new directions for network verification
play

New Directions for Network Verification Aurojit Panda, Katerina - PowerPoint PPT Presentation

Feb 06, 2024 •267 likes •813 views

New Directions for Network Verification Aurojit Panda, Katerina Argyraki, Mooly Sagiv, Michael Schapira, Scott Shenker Brief Summary of This Talk Context : Proliferation of network verification tools. Build on assumption that the

  1. New Directions for Network Verification Aurojit Panda, Katerina Argyraki, Mooly Sagiv, Michael Schapira, Scott Shenker

  2. Brief Summary of This Talk • Context : • Proliferation of network verification tools. • Build on assumption that the network state is immutable . • Immutable = Data packets do not change behavior of network

  3. Brief Summary of This Talk • Context : • Proliferation of network verification tools. • Build on assumption that the network state is immutable . • Immutable = Data packets do not change behavior of network • My point : • Many network elements have mutable state • Verifying mutable networks requires new techniques • Two technical challenges: Modeling and Scaling

  4. Outline • Background on networks. • Background on network verification. • Verifying mutable networks.

  5. Classical Networking Ted Stevens was right Alice Bob Switch Switch Switch Mallory Trent • Networks provide end-to-end connectivity. • Just contain host and switches. • All interesting processing at the hosts.

  6. Real Networks have Middleboxes! Alice Bob Switch Switch Switch Trent Mallory

  7. Real Networks have Middleboxes! Alice Bob Firewall Switch Switch Switch Trent Mallory • Security (firewalls, IDSs,…).

  8. Real Networks have Middleboxes! Alice Bob Firewall Switch Switch Switch Cache Trent Mallory • Security (firewalls, IDSs,…). • Performance (caches, load balancers,…).

  9. Real Networks have Middleboxes! Alice Bob Firewall Switch Switch Switch Proxy Cache Trent Mallory • Security (firewalls, IDSs,…). • Performance (caches, load balancers,…). • New functionality (proxies,…).

  10. Outline • Background on networks. • Background on network verification. • Verifying mutable networks.

  11. Reachability Invariants • Focus on reachability invariants • Most important in practice, simple to state but already hard Firewall S1 Balancer Firewall Mallory S2

  12. Reachability Invariants • Focus on reachability invariants • Most important in practice, simple to state but already hard Firewall S1 Balancer Firewall Mallory S2 Can S2 receive packets of type T from Mallory?

  13. Reachability Invariants • Focus on reachability invariants • Most important in practice, simple to state but already hard Firewall S1 Balancer Firewall Mallory S2 Can S2 receive “infected” packets from Mallory?

  14. Reachability Invariants • Focus on reachability invariants • Most important in practice, simple to state but already hard Firewall S1 Balancer Firewall Mallory S2 Can S2 receive packets from Mallory without a connection?

  15. Abstractions for Invariants • Operators want to specify packet types using abstractions:

  16. Abstractions for Invariants • Operators want to specify packet types using abstractions: • “infected”

  17. Abstractions for Invariants • Operators want to specify packet types using abstractions: • “infected” • from “authenticated user”

  18. Abstractions for Invariants • Operators want to specify packet types using abstractions: • “infected” • from “authenticated user” • from a given application

  19. Abstractions for Invariants • Operators want to specify packet types using abstractions: • “infected” • from “authenticated user” • from a given application • How these types are determined in a network varies

  20. Abstractions for Invariants • Operators want to specify packet types using abstractions: • “infected” • from “authenticated user” • from a given application • How these types are determined in a network varies • Invariants should not depend on these details

  21. Network Verification Today • Switches: Forwarding rules in switches. HSA, Veriflow, NetKAT, etc.

  22. Network Verification Today • Switches: Forwarding rules in switches. HSA, Veriflow, NetKAT, etc. • SDN Controller: Code generating these rules. Vericon, FlowLog, etc.

  23. Network Verification Today • Switches: Forwarding rules in switches. HSA, Veriflow, NetKAT, etc. • SDN Controller: Code generating these rules. Vericon, FlowLog, etc. • Firewalls: Verify firewall configuration. Fang, Margrave, etc.

  24. Existing Assumptions/Limitations Switches • Limited computational model (rule-based forwarding). • Immutable , functionality only changes with new rules. • Limited set of invariants enforced by networks.

  25. Existing Assumptions/Limitations Switches • Limited computational model (rule-based forwarding). • Immutable , functionality only changes with new rules. • Limited set of invariants enforced by networks. Controllers • All state and actions are centralized . (Globally ordered) • Data plane itself is immutable .

  26. Existing Assumptions/Limitations Switches • Limited computational model (rule-based forwarding). • Immutable , functionality only changes with new rules. • Limited set of invariants enforced by networks. Controllers • All state and actions are centralized . (Globally ordered) • Data plane itself is immutable . Firewalls • Treated as if they contain Immutable state. • Assume a particular (simple) computational model.

  27. Existing Assumptions/Limitations Violated by many middleboxes Switches • Limited computational model (rule-based forwarding). • Immutable , functionality only changes with new rules. • Limited set of invariants enforced by networks. Controllers • All state and actions are centralized . (Globally ordered) • Data plane itself is immutable . Firewalls • Treated as if they contain Immutable state. • Assume a particular (simple) computational model.

  28. Outline • Background on networks. • Background on network verification. • Verifying mutable networks.

  29. Verification of Mutable Networks • Naive approach • Verify a program equivalent to the entire network.

  30. Verification of Mutable Networks • Naive approach • Verify a program equivalent to the entire network. • Feasibility is not clear • Large, proprietary code bases (Bro ~102K lines of code).

  31. Verification of Mutable Networks • Naive approach • Verify a program equivalent to the entire network. • Feasibility is not clear • Large, proprietary code bases (Bro ~102K lines of code). • Scalability is crucial • Networks contain several 1000 middleboxes or more.

  32. Modeling Middleboxes

  33. Modeling Middleboxes Determines what application sent a packet, etc. Classify Packet Complex, proprietary processing.

  34. Modeling Middleboxes Determines what application sent a packet, etc. Classify Packet Complex, proprietary processing. Updating payload is complex (compression, etc.) Update Packet Updating header is simple (fixed format).

  35. Modeling Middleboxes Determines what application sent a packet, etc. Classify Packet Complex, proprietary processing. Updating payload is complex (compression, etc.) Update Packet Updating header is simple (fixed format). Could be simple (remember packets) Update State or complex (update many hash tables).

  36. Modeling Middleboxes Determines what application sent a packet, etc. Classify Packet Complex, proprietary processing. Updating payload is complex (compression, etc.) Update Packet Updating header is simple (fixed format). Could be simple (remember packets) Update State or Forward Packet Always simple: forward or drop packets.

  37. Modeling Middleboxes Oracle: Specify data dependencies and outputs Determines what application sent a packet, etc. Classify Packet Complex, proprietary processing. Updating payload is complex (compression, etc.) Update Packet Updating header is simple (fixed format). Could be simple (remember packets) Update State or Forward Packet Always simple: forward or drop packets.

  38. Modeling Middleboxes Oracle: Specify data dependencies and outputs Determines what application sent a packet, etc. Classify Packet Complex, proprietary processing. Updating payload is complex (compression, etc.) Update Packet Updating header is simple (fixed format). Could be simple (remember packets) Update State or Forward Packet Always simple: forward or drop packets. Forwarding Model: Specify Completely

  39. Example Oracle: Specify data dependencies and outputs Classify Packet Update Packet Update State Forward Packet Forwarding Model: Specify Completely

  40. Example Oracle: Specify data dependencies and outputs Dependencies Classify Packet See all packets in connection (flow). Outputs Update Packet Is packet infected . Update State Forward Packet Forwarding Model: Specify Completely

  41. Example Oracle: Specify data dependencies and outputs Dependencies Classify Packet See all packets in connection (flow). Outputs Update Packet Is packet infected . if ( infected ) { infected_connections.add(packet.flow) Update State } Forward Packet Forwarding Model: Specify Completely

  42. Example Oracle: Specify data dependencies and outputs Dependencies Classify Packet See all packets in connection (flow). Outputs Update Packet Is packet infected . if ( infected ) { infected_connections.add(packet.flow) Update State } if ( packet.flow not in infected_connections ) { Forward Packet forward (packet); } Forwarding Model: Specify Completely

  43. Scaling Verification

  44. Scaling Verification • Middleboxes are “flow-parallel”

Recommend

Network Verification Using Atomic Network Verification Using Atomic Predicates Predicates Ne

Network Verification Using Atomic Network Verification Using Atomic Predicates Predicates Ne

Network Verification Using Atomic Network Verification Using Atomic Predicates Predicates Ne two rk Ve rific atio n U sing Ato mic Pre dic ate s (S. S. L am) 1 3/ 28/ 2017 Difficulty in Managing Large Networks Difficulty in Managing Large

760 views • 44 slides
Name Space Analysis (NSA): Verification of Named Data Network Data Planes Mohammad Jahanian and

Name Space Analysis (NSA): Verification of Named Data Network Data Planes Mohammad Jahanian and

Name Space Analysis (NSA): Verification of Named Data Network Data Planes Mohammad Jahanian and K. K. Ramakrishnan University of California, Riverside ACM ICN 2019 Network Verification is important Network data planes are complex and hard to

630 views • 49 slides
U.S. Climate Reference Network: Current Status and Future Directions Sharon LeDuc Michael

U.S. Climate Reference Network: Current Status and Future Directions Sharon LeDuc Michael

U.S. Climate Reference Network: Current Status and Future Directions Sharon LeDuc Michael Palecki National Climatic Data Center DOC/NOAA/NESDIS USCRN Current Status and Future Directions, May 2009 1 USCRN Goals Making science quality

316 views • 27 slides
PRESENTATION FOR TESTING DIRECTIONS (NO 2) The World Health Organization declared COVID-19 a

PRESENTATION FOR TESTING DIRECTIONS (NO 2) The World Health Organization declared COVID-19 a

EMERGENCY MANAGEMENT ACT 2005 (WA) who enters Westero Australia (including any person who entered Westero 4. The Presentation for Testing Directions I made on 9 July 2020 are revoked. DIRECTIONS 5. Subject to paragraph 9, these directions apply

554 views • 5 slides
Run-time firmware integrity verification: what if you cant trust your network card? Loc

Run-time firmware integrity verification: what if you cant trust your network card? Loc

Run-time firmware integrity verification: what if you cant trust your network card? Loc Duflot , Yves-Alexis Perez , Benjamin Morin Agence Nationale de la Scurit des Systmes dInformation Introduction & reminder Last year...

467 views • 44 slides
Run-time firmware integrity verification: what if you cant trust your network card?

Run-time firmware integrity verification: what if you cant trust your network card?

Run-time firmware integrity verification: what if you cant trust your network card? International Symposium on Recent Advances in Intrusion Detection Menlo Park, September 2011 Loc Duflot, Yves-Alexis Perez, Benjamin Morin ANSSI French

627 views • 37 slides
Network verification and synthesis CSE 599N1 Sep 25, 2019 Who are we? Ratul Mahajan UW

Network verification and synthesis CSE 599N1 Sep 25, 2019 Who are we? Ratul Mahajan UW

Network verification and synthesis CSE 599N1 Sep 25, 2019 Who are we? Ratul Mahajan UW MSR Intentionet UW One of the first paper was Understanding BGP misconfiguration (2002) Ryan Beckett Princeton MSR

835 views • 23 slides
DB Future Directions Future Directions The Future is hard to predict and is driven by

DB Future Directions Future Directions The Future is hard to predict and is driven by

DB Future Directions Future Directions The Future is hard to predict and is driven by technology trends, unforeseen events, special needs, previous commitments, policy, mistakes, innovation, etc. What follows is some personal

538 views • 20 slides
Introduction to Electronic Verification Electronic Verification of Educational Records

Introduction to Electronic Verification Electronic Verification of Educational Records

Introduction to Electronic Verification Electronic Verification of Educational Records OVERVIEW 01 04 Scope of Verification Peggys Picks Types of verification, Verifying exam results or parameters, privacy graduation using databases

1.25k views • 81 slides
Bayes Network Analysis by Program Verification Joost-Pieter Katoen Alan Turing Institute,

Bayes Network Analysis by Program Verification Joost-Pieter Katoen Alan Turing Institute,

Bayes Network Analysis by Program Verification Joost-Pieter Katoen Alan Turing Institute, January 2018 Joost-Pieter Katoen Bayes Network Analysis by Program Verification 1/62 Perspective There are several reasons why probabilistic

1.06k views • 62 slides
A 5G Media Delivery Network Demonstrator A Development and Verification platform Nikos Bakalos

A 5G Media Delivery Network Demonstrator A Development and Verification platform Nikos Bakalos

A 5G Media Delivery Network Demonstrator A Development and Verification platform Nikos Bakalos Research Engineer ICCS/NTUA Institute of Communications and Computer Systems National Technical University of Athens Internet Science Group 5G

63 views • 3 slides
Directions and Rubric for Magnified Giving Presentation Project Directions: For this project, you

Directions and Rubric for Magnified Giving Presentation Project Directions: For this project, you

Name: Date: Period: Directions and Rubric for Magnified Giving Presentation Project Directions: For this project, you will be working individually. Your goal is to research a non-profit organization with a mission you think contributes to the

186 views • 4 slides
DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification

DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification

DIVS DL/ID Verification Systems Verification of Legal Status DIVS Passport Verification Projects Birth Record Verification State to State Verification DIVS State to State Verification Service (S2S) Program Benefits Mission

349 views • 8 slides
Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive

Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive

The Center for Verification and Evaluation (CVE) Preparing for Re-Verification Brief Mr. Terrence Moultrie Chief, Verification and Executive Support Services Agenda What is Re-Verification? o Simplified Reverification Program VIP

320 views • 21 slides
Institutional mechanism(s) and policy directions for effective operationalization of corridors

Institutional mechanism(s) and policy directions for effective operationalization of corridors

S EMINAR ON RAILWAY NETWORK CONNECTIVITY AND INTEROPERABILITY CHALLENGES Dushanbe, 5-6 September 2018 Institutional mechanism(s) and policy directions for effective operationalization of corridors Ariadne Abel Economic Affairs Officer

670 views • 12 slides
Secure Scheduling Legislative Process & Initial Policy Directions - policy directions

Secure Scheduling Legislative Process & Initial Policy Directions - policy directions

Secure Scheduling Legislative Process & Initial Policy Directions - policy directions proposed by Oregon presentation City staff , not endorsed by elected officials 07-21-16 1 Businesses dont need the same amount of workers on a

451 views • 14 slides
Objectives Design rules Floorplan Routing Physical layout verification

Objectives Design rules Floorplan Routing Physical layout verification

Objectives Design rules Floorplan Routing Physical layout verification Clock network Power network Engineering changing order Package After completing logic/circuit design, the next phase in ASIC design flow

1.03k views • 92 slides
Verification & Validation Verification is getting the system right : Verification and

Verification & Validation Verification is getting the system right : Verification and

Verification & Validation Verification is getting the system right : Verification and Validation Does the program you built do what you designed it to do? Dr. James A. Bednar Validation is getting the right system : jbednar@inf.ed.ac.uk

331 views • 8 slides
Verification and Validation Steven Zeil February 13, 2013 Verification and Validation

Verification and Validation Steven Zeil February 13, 2013 Verification and Validation

Verification and Validation Verification and Validation Steven Zeil February 13, 2013 Verification and Validation Outline The Process 1 Non-Testing V&V 2 Code Review Mathematically-based verification Static analysis tools

790 views • 55 slides
Graphical Models Graphical Models Relationship between the directed & undirected models

Graphical Models Graphical Models Relationship between the directed & undirected models

Graphical Models Graphical Models Relationship between the directed & undirected models Siamak Ravanbakhsh Winter 2018 Two directions Two directions Markov network Bayes-net Markov network Bayes-net

311 views • 19 slides
Toward Understanding Natural Language Directions Video Motivating Example Data Corpus Data

Toward Understanding Natural Language Directions Video Motivating Example Data Corpus Data

Toward Understanding Natural Language Directions Video Motivating Example Data Corpus Data collection 15 visitors wrote 10 sets of directions each (150 total) Each visitor tries to follow someone elses directions to check quality

378 views • 22 slides
NETWORK VERIFICATION: WHEN CLARKE MEETS CERF George Varghese UCLA (with collaborators from CMU,

NETWORK VERIFICATION: WHEN CLARKE MEETS CERF George Varghese UCLA (with collaborators from CMU,

FOR PUBLIC CLOUDS, PRIVATE CLOUDS, TOOLS ENTERPRISE NETWORKS, ISPs, . . . NETWORK VERIFICATION: WHEN CLARKE MEETS CERF George Varghese UCLA (with collaborators from CMU, MSR, Stanford, UCLA) 1 Model and Terminology 1.8.* 1.2.* 1.2.*,

578 views • 39 slides
Verification regulations: Description Draft to define model for meeting verification

Verification regulations: Description Draft to define model for meeting verification

Verification regulations: Description Draft to define model for meeting verification regulations Verification Code Extension (draft-gould-eppext-verificationcode) Purpose Separate verification details from registry interface

167 views • 6 slides
Part 1: Status of Interconnectivity verification in i-Visto Tetsuo Kawano and Takeaki

Part 1: Status of Interconnectivity verification in i-Visto Tetsuo Kawano and Takeaki

Part 1: Status of Interconnectivity verification in i-Visto Tetsuo Kawano and Takeaki Mochida NTT Laboratories (i-visto@core.ntt.co.jp) 1 Objective Extend i-Visto interconnectivity with network quipment (Router, Switch), network

223 views • 18 slides

More recommend