Verifying Isolation Properties in the Presence of Middleboxes

Verifying Isolation Properties in the Presence of Middleboxes

Great progress has been made recently in verifying the correctness of router forwarding tables. However, these approaches do not work for networks containing middleboxes such as caches and firewalls whose forwarding behavior depends on previously observed traffic. We explore how to verify isolation...

Full description

Saved in:
Bibliographic Details
Main Authors: Panda, Aurojit, Lahav, Ori, Argyraki, Katerina, Sagiv, Mooly, Shenker, Scott
Format: Journal Article
Language:English
Published: 25-09-2014
Subjects:
Computer Science - Logic in Computer Science
Computer Science - Networking and Internet Architecture
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Great progress has been made recently in verifying the correctness of router forwarding tables. However, these approaches do not work for networks containing middleboxes such as caches and firewalls whose forwarding behavior depends on previously observed traffic. We explore how to verify isolation properties in networks that include such "dynamic datapath" elements using model checking. Our work leverages recent advances in SMT solvers, and the main challenge lies in scaling the approach to handle large and complicated networks. While the straightforward application of model checking to this problem can only handle very small networks (if at all), our approach can verify simple realistic invariants on networks containing 30,000 middleboxes in a few minutes.
DOI:10.48550/arxiv.1409.7687