Strong Detection of Misconfigurations

1. Strong Detection of Misconfigurations Raj Kumar Rajendran Vishal Misra Dan Rubenstein

2. Can I tell if my neighbors are giving me the correct information? Distributed Algorithms • Node’s misbehavior can have disastrous consequences: • BGP AS7007 incident • Important that • Nodes detect incorrect implementation by other nodes. • Use only information provided by the routing-protocol (e.g. its state)

3. 2 2 “Weak” Detection can Fail A • Suppose graph edge lengths є {1,2} • No violation of triangle inequality Find a property that a node’s state should exhibit Find a method for checking the property Declare misconfiguration if property is violated C B d(B,C) ≠ 3!!! Eg. Triangle Inequality [DMZ’03] How do we know if we’ve checked everything we can?

4. “Strong” Detection • A detection method is “strong” if it always detects all detectable anomalies • Given s’i node i’s state and C={N} the set of allowable networks • μ is a strong detection method if, when another node j is misconfigured it either • detects a misconfiguration • Fails to detect the misconfiguration, but no method exists that can detect misconfiguration from s’i

5. D F G A B C n G E B C n E F D A M Strong Detection in D.V. at node n • Take node n’s state, s’n • Use this state to build the canonical graph, M є C • Simulate D.V. on M to generate simulated state sn(M) • We prove: • If sn(M) ≠ s’n, then misconfiguration detected • Else, either there is no misconfiguration, or it is undetectable (using node n’s state) because M might be the actual network • Complexity is O(|V|3) s’n sn(M)