50 likes | 65 Views
This paper discusses the importance of detecting misconfigurations in distributed algorithms and proposes a strong detection method. It explores the potential consequences of node misbehavior and the need for accurate information. The paper presents a method for checking a node's state property and declares a misconfiguration if the property is violated. The proposed method is proven to be effective and has a complexity of O(|V|3).
E N D
Strong Detection of Misconfigurations Raj Kumar Rajendran Vishal Misra Dan Rubenstein
Can I tell if my neighbors are giving me the correct information? Distributed Algorithms • Node’s misbehavior can have disastrous consequences: • BGP AS7007 incident • Important that • Nodes detect incorrect implementation by other nodes. • Use only information provided by the routing-protocol (e.g. its state)
2 2 “Weak” Detection can Fail A • Suppose graph edge lengths є {1,2} • No violation of triangle inequality Find a property that a node’s state should exhibit Find a method for checking the property Declare misconfiguration if property is violated C B d(B,C) ≠ 3!!! Eg. Triangle Inequality [DMZ’03] How do we know if we’ve checked everything we can?
“Strong” Detection • A detection method is “strong” if it always detects all detectable anomalies • Given s’i node i’s state and C={N} the set of allowable networks • μ is a strong detection method if, when another node j is misconfigured it either • detects a misconfiguration • Fails to detect the misconfiguration, but no method exists that can detect misconfiguration from s’i
D F G A B C n G E B C n E F D A M Strong Detection in D.V. at node n • Take node n’s state, s’n • Use this state to build the canonical graph, M є C • Simulate D.V. on M to generate simulated state sn(M) • We prove: • If sn(M) ≠ s’n, then misconfiguration detected • Else, either there is no misconfiguration, or it is undetectable (using node n’s state) because M might be the actual network • Complexity is O(|V|3) s’n sn(M)