validating formal descriptions of tcp ip
play

Validating Formal Descriptions of TCP/IP Introduction Beginning a - PowerPoint PPT Presentation

Feb 20, 2024 •127 likes •678 views

Validating Formal Descriptions of TCP/IP Michael Norrish Validating Formal Descriptions of TCP/IP Introduction Beginning a TCP Experimental Formal Semantics Specification The Segment Level Specification Use of HOL Michael Norrish

  1. Validating Formal Descriptions of TCP/IP Michael Norrish Validating Formal Descriptions of TCP/IP Introduction Beginning a TCP Experimental Formal Semantics Specification The Segment Level Specification Use of HOL Michael Norrish Specification Validation Michael.Norrish@nicta.com.au As a Theorem Proving Problem The High Level NICTA Specification Conclusion September 2007

  2. Validating Formal Background Descriptions of TCP/IP Michael Norrish Introduction • This is joint work with Peter Sewell, Keith Wansbrough, Beginning a TCP Specification Tom Ridge, Steve Bishop, Andrei Serjantov, Michael The Segment Level Specification Fairbairn and Michael Smith (all at University of Use of HOL Cambridge). Specification Validation • Project began in 2001(?), with work on UDP by Sewell, As a Theorem Proving Problem Serjantov and Wansbrough. The High Level Specification • UDP is a simple protocol, but work on a detailed Conclusion semantics became overwhelming for pen-and-paper techniques. • I joined the project to see if mechanical support might be helpful (hence the choice of HOL4...)

  3. Validating Formal Work on UDP Descriptions of TCP/IP Michael Norrish Introduction Beginning a TCP Specification • The mechanised semantics for UDP was not too large: The Segment Level Specification I proved a simple safety property in HOL. Use of HOL Specification Validation • By hand, we also proved As a Theorem Proving Problem • a timing property The High Level Specification • correctness properties for a heart-beat program built Conclusion using the sockets interface to UDP • Next step was clear: move to TCP.

  4. Validating Formal Descriptions of TCP/IP Michael Norrish 1 Introduction Beginning a TCP Specification Introduction Beginning a TCP Specification The Segment Level 2 The Segment Level Specification Specification Use of HOL Use of HOL Specification Validation As a Theorem Proving Problem 3 Specification Validation The High Level Specification As a Theorem Proving Problem Conclusion 4 The High Level Specification 5 Conclusion

  5. Validating Formal Motivation Descriptions of TCP/IP TCP is critical Internet infrastructure. Michael Norrish Introduction Time spent specifying it is time well-spent: Beginning a TCP Specification • Users of the API know what to expect The Segment Level Specification • Future implementors have a better idea of what they Use of HOL have to do Specification Validation • It can be studied mathematically, not just empirically. As a Theorem Proving Problem The High Level Specification Conclusion ...implementing TCP correctly is very difficult —Vern Paxson (SIGCOMM’97) To which we add: Using TCP and the Sockets API correctly is also difficult

  6. Validating Formal Networking: The TCP/IP Protocols Descriptions of TCP/IP Michael Norrish sockets interface (C) Introduction TCP ICMP UDP Beginning a TCP Specification The Segment Level IP Specification Use of HOL Specification Validation As a Theorem Proving Problem The High Level IP (Internet Protocol): unreliable asynchronous small Specification messages, delivered to IP addresses such as Conclusion 128.34.1.14. UDP (User Datagram Protocol): as above, but delivered to IP address/Port pairs. TCP (Transmission Control Protocol): duplex streams, with retransmission, flow control, congestion control, etc. Messages between IP/Port pairs.

  7. Validating Formal Networking: The Sockets API Descriptions of TCP/IP Michael Norrish Introduction Beginning a TCP Specification The Sockets API gives programmers levers with which to The Segment Level control of the various internet protocols: Specification Use of HOL • Expression in C is ghastly ( ntohs , Specification Validation struct inaddr * . . . ) As a Theorem Proving Problem • Even stripped of C-isms, there are a plethora of The High Level Specification confusing entry-points (bind, listen, accept, connect, Conclusion close, socket, dupfd. . . ) • Specified in POSIX and the various implementations (including Windows)

  8. Validating Formal Post Hoc Specification Descriptions of TCP/IP Michael Norrish Introduction Beginning a TCP Specification We cannot tell the world’s TCP and OS implementors what The Segment Level Specification to do. Use of HOL Specification Validation Our specification must reflect not only the existing As a Theorem Proving Problem “specifications”: The High Level Specification • RFCs, POSIX, . . . Conclusion But also current practice, as enshrined in representative implementations: Windows, BSD and Linux.

  9. Validating Formal Writing a Huge Specification Descriptions of TCP/IP Michael Norrish This project was a test of theoretical machinery: Introduction Beginning a TCP • An operational semantics with almost 200 reduction Specification The Segment Level rules (no recursion though) Specification Use of HOL Specification • Handling of non-determinism Validation • timing: modelling the interleaving of asynchronous and As a Theorem Proving Problem synchronous system calls, as well as packet arrival and The High Level Specification dispatch • choices of values: under-specified behaviours cause Conclusion semantic states to take on constrained values for attributes • Quantified time: TCP is full of timed quantities, and counters representing the passage of time.

  10. Validating Formal Writing a Huge Specification Descriptions of TCP/IP Michael Norrish Introduction Beginning a TCP Specification In addition to “inherent complexities”, we contended with The Segment Level Specification 20–30 years of haphazard code evolution, resulting in Use of HOL Specification Validation • the warped sockets API; As a Theorem Proving Problem The High Level Specification • specifications allowing a great deal of implementation Conclusion latitude; • numerous ugly corner cases

  11. Validating Formal Specification: Where to Cut? Descriptions of TCP/IP Michael Norrish Global Application Global Application Introduction Beginning a TCP Dist. Libraries Dist. Libraries Specification The Segment Level Specification Prog. Language Prog. Language Use of HOL Specification Sockets API Validation TCP TCP ICMPUDP ICMPUDP As a Theorem Proving Problem IP IP The High Level Specification Conclusion IP network

  12. Validating Formal Specification: Where to Cut? Descriptions of TCP/IP Michael Norrish tid · bind ( fd , is ′ 1 , ps ′ 1 ) tid · v Introduction Beginning a TCP Sockets API Specification 8 The Segment Level > TCP ICMP UDP > Specification < h Use of HOL Specification > > IP Validation : Wire interface As a Theorem Proving Problem The High Level msg msg Specification Conclusion The specification describes the evolution of hosts , which are involved in six sorts of behaviours: system calls in ; syscall returns out ; messages in ; messages out ; time elapsing; internal/unobservable state-changes.

  13. Validating Formal Specification Language Descriptions of TCP/IP Michael Norrish The specification is written in higher-order logic. Introduction Beginning a TCP Specification The Segment Level Expressive: Specification Use of HOL • Supports natural, mathematical idiom Specification • Rich types (lists, sets, finite-maps, N , R ) Validation As a Theorem • + user defined types (records, algebraic types) Proving Problem The High Level • Captures non-determinism and under-specification easily Specification Conclusion Clear: • Has well-defined semantics • Easy to write (non-expert CS people picked it up in a week or so)

  14. Validating Formal The Segment Level Specification Descriptions of TCP/IP Michael Norrish Introduction Our segment level specification (the “low level spec”) Beginning a TCP Specification describes The Segment Level Specification Use of HOL • the “on the wire” behaviour of hosts: the packets they Specification emit Validation As a Theorem Proving Problem • what programmers using the sockets API can expect The High Level Specification • the internal (hidden) state of hosts supporting the above Conclusion

  15. Validating Formal The Segment Level Specification Descriptions of TCP/IP Michael Norrish Introduction Our segment level specification (the “low level spec”) Beginning a TCP Specification describes The Segment Level Specification Use of HOL • the “on the wire” behaviour of hosts: the packets they Specification emit Validation As a Theorem Proving Problem • what programmers using the sockets API can expect The High Level Specification • the internal (hidden) state of hosts supporting the above Conclusion We have • validated the specification against real implementations • found bugs in the implementations

  16. Validating Formal Important Types: Segments Descriptions of TCP/IP Michael Norrish Introduction tcpSegment = � Beginning a TCP Specification is1 : ip option ; (* source IP *) The Segment Level Specification is2 : ip option ; (* destination IP *) Use of HOL ps1 : port option ; (* source port *) Specification Validation ps2 : port option ; (* destination port *) As a Theorem Proving Problem seq : tcp seq local ; (* sequence number *) The High Level Specification URG , ACK : bool ; Conclusion PSH , RST : bool ; SYN , FIN : bool ; win : word16 ; (* window size (unsigned) *) mss : word16 option ; (* maximum segment size *) · · · �

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

DI MA- -Maude: Maude: DI MA Toward a Formal Framework Toward a Formal Framework for

DI MA- -Maude: Maude: DI MA Toward a Formal Framework Toward a Formal Framework for

DI MA- -Maude: Maude: DI MA Toward a Formal Framework Toward a Formal Framework for Specifying and Validating for Specifying and Validating DI MA Agents DI MA Agents Farid Mokhati Farid Mokhati, , Noura Noura Boudiaf Boudiaf Mourad

588 views • 23 slides
Formal Executable Descriptions of Biological Systems Pierpaolo Degano Dipartimento di

Formal Executable Descriptions of Biological Systems Pierpaolo Degano Dipartimento di

Formal Executable Descriptions of Biological Systems Pierpaolo Degano Dipartimento di Informatica, Universit di Pisa, Italia joint work with a lot of nice people :-) Pisa, 14th June 2007 NETTAB 2007 Pisa p.1/44 From Syntax to Semantics

772 views • 44 slides
ATLAS2K The Framework for Precise and Extensible Signal Descriptions in Modern ATS Sqn Ldr

ATLAS2K The Framework for Precise and Extensible Signal Descriptions in Modern ATS Sqn Ldr

ATLAS2K The Framework for Precise and Extensible Signal Descriptions in Modern ATS Sqn Ldr Dick Delaney MSc RAF Chris Gorringe Current ATLAS Strengths of ATLAS: Test technology related Keywords Formal syntax and semantics Non

353 views • 23 slides
Modelling and validating distributed systems with TLA+ Carla Ferreira 29th April 2019 TLA+

Modelling and validating distributed systems with TLA+ Carla Ferreira 29th April 2019 TLA+

Modelling and validating distributed systems with TLA+ Carla Ferreira 29th April 2019 TLA+ specification language Formal language for describing and reasoning about distributed and concurrent systems. TLA+ is a model-oriented language:

744 views • 35 slides
Validating CDI Data for Report Integrity Fran Jurcak, MSN, RN, CCDS Clinical Documentation

Validating CDI Data for Report Integrity Fran Jurcak, MSN, RN, CCDS Clinical Documentation

Validating CDI Data for Report Integrity Fran Jurcak, MSN, RN, CCDS Clinical Documentation Program Manager Iodine Software Objectives The learner will be able to: Articulate the role of validating data in a CDI departments ongoing

453 views • 31 slides
VEA: Validating, Evolving &amp; Anonymizing Data in Real Time Albert Franzi Cros, Data Engineer |

VEA: Validating, Evolving &amp; Anonymizing Data in Real Time Albert Franzi Cros, Data Engineer |

VEA: Validating, Evolving &amp; Anonymizing Data in Real Time Albert Franzi Cros, Data Engineer | Alpha Health Slides available in: bit.ly/afranzi-vea About me 2019 2020 2013 2014 2015 2017 2018 VEA: Validating, Evolving &amp;

679 views • 39 slides
Chapter 8 Dataflow Descriptions in VHDL 1 benyamin@mehr.sharif.edu Dataflow Description

Chapter 8 Dataflow Descriptions in VHDL 1 benyamin@mehr.sharif.edu Dataflow Description

Chapter 8 Dataflow Descriptions in VHDL 1 benyamin@mehr.sharif.edu Dataflow Description Its between structural and behavioral descriptions Descriptions at this level specify the flow of data through the registers and busses of a

753 views • 51 slides
Annex-4 Formal vs. Non-formal Debate ICT in Non-Formal Education ad hoc, not

Annex-4 Formal vs. Non-formal Debate ICT in Non-Formal Education ad hoc, not

Annex-4 Formal vs. Non-formal Debate ICT in Non-Formal Education ad hoc, not hierarchically structured, standardized chronologically graded, for the standardized Anir Chowdhury for the mainstream dropouts Policy Advisor

395 views • 5 slides
Validating Procedural Knowledge in the Validating Procedural Knowledge in the Open Virtual

Validating Procedural Knowledge in the Validating Procedural Knowledge in the Open Virtual

Validating Procedural Knowledge in the Validating Procedural Knowledge in the Open Virtual Collaboration Environment Open Virtual Collaboration Environment Gerhard Wickler Wickler Gerhard AIAI, University of Edinburgh, UK AIAI, University of

501 views • 15 slides
IATTO Conference Presentation Descriptions I N T E R N A T I O N A L A S S O C I A T I O N O F

IATTO Conference Presentation Descriptions I N T E R N A T I O N A L A S S O C I A T I O N O F

IATTO Conference Presentation Descriptions I N T E R N A T I O N A L A S S O C I A T I O N O F T R A D E T R A I N I N G O R G A N I S A T I O N S IATTO Presentation Descriptions Lesley Batchelor Brexit and Beyond As we unravel the 40

355 views • 7 slides
Some considerations in validating the interpretation of process indicators Frank Goldhammer 1,2 ,

Some considerations in validating the interpretation of process indicators Frank Goldhammer 1,2 ,

Some considerations in validating the interpretation of process indicators Frank Goldhammer 1,2 , Carolin Hahnel 1,2 , Ulf Kroehne 1 , Fabian Zehner 1 1 DIPF | Leibniz Institute for Research and Information in Education 2 Centre for International

467 views • 42 slides
So you think you can dance? Some concrete suggestions and cautions in evaluating/validating

So you think you can dance? Some concrete suggestions and cautions in evaluating/validating

So you think you can dance? Some concrete suggestions and cautions in evaluating/validating claims of college readiness Thanos Patelis Center for Assessment Presentation at the National Conference on Student Assessment San Diego, CA June 23, 2015

305 views • 26 slides
School Improvement SII Institute (Si2) Welcome! Todays Agenda Strategy Descriptions Import

School Improvement SII Institute (Si2) Welcome! Todays Agenda Strategy Descriptions Import

School Improvement Institute School Improvement SII Institute (Si2) Welcome! Todays Agenda Strategy Descriptions Import Strategy Descriptions Review -Update Descriptions and Strategy Info Review Strategy Reports Summary Impact Energy

550 views • 24 slides
Definitive Semantic Descriptions Peter D. Mosses BRICS &amp; Department of Computer Science

Definitive Semantic Descriptions Peter D. Mosses BRICS &amp; Department of Computer Science

Definitive Semantic Descriptions Peter D. Mosses BRICS &amp; Department of Computer Science University of Aarhus, Denmark 1st APPSEM-II Workshop, Nottingham, March 2003 Conventional semantic descriptions Abstract syntax (fragment) Expressions

315 views • 16 slides
A tool for specifying and validating software liability VERIMAG, Grenoble, France - Eduardo

A tool for specifying and validating software liability VERIMAG, Grenoble, France - Eduardo

A tool for specifying and validating software liability VERIMAG, Grenoble, France - Eduardo Mazza - Marie-Laure Potet Outline Context Approach Study Case Specifications Entities Logs Properties Responsibility

364 views • 20 slides
Robustly Disentangled Causal Mechanisms: Validating Deep Representations for Interventional

Robustly Disentangled Causal Mechanisms: Validating Deep Representations for Interventional

Robustly Disentangled Causal Mechanisms: Validating Deep Representations for Interventional Robustness Raphael Suter 1 , or c 1 , Bernhard Schlkopf 2 , Stefan Bauer 2 de Miladinovi 1 ETH Zurich, 2 MPI for Intelligent Systems ICML 2019 1

275 views • 9 slides
Chapter 10 Using OpenOffice.org Page 1 We Shall be Covering ... The OpenOffice.org suite

Chapter 10 Using OpenOffice.org Page 1 We Shall be Covering ... The OpenOffice.org suite

Chapter 10 Using OpenOffice.org Page 1 We Shall be Covering ... The OpenOffice.org suite Word processor - Writer Spreadsheet - Calc Presentation - Impress Page 2 OpenOffice.org A complete office suite www.openoffice.org

239 views • 19 slides
Open Source eID Projects RMLL Frank Cornelis 10/07/2013 Agenda Overview eID

Open Source eID Projects RMLL Frank Cornelis 10/07/2013 Agenda Overview eID

Open Source eID Projects RMLL Frank Cornelis 10/07/2013 Agenda Overview eID Cryptography in Java via JCA RSA, PKI, jTrust, eID Trust Service Integration levels for eID eID Applet Commons eID eID Identity Provider

758 views • 59 slides
Aggregation functions for social decision making Vicen c Torra torsdag den 17. oktober 2013

Aggregation functions for social decision making Vicen c Torra torsdag den 17. oktober 2013

Kbenhavn, Danmark, 2013 Aggregation functions for social decision making Vicen c Torra torsdag den 17. oktober 2013 Institut dInvestigaci o en Intel lig` encia Artificial (IIIA-CSIC), Bellaterra Outline Outline 1. Introduction

1.29k views • 112 slides
Recycling KLOE: an ecofriendly possibility S. Bertolucci University of Bologna and INFN The

Recycling KLOE: an ecofriendly possibility S. Bertolucci University of Bologna and INFN The

Recycling KLOE: an ecofriendly possibility S. Bertolucci University of Bologna and INFN The KLOE experiment Be beam pipe (0.5 mm thick) Instrumented permanent magnet quadrupoles (32 PMT s) Drift chamber (4 m 3.3 m) 90% helium 10%

276 views • 12 slides
How Do Centralized and Distributed Version Control Systems Impact Software Changes? Caius

How Do Centralized and Distributed Version Control Systems Impact Software Changes? Caius

How Do Centralized and Distributed Version Control Systems Impact Software Changes? Caius Brindescu Mihai Codoban Sergii Shmarkatiuk Danny Dig 1 GitHub is the main forge for OSS projects SourceForge GitHub 300K repos 4.6M repos 2

635 views • 60 slides
Risk and Security Assessment Zbigniew Kalbarczyk | 1 TCIPG Cluster Arrangement Communication and

Risk and Security Assessment Zbigniew Kalbarczyk | 1 TCIPG Cluster Arrangement Communication and

Risk and Security Assessment Zbigniew Kalbarczyk | 1 TCIPG Cluster Arrangement Communication and Data Delivery for Wide-Area Monitoring and Control Trustworthy cyber infrastructure and Wide-Area Monitoring and technologies for wide-area

296 views • 12 slides
S PAM T RACER T RACKING F LY -B Y S PAMMERS RIPE 67 P IERRE -A

S PAM T RACER T RACKING F LY -B Y S PAMMERS RIPE 67 P IERRE -A

S PAM T RACER T RACKING F LY -B Y S PAMMERS RIPE 67 P IERRE -A NTOINE V ERVIER S YMANTEC R ESEARCH L ABS Pierre-Antoine_Vervier@symantec.com RIPE 67 - Athens -

231 views • 21 slides
ESA Microprocessor Development Status and Roadmap Roland Weigand European Space Agency

ESA Microprocessor Development Status and Roadmap Roland Weigand European Space Agency

ESA Microprocessor Development ESA Microprocessor Development Status and Roadmap Roland Weigand European Space Agency Microelectronics Section DASIA 2011 Microelectronics Section 1 18-May-2011 DASIA 2011 ESA Microprocessor Development

550 views • 28 slides

More recommend