formal verification of computer switch networks
play

Formal Verification of Computer Switch Networks Sharad Malik ; - PowerPoint PPT Presentation

May 06, 2023 •310 likes •665 views

Formal Verification of Computer Switch Networks Sharad Malik ; Department of Electrical Engineering; Princeton Univeristy (with Shuyuan Zhang (Princeton), Rick McGeer (HP Labs)) 1 SDN: So what changes for verification? SDN: So what changes for

  1. Formal Verification of Computer Switch Networks Sharad Malik ; Department of Electrical Engineering; Princeton Univeristy (with Shuyuan Zhang (Princeton), Rick McGeer (HP Labs)) 1

  2. SDN: So what changes for verification? SDN: So what changes for verification?  Previously  System complexity precluded formal modeling and verification  R li d  Relied exclusively on testing based techniques l i l t ti b d t h i  traceroute, ping, tcpdump, wireshark  Now  Hardware  Hardware  Switch network is purely hardware (finite state)  Can apply hardware verification techniques  Software  Centralized control algorithm, easier to analyze  However  Hardware  Large network size  Switches: From tens to hundreds  Rules per switch: From hundreds to thousands  Software  Interacts with distributed hardware 2

  3. Hardware Snapshot Verification Hardware Snapshot Verification  Verify the static network state at a single instance of time  A snapshot of a dynamic system p y y  Do not consider network performance, e.g. delay, bandwidth, …  Verify consistency of updates separately  Reitblatt, Foster, Rexford, and Walker. 2011. Consistent updates for software-defined networks: change you can believe in!. In Proceedings of the 10th ACM Workshop on Hot Topics in Networks (HotNets-X)  Rationale  Network state change (rule deletion/addition/change at a switch) [1]  T  T ens of events per second ens of events per second  Packet arrival rate  Millions of arrivals per second [1] Gude, N., Koponen, T., Pettit, J., Pfa, B., Casado, M., McKeown, N., Shenker, S.: “Nox: towards an operating 3 system for networks”

  4. Talk Goals/Outline Talk Goals/Outline  Review specific verification efforts  Formalisms  Formalisms  Modeling  Verification Tasks  Emphasis on verification engines  Model checking  Symbolic simulation y  SAT based propositional logic verification  With insights on their applicability  From verification to design synthesis  Formal methods based optimal synthesis of network components components 4

  5. Packet State  System State Packet State System State  Verification is packet centric  Packet State  (packet header, packet location)  (h,p)  Ignore payload  Packet state transitions during network traversal P k d k l  State Space Size  Packet Header Bit # 0~31 32~63 64~79 80~95 96~103 104~207 Pkt Src IP Dst IP Src port Dst port Protocol Src IP’, …… , Proto’  Packet Location  Global Port ID  Stanford campus network: 47 ports, 6 bit encoding 5

  6. Network State Network State  Switch State  Set of rules defining how a packet is processed  Set of rules defining how a packet is processed  Routing Information Base, Forwarding Information Base, Access Control List, Forwarding Table, Configuration Policies…  Rules are prioritized R l i i i d Modify/ Modify/ Match Match  Network State route route packet packet packets packets header header  The combination of all switch states  The combination of all switch states  Fixed → Snapshot verification 6

  7. Talk Goals/Outline Talk Goals/Outline  Review specific verification efforts  Formalisms  Formalisms  Modeling  Verification Tasks  Emphasis on verification engines  Model checking  Symbolic simulation y  SAT based propositional logic verification  With insights on their applicability  From verification to design synthesis  Formal methods based optimal synthesis of network components components 7

  8. Network Properties Network Properties  Reachability Checking:  Check if a packet can always reach B p y A B B from A.  No Forwarding Loop:  No Forwarding Loop:  Make sure there is no packet that can Packet reach the same switch/port more than once during its lifetime once during its lifetime.  Packet Destination Control: X C  Make sure a packet can/cannot go through certain switches/hosts. A B 8

  9. Slice Isolation Slice Isolation  Slice 1 A B X X D C Slice 2 9 [2] Kazemian, P., Varghese, G., McKeown, N.: “Header space analysis: static checking for networks”

  10. Talk Goals/Outline Talk Goals/Outline  Review specific verification efforts  Formalisms  Formalisms  Modeling  Verification Tasks  Emphasis on verification engines  Model checking  Symbolic simulation y  SAT based propositional logic verification  With insights on their applicability  From verification to design synthesis  Formal methods based optimal synthesis of network components components 10

  11. Model Checking Based Verification Model Checking Based Verification  Transition of packet states  Given a packet, FSM based approaches model how the packet transitions during its lifetime. Time 1 Time 2 Time 3 Switch 2 (h2, p2) Switch 4 Switch 1 (h1, p1) (h2, p4) Switch 3 (h2, p3) Real Network Transition Model  Properties specified using temporal logic formulas  Properties specified using temporal logic formulas  CTL: Computation Tree Logic 11

  12. Header Space Analysis: Ternary Symbolic Simulation Implementation Ternary Symbolic Simulation Implementation  Can follow a symbolic packet through the network  Example:  Example: 1 0 * * * 0 0 R l 1 Rule 1 * * 0 0 0 Rule 1 Rule 2 1 1 Rule 2 Rule 1 1 1 * 1 Rule 2 The whole header space 0 1  Limitation  No clean formalism to express/check properties 12

  13. Reachability Analysis Reachability Analysis  Packets can reach from A to B AF : Along A ll paths there  Model Checking Based Approach  Model Checking Based Approach some F uture state  CTL Property  (p=A) → AF (p=B)  Ternary Symbolic Simulation  Follow the symbolic packet along all possible paths 13

  14. Forwarding Loop Forwarding Loop  drop, outside world are drop, outside world are encoded as some port ID encoded as some port ID Visit:{1,2,3} Visit:{1,2,3,4} 4 Loop! Visit:{1,2} Inject 3 1 1 Packet Visit:{} 2 Visit:{1} 14

  15. Packet Destination Control Packet Destination Control  Example:  All packets from A get to B without reaching C. p g g C X A B B  15

  16. Experimental Evidence: BDD Based Model Checking BDD Based Model Checking BDD: Binary Decision Diagram  Scalability:  # of variables in transition relation  Header bits: OpenFlow v1.1 → 15 matching fields → 356 matching bits  H d bit O Fl 1 1 15 t hi fi ld 356 t hi bit  Network size: 47 ports (as in Stanford campus) → 6 bits  Experimental Result:  ConfigChecker: 111 bits for header + (largest) 4000 nodes  ConfigChecker: 111 bits for header + (largest) 4000 nodes  Atomic Update: 64 bits header + Hundreds of switches + hundreds of thousands of rules → over an hour  Why does this even work? y  Space: Largest part of the system is the rules  BDD variables only for packet state bits Packet state Packet state Transition Rules  Time: Shallow transition systems. Packets go through relatively few hops. 16

  17. Experimental Evidence: Ternary Symbolic Simulation Ternary Symbolic Simulation  Potential Difficulty: Packet: h H 2 =(h-k 1 ) H 3 =(H 2 -k 2 ) H n =(H n-1 –k n-1 ) H (H k )  Operation “-” is expensive in ternary symbolic simulation p p y y  It is equivalent to DNF complementation. 17

  18. Experimental Evidence: Ternary Symbolic Simulation Ternary Symbolic Simulation  Experimental result:  Stanford campus network:  Stanford campus network:  2 backbone routers + 14 zone routers + 10 switches  # of forwarding rules after compression: 4,200 (originally 757,000)  Loop Detection on 30 ports: 560 seconds  Why does this even work?  Shallow transition system: A packet  Shallow transition system: A packet reaches its destination in a few hops.  Rule overlaps are small  Limited number of packet trajectories  Limited number of packet trajectories  Exploited in incremental verification  Khurshid, Zhou, Caesar, and Godfrey. 2012. VeriFlow: verifying network-wide y g invariants in real time. HotSDN '12 18

  19. Talk Goals/Outline Talk Goals/Outline  Review specific verification efforts  Formalisms  Formalisms  Modeling  Verification Tasks  Emphasis on verification engines  Model checking  Symbolic simulation y  SAT based propositional logic verification  With insights on their applicability  From verification to design synthesis  Formal methods based optimal synthesis of network components components 19

  20. From Model Checking to SAT From Model Checking to SAT  Model Checking vs. SAT  Higher in the complexity hierarchy  Higher in the complexity hierarchy  Ternary Symbolic Simulation  Properties are hard to specify p p y  Book-keeping overhead (e.g. check forwarding loop)  Can we model the network as a combinational circuit?  Propositional logic model  SAT based property checking 20

  21. SAT Based Verification: An Overview SAT Based Verification: An Overview  Split one bidirectional link into two unidirectional links  Switch can be modeled as acyclic combinational logic  Use traditional hardware verification techniques. SAT Formula 21

Recommend

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for Analyzing Computing Systems Shilpi Goel shilpi@centtech.com Formal Verification Engineer Centaur Technology, Inc. Software and Reliability Can we rely

1.14k views • 78 slides
Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply mathematical arguments to prove the correctness of systems Systems have bugs Formal verification aims to find and correct such bugs Why? Computer systems

1.42k views • 122 slides
Formal approaches to the synthesis of biological networks Nicola Paoletti Department of Computer

Formal approaches to the synthesis of biological networks Nicola Paoletti Department of Computer

Formal approaches to the synthesis of biological networks Nicola Paoletti Department of Computer Science, University of Oxford Metable Workshop Computer Laboratory, University of Cambridge, 26 Mar 2015 MOTIVATION Model checking Verification

859 views • 38 slides
Formal Methods Chapter 21 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

Formal Methods Chapter 21 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

Formal Methods Chapter 21 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-1 Outline Formal verification techniques Design verification languages Bell-LaPadula and SPECIAL Current verification systems

911 views • 63 slides
NetKATA Formal System for the Verification of Networks Alexandra Silva University College

NetKATA Formal System for the Verification of Networks Alexandra Silva University College

NetKATA Formal System for the Verification of Networks Alexandra Silva University College London PUMA seminar, TU Munich NetKAT papers Carolyn Jane Anderson, Nate Foster, Arjun Guha, Jean-Baptiste Jeannin, Dexter Kozen, Cole Schlesinger,

845 views • 47 slides
CHAPTER II SWITCH NETWORKS AND SWITCH DESIGN R.M. Dansereau; v.1.0 SWITCH NETWORKS SWITCH

CHAPTER II SWITCH NETWORKS AND SWITCH DESIGN R.M. Dansereau; v.1.0 SWITCH NETWORKS SWITCH

SWITCH DESIGN CHAPTER II CHAPTER II-1 SWITCH DESIGN CHAPTER II SWITCH NETWORKS AND SWITCH DESIGN R.M. Dansereau; v.1.0 SWITCH NETWORKS SWITCH DESIGN SWITCH NETWORKS CHAPTER II-2 BASIC IDEAL SWITCH SWITCH DESIGN Simplest

348 views • 24 slides
Formal Verification of Traffic Networks at Equilibrium Matt Battifarano mbattifa@andrew.cmu.edu

Formal Verification of Traffic Networks at Equilibrium Matt Battifarano mbattifa@andrew.cmu.edu

Formal Verification of Traffic Networks at Equilibrium Matt Battifarano mbattifa@andrew.cmu.edu 15-624 Logical Foundations of Cyber-Physical Systems Carnegie Mellon University 11 Dec. 2018 Matt Battifarano (15-624) Traffic Networks at

441 views • 11 slides
Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim for automation (bit level) Find niches where formal methods work well Use assertions/ properties first in sim. and then in FV (the acronym is ABV,

1.14k views • 65 slides
Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal

Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal

Formal Verification in Industry 1 Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal verification Machine-checked proof Automatic and interactive approaches HOL Light Floating point

366 views • 25 slides
Formal Verification of x86 Machine-Code Programs Computer Architecture and Program Analysis

Formal Verification of x86 Machine-Code Programs Computer Architecture and Program Analysis

Formal Verification of x86 Machine-Code Programs Computer Architecture and Program Analysis Shilpi Goel shigoel@cs.utexas.edu Department of Computer Science The University of Texas at Austin Software and Reliability Can we rely on our

891 views • 65 slides
Performance analysis and formal verification of cognitive wireless networks Gian-Luca Dei Rossi

Performance analysis and formal verification of cognitive wireless networks Gian-Luca Dei Rossi

Performance analysis and formal verification of cognitive wireless networks Gian-Luca Dei Rossi Lucia Gallina Sabina Rossi Dipartimento di Scienze Ambientali, Informatica e Statistica Universit` a Ca Foscari, Venezia EPEW 2013, Venice,

314 views • 16 slides
NetKATA Formal System for the Verification of Networks Dexter Kozen Cornell University

NetKATA Formal System for the Verification of Networks Dexter Kozen Cornell University

NetKATA Formal System for the Verification of Networks Dexter Kozen Cornell University AutoMathA 2015 Leipzig 7 May 2015 NetKAT Collaborators Carolyn Jane Anderson, Nate Foster, Arjun Guha, Jean-Baptiste Jeannin, Dexter Kozen, Cole

1.03k views • 56 slides
Formal verification of low-level execution platforms Roberto Guanciale Assistant professor

Formal verification of low-level execution platforms Roberto Guanciale Assistant professor

Roberto Guanciale Estonian Winter School Day 01 Formal verification of low-level execution platforms Roberto Guanciale Assistant professor Computer Security Department of Theoretical Computer Science @KTH Research interest in Formal

895 views • 71 slides
Abstract Interpretationbased Formal Verification of Complex Computer Systems Patrick

Abstract Interpretationbased Formal Verification of Complex Computer Systems Patrick

Abstract Interpretationbased Formal Verification of Complex Computer Systems Patrick Cousot Jerome C. Hunsaker Visiting Professor Department of Aeronautics and Astronautics Massachusetts Institute of Technology cousot mit edu

486 views • 4 slides
Switch Codes for Computer Networks Hui Zhang Joint work with Yeow Meng Chee, Fei Gao and Samuel

Switch Codes for Computer Networks Hui Zhang Joint work with Yeow Meng Chee, Fei Gao and Samuel

Switch Codes for Computer Networks Hui Zhang Joint work with Yeow Meng Chee, Fei Gao and Samuel Tien Ho Teo Institute of Computer Science University of Tartu Oct. 3, 2015 Network Switches 1 1 Image from http://www.cisco.com/c/en/us/support/docs/

613 views • 22 slides
Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal

Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal

Formal Verification of Floating-Point Arithmetic 1 Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal verification Machine-checked proof Automatic and interactive approaches HOL Light

539 views • 19 slides
Formal Verification of Gate-Level Computer Systems: ECU Sergey Tverdyshev Saarland University,

Formal Verification of Gate-Level Computer Systems: ECU Sergey Tverdyshev Saarland University,

Introduction Computer System Computer System Examples Summary Formal Verification of Gate-Level Computer Systems: ECU Sergey Tverdyshev Saarland University, Saarbruecken, Germany November 18, 2009 Introduction Computer System Computer

655 views • 40 slides
Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of

Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of

Formal Verification of Mathematical Algorithms 1 Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of bugs Formal verification Levels of verification HOL Light Formalizing mathematics

353 views • 19 slides
Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA

Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA

Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA http://www.clifford.at/papers/2018/riscv-formal/ About assertion based formal verification (formal ABV) Assertion based verification (ABV) Uses

781 views • 39 slides
Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal Verification Yosys-STMBMC iCE40 FPGAs Bounded Model Checking (Project IceStorm) Using any SMT-LIB2 solver (using QF_AUFBV logic) Xilinx

707 views • 56 slides
Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim Kobeissi PROSECCO: Pro gramming Sec urely with C rypt o graphy. Team at INRIA Paris specializing in applied cryptography and formal verification.

357 views • 14 slides
Why formal verification remains on the fringes of commercial development Arvind Computer Science

Why formal verification remains on the fringes of commercial development Arvind Computer Science

Why formal verification remains on the fringes of commercial development Arvind Computer Science & Artificial Intelligence Laboratory Massachusetts Institute of Technology WG2.8, Park City, Utah June 16, 2008 May 27, 2008 L1-1

458 views • 18 slides
Formal Verification of Curved Flight Collision Avoidance Maneuvers A Case Study Andr e

Formal Verification of Curved Flight Collision Avoidance Maneuvers A Case Study Andr e

Formal Verification of Curved Flight Collision Avoidance Maneuvers A Case Study Andr e Platzer Edmund M. Clarke Carnegie Mellon University, Computer Science Department, Pittsburgh, PA Formal Methods, FM, Eindhoven, November 2009 0.5 0.4

1.11k views • 71 slides
Types of Formal Specifications for Assertions Concurrent and Reactive Systems Assertions

Types of Formal Specifications for Assertions Concurrent and Reactive Systems Assertions

Outline Formal specifications CISC422/853: Formal Methods Types of formal specifications: in Software Engineering: assertions invariants Computer-Aided Verification safety and liveness properties How to express safety

226 views • 22 slides

More recommend