1 / 15

VeriCon : Towards Verifying Controller Programs in SDNs (PLDI 2014)

VeriCon : Towards Verifying Controller Programs in SDNs (PLDI 2014). Thomas Ball, Nikolaj Bjorner , Aaron Gember , Shachar Itzhaky , Aleksandr Karbyshev , Mooly Sagiv , Michael Schapira , Asaf Valadarsky. Traditional Computer Networks. Control plane: d istributed algorithms.

mariko
Download Presentation

VeriCon : Towards Verifying Controller Programs in SDNs (PLDI 2014)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. VeriCon: Towards Verifying Controller Programs in SDNs(PLDI 2014) Thomas Ball, NikolajBjorner, Aaron Gember, ShacharItzhaky, AleksandrKarbyshev, MoolySagiv, Michael Schapira,AsafValadarsky

  2. Traditional Computer Networks Control plane: distributed algorithms Data plane: packet streaming

  3. New Paradigm:Software Defined Networking (SDN) logically-centralized control in software smart but slow software API to the data plane (e.g., OpenFlow) dumb but fast hardware switches

  4. Controller: Programmability APP APP APP Controller events from switches topology changes, traffic statistics, arriving packets commands to switches (un)install rules, query statistics

  5. Desired Network Properties • Routing • No forwarding loops, no black holes, … • Security • ACL, firewall, middleboxes, … • Traffic Engineering • Load balancing, VM migration, … • …

  6. How can we guarantee such properties?

  7. Traditional Networks vs. SDN • Guaranteeing these properties in a traditional network is nearly impossible • Switch / Router code is a “black box” • Protocols are distributed across devices. • SDN opens up the possibility of applying formal software verification to networks! • Accessible code • Centralized control

  8. Existing Approaches • Finite-state model checking • E.g., NICE & Verificare • Analyzing network snapshots • E.g., HSA • Run-time checks • E.g., VeriFlow & NetPlumber Might miss bugs! Discover bugs too late & run-timeoverhead

  9. Dream Scenario • Verify network-wide propertiesin compile time • Find violations before they occur! • Provable verification • Prove correctness for correct programs • Find a counterexample for incorrect programs(useful for debugging)

  10. The VeriCon Tool Restrictions on Topology (T) Controller Code (P) Desired Properties  Verification Conditions Generator T P “”  SAT Solver Proof Counterexample

  11. Running Times – Correct Programs

  12. Running Times – Incorrect Programs

  13. VeriCon: Challenges and Solutions • Programmer must specify properties in 1st-order logic • We build a tool that infers formulas for SDN programs • Future research: static analysis • SDN programs must be coded in a specific language (CSDN) • VeriCon can be extended to support Java, Python, etc. • SAT solver might not terminate! • SDN programs considered are in a sub-family of FOL • … solver termination guaranteed! • VeriCon assumes atomicity of events • “Existing” solutions • Future research: verify stronger properties

  14. Summary • SDN opens up the possibility for applying formal verification to networks • VeriCon is the first system to provably verify SDN programs at compile time • for unbounded topology, #packets, etc.

  15. Thank You

More Related