Software dataplane verification

@article{Dobrescu2014SoftwareDV,
  title={Software dataplane verification},
  author={Mihai Dobrescu and Katerina J. Argyraki},
  journal={Communications of the ACM},
  year={2014},
  volume={58},
  pages={113 - 121}
}
The industry is in the mood for programmable networks, where an operator can dynamically deploy network functions on network devices, akin to how one deploys virtual machines on physical machines in a cloud environment. Such flexibility brings along the threat of unpredictable behavior and performance. What are the minimum restrictions that we need to impose on network functionality such that we are able to verify that a network device behaves and performs as expected, for example, does not… 

Figures and Tables from this paper

Mind the Gap: Monitoring the Control-Data Plane Consistency in Software Defined Networks
TLDR
VeriDP is a tool that can continuously monitor what the authors call control-data plane consistency, defined as the consistency between control plane policies and data plane forwarding behaviors, and can localize faulty switches when verification fails.
Performance Contracts for Software Network Functions
TLDR
BOLT is described, a technique and tool for computing such performance contracts for the entire software stack of NFs written in C, including the core NF logic, DPDK packet processing framework, and NIC driver.
MINOS: regulating router dataplane actions in dynamic runtime environments
TLDR
This paper exploits the feasibility of regulating actions on run-time dataplanes by detecting unexpected packet processing operations, which finally provides an honest and backdoor-proof router to operators.
Reigns to the Cloud: Compromising Cloud Systems via the Data Plane
TLDR
It is shown that compromising the data plane of modern computer networks can actually be performed by a very simple attacker with limited resources only and at low cost (i.e., at the cost of renting a virtual machine in the Cloud).
Towards Model Checking Real-World Software-Defined Networks
TLDR
This paper proposes MOCS, a highly expressive, optimised SDN model that allows capturing subtle real-world bugs, in a reasonable amount of time by analysing the model for possible partial order reductions, statically pre-computing packet equivalence classes and indexing packets and rules that exist in the model.
High-coverage testing of softwarized networks
TLDR
This paper proposes a technique for high-coverage testing of end-to-end network correctness using the real software that is deployed in these networks, using an explicit-state model checker to explore all network-wide execution paths and event orderings, but executing real software as subroutines for each device.
Automated Verification of Network Function Binaries
TLDR
An automated technique to verify NF binaries is described, making verification usable by network operators even on proprietary code, and introduces a universal type to specify both NFs and their data structures, the “ghost map”.
In-Net: in-network processing for the masses
TLDR
This paper proposes In-Net, an architecture that allows untrusted endpoints as well as content-providers to deploy custom in-network processing to be run on platforms owned by network operators, and relies on static analysis to allow platforms to check whether the requested processing is safe, and whether it contradicts the operator's policies.
Verifying software network functions with no verification expertise
We present the design and implementation of Vigor, a software stack and toolchain for building and running software network middleboxes that are guaranteed to be correct, while preserving competitive
Automated synthesis of adversarial workloads for network functions
TLDR
A tool that takes as input the LLVM code of a network function and outputs packet sequences that trigger slow execution paths that incur many CPU cycles and involve adversarial memory-access patterns is contributing to solve the challenge of unpredictable performance of software network functions.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 53 REFERENCES
Toward a verifiable software dataplane
TLDR
It is argued that dataplanes are different: they typically follow a pipeline structure that enables the proposed approach, in which pieces of the code in isolation are verified in isolation, then compose the results to reason about the entire dataplane.
VeriFlow: verifying network-wide invariants in real time
TLDR
VeriFlow is a layer between a software-defined networking controller and network devices that checks for network-wide invariant violations dynamically as each forwarding rule is inserted, and it is found that VeriFlow can perform rigorous checking within hundreds of microseconds per rule insertion.
A NICE Way to Test OpenFlow Applications
TLDR
This paper proposes a novel way to augment model checking with symbolic execution of event handlers (to identify representative packets that exercise code paths on the controller) and presents a simplified OpenFlow switch model (to reduce the state space), and effective strategies for generating event interleavings likely to uncover bugs.
Header Space Analysis: Static Checking for Networks
TLDR
The goal is to automatically find an important class of failures, regardless of the protocols running, for both operational and experimental networks, with a general and protocol-agnostic framework, called Header Space Analysis (HSA).
Model Checking Large Network Protocol Implementations
TLDR
Novel techniques that allow us to model check complex, real-world, well-tested protocol implementations with reasonable effort are implemented and applied to the Linux TCP/IP implementation, finding four errors in the protocol implementation.
Debugging the data plane with anteater
TLDR
This paper presents Anteater, a tool for checking invariants in the data plane, which translates high-level network invariants into boolean satisfiability problems (SAT), checks them against network state using a SAT solver, and reports counterexamples if violations have been found.
Machine-verified network controllers
TLDR
This paper describes the design and implementation of the first machine-verified SDN controller, and identifies bugs in existing languages and tools built without formal foundations, and proves that these bugs are absent from the system.
A SOFT way for openflow switch interoperability testing
TLDR
SOFT is presented, an approach for testing the interoperability of OpenFlow switches that automatically identifies the testing inputs that cause different OpenFlow agent implementations to behave inconsistently and identifies several inconsistencies between publicly available Reference OpenFlow switch and Open vSwitch implementations.
Real Time Network Policy Checking Using Header Space Analysis
TLDR
This paper introduces a real time policy checking tool called NetPlumber based on Header Space Analysis (HSA), which incrementally checks for compliance of state changes, using a novel set of conceptual tools that maintain a dependency graph between rules.
Leveraging parallelism for multi-dimensional packetclassification on software routers
TLDR
The design of packet classification functions can be a useful classification building block for RouteBricks-style designs, where a core router might be constructed as a mesh of regular desktop machines.
...
1
2
3
4
5
...