecurity I nfrastructure by Ronald L. Rivest MIT Lab for Computer

SDSI -- A S imple D istributed S ecurity I nfrastructure by Ronald L. Rivest MIT Lab for Computer Science (joint work with Butler Lampson) Outline Context and history Motivation and goals SDSI: syntax public keys (principals)

717 views • 32 slides
0117401: Operating System Chapter 11: File system

0117401: Operating System Chapter 11: File system

0117401: Operating System Chapter 11: File system interface() xlanchen@ustc.edu.cn http://staff.ustc.edu.cn/~xlanchen Computer Application Laboratory, CS, USTC @ Hefei Embedded System

1.21k views • 62 slides
CS 134: Operating Systems File System Design Choices 1 / 23 Overview CS34 Overview

CS 134: Operating Systems File System Design Choices 1 / 23 Overview CS34 Overview

CS34 2012-12-06 CS 134: Operating Systems File System Design Choices CS 134: Operating Systems File System Design Choices 1 / 23 Overview CS34 Overview 2012-12-06 Allocation Overall Organization Overview What to Store Metadata

596 views • 23 slides

More recommend