towards correct by construction sdn
play

TOWARDS CORRECT-BY-CONSTRUCTION SDN Leonid Ryzhyk Nikolaj Bjorner - PowerPoint PPT Presentation

Oct 26, 2023 •391 likes •639 views

TOWARDS CORRECT-BY-CONSTRUCTION SDN Leonid Ryzhyk Nikolaj Bjorner Marco Canini Jean-Baptjste Jeannin Nina Narodytska Cole Schlesinger Douglas Terry George Varghese 22 August 2016 INTRODUCTION 2 Cocoon is a high-level

  1. TOWARDS CORRECT-BY-CONSTRUCTION SDN Leonid Ryzhyk Nikolaj Bjorner Marco Canini Jean-Baptjste Jeannin Nina Narodytska Cole Schlesinger Douglas Terry George Varghese 22 August 2016

  2. INTRODUCTION 2 ● Cocoon is a – high-level SDN programming language – verifjcation tool – SDN programming methodology ● … based on the principle of correctness by construction

  3. COCOON IN A NUTSHELL 3 Traditional SDN Verification Workflow Design Implement Run on the Verify generated controller network configuration SDN verification with Cocoon refine refine refine spec implementation Correct by construction

  4. EXAMPLE: CAMPUS NETWORK [Sung et al. Towards Systematic Design of Enterprise Networks] 4 L2 segment Router VLAN Gateway vlan-1 vlan-1 gw router vlan-2 vlan-2 gw router Switch vlan-3 vlan-3 gw router switch router

  5. INTER-VLAN ROUTING: HOP1 5 ACL vlan-1 vlan-1 gw router vlan-2 vlan-2 gw router vlan-3 vlan-3 gw router switch router

  6. INTER-VLAN ROUTING: HOP2 6 ACL vlan-1 vlan-1 gw router vlan-2 vlan-2 gw router vlan-3 vlan-3 gw router switch router

  7. INTER-VLAN ROUTING: HOP3 7 This is messy: ● Large, ad hoc topology ● L2/L3 routing are mixed up ● Complex distributed security policies Typical bugs: ● ACL distribution ● Routing loops ● Black holes vlan-1 vlan-1 gw router Let’s try to untangle this design … vlan-2 vlan-2 gw router vlan-3 vlan-3 gw router switch router

  8. STEP 1: HIGH-LEVEL SPECIFICATION 8 acl() 193.62.*.* 193.63.*.* 193.64.1.*

  9. STEP 2: DISTRIBUTED ACLs 9 acl() 193.62.*.* 193.63.*.* 193.64.1.*

  10. STEP 2: DISTRIBUTED ACLs 10 Gateways aclIn() aclOut() 193.62.*.* 193.63.*.* 193.64.1.* Assumption: acl() ≡ aclOut() Λ aclIn()

  11. STEP 3: L3 ROUTING 11 193.62.*.* 193.63.*.* 193.64.1.*

  12. STEP 3: L3 ROUTING 12 Routers L3NextHop() 193.62.*.* 193.63.*.* 193.64.1.* Assumption: L3NextHop(pkt)* = Gateway(pkt)

  13. STEP 4: L2 SWITCHING 13 193.62.*.* 193.63.*.* 193.64.1.*

  14. STEP 4: L2 SWITCHING 14 193.62.*.* 193.63.*.* 193.64.1.*

  15. STEP 4: L2 SWITCHING 15 L2 switches Assumption: L2NextHop(pkt)* = L3NextHop(pkt)

  16. STEP 4: L2 SWITCHING 16 L2NextHop(pkt.vlan=0) L2NextHop(pkt.vlan=green) L2NextHop(pkt.vlan=red) L2NextHop(pkt.vlan=blue)

  17. SEPARATION OF CONCERNS 17 High-level spec Distributed access control L3 routing L2 switching

  18. WOULDN’T IT BE GREAT TO BUILD SDNs THIS WAY? 18 acl() aclOut() aclIn() 193.62.*.* 193.63.*.* 193.64.1.* 193.62.*.* 193.63.*.* 193.64.1.* With Cocoon, you can! ● Language support for refinement-based programming l3NextHop() ● Automatic compositional verification ● P4 and OpenFlow (via NetKAT) backends 193.62.*.* 193.63.*.* 193.64.1.*

  19. PARAMETERIZED SPECIFICATIONS 19 ● Parameterized specifjcations – Spec may contain undefjned functions , e.g., acl(), l2NextHop(), l3NextHop() – Verifjcation relies on assumptions – These functions are defjned when the network design is instantiated – They can also change at runtime, e.g., in response to link failures – Assumptions are validated when concrete defjnitions are provided (statically or at runtime)

  20. CASE STUDIES 20 Campus network ● [Sung et al. T owards Systematic Design of Enterprise Networks] F10 ● [Liu et al. F10: A Fault-T olerant Engineered Network] B4-style WAN ● [Jain et al. B4: Experience with a Globally-Deployed Software Defjned WAN] iSDX (Software-defjned Internet Exchange) ● [Gupta et al. An Industrial-Scale Software Defjned Internet Exchange Point] NSX-style network virtualization framework ● [Koponen et al. Network Virtualization in Multi-tenant Datacenters] Stag (source-based routing + security labels for fat-tree ● topology)

  21. PERFORMANCE 21 ● All case studies verifjed in ~10 sec, – Compositional verifjcation (1 refjnement at a time) – Parameterized verifjcation amplifjes the power of symbolic reasoning ● No direct comparison (yet) with existing tools like NetKAT, HSA, but expect them to slow down for larger topologies

  22. COCOON VS TRADITIONAL NETWORK VERIFICATION 22 HSA/ NetKAT/ ... Correctness spec

  23. CONCLUSIONS 24 ● Correct-by-construction SDN via iterative refjnement: – Enforces modular design – Enables strong static correctness guarantees – Scales to complex realistic networks

  24. EXAMPLE ASSUMPTION 25 assume (hid_t sid, vid_t vid, MAC dst) (l2distance(sid, vid, dst) > 1) => l2distance(link(sid, l2NextHop(sid, vid, dst)), dst) == (l2distance(sid, vid, dst) - 1)

Recommend

Correct b Correct by Construction A Construction Attack ttack-Tolerant Syst olerant Systems

Correct b Correct by Construction A Construction Attack ttack-Tolerant Syst olerant Systems

Correct b Correct by Construction A Construction Attack ttack-Tolerant Syst olerant Systems ems Robert Constable Cornell University Mark Bickford ATC-NY Robbert Van Renesse Robbert Van Renesse Cornell University Correct by Construction

166 views • 14 slides
Construction Insurance: Tendering Your Claim to the Correct Carrier, Understanding Carriers

Construction Insurance: Tendering Your Claim to the Correct Carrier, Understanding Carriers

Presenting a live 90-minute webinar with interactive Q&A Construction Insurance: Tendering Your Claim to the Correct Carrier, Understanding Carriers Right to Allocate to Others Navigating Indemnity, Contribution and Subrogation to

923 views • 49 slides
Lab 2 discussion Last Time Debugging Its a science use experiments to refine

Lab 2 discussion Last Time Debugging Its a science use experiments to refine

size= 64 correct= 0 size= 73 correct= 0 Shuying Liang size= 107 correct= 1 size= 107 correct= 0 size= 108 correct= 0 size= 108 correct= 1 Please do not handin a .doc file, a .zip file, a .tar file, size= 111 correct= 1 size=

430 views • 7 slides
Dr. CU 2.0: A Scalable Detailed Routing Framework with Correct-by-Construction Design Rule

Dr. CU 2.0: A Scalable Detailed Routing Framework with Correct-by-Construction Design Rule

Dr. CU 2.0: A Scalable Detailed Routing Framework with Correct-by-Construction Design Rule Satisfaction Haocheng Li , Gengjie Chen, Bentian Jiang, Jingsong Chen, Evangeline F. Y. Young Source code is available at

353 views • 31 slides
Performance of Correct Statement of the Problem and Impact. Associated Issues. Procedure

Performance of Correct Statement of the Problem and Impact. Associated Issues. Procedure

Performance of Correct Procedure at Correct Body Site Patient Safety Solutions CONTENT Performance of Correct Statement of the Problem and Impact. Associated Issues. Procedure at Correct Suggested Actions. Looking Forward.

198 views • 3 slides
Part III Part III Gain- -based synthesis based synthesis Gain enabler for correct- -by

Part III Part III Gain- -based synthesis based synthesis Gain enabler for correct- -by

Part III Part III Gain- -based synthesis based synthesis Gain enabler for correct- -by by- -construction design construction design enabler for correct ASP- -DAC01 Tutorial DAC01 Tutorial ASP Patrick Groeneveld

1k views • 87 slides
Micropipetting Doing it the correct way Practice, practice, practice! Why Take the Time to

Micropipetting Doing it the correct way Practice, practice, practice! Why Take the Time to

Micropipetting Doing it the correct way Practice, practice, practice! Why Take the Time to Practice? Micropipetting is the foundation to many future experiments Correct pipetting insures correct volumes which creates a greater chance

544 views • 19 slides
Agenda this Month Requirement to Correct Other HMRC announcements and other tax

Agenda this Month Requirement to Correct Other HMRC announcements and other tax

Agenda this Month Requirement to Correct Other HMRC announcements and other tax developments Recent tax cases Requirement to Correct Deadline 30 September ! Requirement to Correct (RTC) RTC obliges taxpayers to make a disclosure

595 views • 38 slides
e-Bug Pack Evaluation 1 Quantitative Data Overview % % % Topics Correct Correct

e-Bug Pack Evaluation 1 Quantitative Data Overview % % % Topics Correct Correct

e-Bug Pack Evaluation 1 Quantitative Data Overview % % % Topics Correct Correct Improvement p value before after score Micro organisms 51 86 35 (30, 39) <0.001 Good and Bad Microbes 48 86 36 (32, 40) <0.001 Spread

427 views • 29 slides
Evaluating classifiers CS440 The 2-by-2 contingency table correct not correct positive tp fp

Evaluating classifiers CS440 The 2-by-2 contingency table correct not correct positive tp fp

10/30/19 Evaluating classifiers CS440 The 2-by-2 contingency table correct not correct positive tp fp prediction negative fn tn prediction 1 10/30/19 Precision and recall Precision : % of predicted items that are correct P = tp/

117 views • 11 slides
Construction Projects Vestfold Line Upcoming contracts Project Director Stine Ilebrekke Undrum

Construction Projects Vestfold Line Upcoming contracts Project Director Stine Ilebrekke Undrum

Construction Projects Vestfold Line Upcoming contracts Project Director Stine Ilebrekke Undrum 2 Information is correct as of 10 May 2017, but may be subject to change. and today`s trains use the same track as in 1881 6 Construction

452 views • 28 slides
Summary Summary I Iterative flow Iterative flow vs vs. stepwise refinement . stepwise

Summary Summary I Iterative flow Iterative flow vs vs. stepwise refinement . stepwise

Gain Gain-based synthesis based synthesis enabler for correct enabler for correct-by by-construction design construction design Patrick Patrick Groeneveld Groeneveld (patrick patrick@magma @magma-da da.com) .com) Magma

1.06k views • 46 slides
Topic 16 Creating Correct Programs Creating Correct Programs "It is a profoundly erroneous

Topic 16 Creating Correct Programs Creating Correct Programs "It is a profoundly erroneous

Topic 16 Creating Correct Programs Creating Correct Programs "It is a profoundly erroneous truism, repeated by all the copybooks, and by eminent people when they are making speeches, that we should cultivate the habit of thinking about

463 views • 29 slides
Hybrid Construction Hybrid Construction Hybrid Construction Hybrid Construction 1 VP

Hybrid Construction Hybrid Construction Hybrid Construction Hybrid Construction 1 VP

Hybrid Construction Hybrid Construction Hybrid Construction Hybrid Construction 1 VP University VP University WHEN DO YOU USE HYBRI D CONSTRUCTI ON? Hybrid Construction is an economical alternative to conventional steel structures

431 views • 15 slides
What is the B-method? Welcome to Provably Correct Software http://www.it.uu.se/

What is the B-method? Welcome to Provably Correct Software http://www.it.uu.se/

What is the B-method? Welcome to Provably Correct Software http://www.it.uu.se/ edu/course/homepage/bkp/vt09 Instructor Lars-Henrik Eriksson lhe@it.uu.se, http://www.it.uu.se/katalog/lhe?lang=en Provably Correct Software Page 1 Updated

545 views • 18 slides
Group Therapy 9 0 8 5 3 The Changes Compliance with Correct Coding Standards 1. Per the

Group Therapy 9 0 8 5 3 The Changes Compliance with Correct Coding Standards 1. Per the

Group Therapy 9 0 8 5 3 The Changes Compliance with Correct Coding Standards 1. Per the National Correct Coding Initiative, the CPT code definition of group psychotherapy (90853) has a unit concept of 1 session. Prior to the change,

310 views • 6 slides
ITE Exam Results Spring 2012 Summer 2012* Difference Number of residents 86 95 % Correct % Correct

ITE Exam Results Spring 2012 Summer 2012* Difference Number of residents 86 95 % Correct % Correct

ITE Exam Results Spring 2012 Summer 2012* Difference Number of residents 86 95 % Correct % Correct Overall 66.3 56.2 -10.1 GTS - Overall 67.8 58.4 -9.4 Trachea/Bronchi 52.2 45.0 -7.2 Diaphragm 63.4 46.6 -16.8 Pleura 63.1 48.7 -14.4 Mediastinum 69.0

271 views • 3 slides
CONSTRUCTION LAW SEMINARS Beneschs Construction Law Practice Group 1. Construction Law:

CONSTRUCTION LAW SEMINARS Beneschs Construction Law Practice Group 1. Construction Law:

CONSTRUCTION LAW SEMINARS Beneschs Construction Law Practice Group 1. Construction Law: Beyond the Letter of Your overcome. Specific topics include: Contract Effectively Playing the Claims (1) notice clauses; (2) no-damage-for-delay

252 views • 3 slides
The UK Construction Industrys Shows they have a basic level of health and safety awareness.

The UK Construction Industrys Shows they have a basic level of health and safety awareness.

11/23/2018 What is CSCS? A Skills Certification Scheme introduced in 1995, construction operatives, supervisors and managers. Provides the construction industry with a means of verifying qualifications and training. The UK Construction

245 views • 5 slides
Provably Correct Development of Reconfigurable Hardware Designs via Equational Reasoning Ian

Provably Correct Development of Reconfigurable Hardware Designs via Equational Reasoning Ian

Provably Correct Development of Reconfigurable Hardware Designs via Equational Reasoning Ian Graves, Adam Procter, Bill Harrison & Gerard Allwein FPT 2015 Introduction Provably Correct Development, Bird-Wadler Style Reference

397 views • 24 slides
The keyword list thus far: Creating Correct Programs Creating Correct Programs Complete list

The keyword list thus far: Creating Correct Programs Creating Correct Programs Complete list

Topic 16 The keyword list thus far: Creating Correct Programs Creating Correct Programs Complete list of Java keywords: Complete list of Java keywords: abstract default if private this boolean do implements protected

447 views • 8 slides
0 0 A. OMGBBQPIZZA, so amazing! B. It's pretty cool C. Meh D. Whatever CORRECT

0 0 A. OMGBBQPIZZA, so amazing! B. It's pretty cool C. Meh D. Whatever CORRECT

1 = 3 108m/s? How amazing is that 0 0 A. OMGBBQPIZZA, so amazing! B. It's pretty cool C. Meh D. Whatever CORRECT ANSWER CORRECT ANSWER OMGBBQPIZZA, so amazing! Consider a large parallel plate capacitor as shown, charging

708 views • 22 slides
(TOWARDS) DEMONSTRABLY CORRECT COMPILATION OF JAVA BYTECODE Michael Leuschel University of

(TOWARDS) DEMONSTRABLY CORRECT COMPILATION OF JAVA BYTECODE Michael Leuschel University of

(TOWARDS) DEMONSTRABLY CORRECT COMPILATION OF JAVA BYTECODE Michael Leuschel University of Dsseldorf FMCO 2008 Nice Sophia-Antipolis PART 1: BACKGROUND BACKGROUND DeCCo (Demonstrably Correct Compiler) By Susan Stepney, Logica + AWE

827 views • 56 slides
Reminders Homework #3 is out Should cover proofs (including some from today) Due next

Reminders Homework #3 is out Should cover proofs (including some from today) Due next

Reminders Homework #3 is out Should cover proofs (including some from today) Due next Tuesday (September 24) Office hours Wednesday and Thursday Is this Proof Correct? Is this Proof Correct? Is this Proof Correct? CMSC 203:

792 views • 12 slides

More recommend