Network Verification Solvers, Symmetries, Surgeries. Nikolaj Bjørner
|
|
- Dwayne Robbins
- 6 years ago
- Views:
Transcription
1 Network Verification Solvers, Symmetries, Surgeries Nikolaj Bjørner NetPL, August, 2016
2 Networking needs: Configuration Sanity/Synthesis, Programming, Provisioning Network Design Automation Z3 Z3 advances: Bit-vector Reasoning ~ Header Spaces Reachability Checking, Quantitative Reasoning
3 Symbolic Analysis with Solution/Model x 2 + y 2 < 1 and xy > 0.1 sat, x = 1, y = x 2 + y 2 < 1 and xy > 1 unsat, Proof Is execution path P feasible? SAGE W I T N E S S Z3 solved more than 10 billion constraints created by SymEx tools including SAGE checking Win8,10 and Office Is Formula F Satisfiable? Does Policy Satisfy Contract? Z3 used by Pex, Static Driver Verifier, many other tools
4 Our competition also likes symbolic solving Microsoft Azure and MSR are always hiring. Top engineering and research orgs with big and long term bets.
5 Application Research Synchronized Optimization Mehdi Network Logic Solver Rybalchenko Network Optimized Datalog Lopes min cost max flow fault, Batfish Fogel, Mahajan Varghese Plotkin Network Optimization Control Plane Network buildout Traffic Engineering Reachability in IP networks Flows and Fault analysis Some secret sauce. Network Optimized Datalog Symmetries and surgeries Compact Header Space Enumeration Jayaraman Data Plane Sanity checking of Data plane Configuration Models of Bit-vector formulas Contracts & Netw. Beliefs
6 Calculus and Solvers Application Calculus Solver SecGuru: Access Control Routing Validation Static configurations for Border Gateway Protocol Satisfiability Modulo Theories for Bit-vectors SAT Checking beliefs in networks Verifying SDN controllers Network Optimized Datalog Network Symmetries and Surgeries Quantified logical formulas Datalog for Header Spaces Tries for Header Space partitioning Instantiation based reasoning
7 Verification: Values and Obstacles Hardware Software Networks Chips Devices (PC, phone) Service Bugs are: Burned into silicone Exploitable, workarounds Latent, Exposed Dealing with bugs: Costly recalls Online updates Live site incidents Obstacles to eradication: Design Complexity Code churn, legacy, false positives Topology, configuration churn Value proposition Cut time to market Safety/OS critical systems, Quality of code base Meet SLA, Utilize bandwidth, Enable richer policies
8 SecGuru
9 Policies as Logical Formulas Precise Semantics as formulas Traditional Low level of Configuration network managers use Allow: srcip dstip protocol = 6 Deny: dstip (protocol = 4) Combining semantics Contracts/ Policies Semantic Diffs ሧ Allow i ሥ Deny j i j
10 Access Control Contract: DNS ports on DNS servers are accessible from tenant devices over both TCP and UDP. Contract: The SSH ports on management devices are inaccessible from tenant devices.
11 SecGuru workflow Azure Network Devices GNS Edge Network Devices Contract Database StreamInsight Complex Event Processing (CEP) Application Configuration Stream Contract Stream SECGURU ACL Validation Theorem Prover Device Validation Stream Reports Database Alerts + Reporting in WANetmon Windows Azure Network Monitoring Infrastructure
12 SecGuru for GNS edge ACLs Regression test suite + SecGuru check correctness of Edge ACL prior to deployment Edge ACL Regression Contracts SecGuru to 1000 ACLs Regression Contracts Several major Edge ACL pushes Edge ACL Edge ACL SecGuru no major impact on any services Stable state
13 Beyond Z3: a new idea to go from one violation to all violations ሧ Allow i ሥ Deny j i j Semantic Diffs ሧ Allow m ሥ Deny n m n srcip = /16, /16 dstip = /24, /24 port = 80,443 Representing solutions = 2 27 single solutions, or - 8 products of contiguous ranges, or - A single product of ranges dstip dstip SecGuru contains optimized algorithm for turning single solutions into all (product of ranges) srcip srcip srcport
14 Verifying Forwarding Rules Routes with SecGuru Logic Contract Cluster dst Router 1 dst Router 2 (dst)
15 Network Reachability
16 Checking beliefs in Dynamic Networks A 10* 01* 10* *** B 1** *** 1** *** dst[1] := 0 D *** 1** Which packets can reach B from A? Datalog useful for encoding a broad range of queries. We use belief for a class of general properties that one may expect to hold of networks. Sample belief: packets flow through middle-box [Lopes, B, Godefroid, Jayaraman, Varghese NSDI 15]
17 Applying NoD to P P4 code + Config NoD [Lopes, Rybalchenko, B, McKeown, Talayco, Varghese]
18 Scaling Network Verification using Symmetry and Surgery A Theory of Network Dataplanes - out Nodes 2 Ports - Port = n. i n Nodes, i out n } - links: Port N Nodes - h@n. i i Trans Header Port Header Port Such that n = links n. i, i out(n ) A basis for defining bisimulation relations: h@n. i i [Plotkin, B, Lopes, Rybalchenko, Varghese, POPL 16]
19 Scaling Network Verification using Symmetry and Surgery A Toolbox of Network Transformations Example: Replace a core of a network by a single hub: [Plotkin, B, Lopes, Rybalchenko, Varghese, POPL 16]
20 Scaling Network Verification using Symmetry and Surgery Scaling comprehensive Network Verification Example: Move rules from B to C if forwarding is the same. Relies on efficient representation of header equivalence classes.
21 Router Rules Venn Diagrams ddnf Forwarding rules *** 1** via port1 *1* via port2 **1 via port3 *** via port2 Original guards 1** *1* **1 11* 1*1 * ** 11* *1* 1*1 111 *11 **1 Intersection [B, Juniwal, Mahajan, Seshia, Varghese MSR-TR]
22 Summary Much is about Configuration Correctness: Is intent captured? (SecGuru) Usage (NoD + P4) Synthesis (Control Plane) Bandwidth Use and Provisioning (QNA) Modern packet switched networks a good use case for PL + Symbolic Methods
NETWORK VERIFICATION: WHEN CLARKE MEETS CERF
TOOLS FOR PUBLIC CLOUDS, PRIVATE CLOUDS, ENTERPRISE NETWORKS, ISPs,... NETWORK VERIFICATION: WHEN CLARKE MEETS CERF George Varghese UCLA (with collaborators from CMU, MSR, Stanford, UCLA) 1 Model and Terminology
More informationAutomated Analysis and Debugging of Network Connectivity Policies
Automated Analysis and Debugging of Network Connectivity Karthick Jayaraman Microsoft Azure karjay@microsoft.com Nikolaj Bjørner Microsoft Research nbjorner@microsoft.com Charlie Kaufman charliekaufman@outlook.com
More informationFrom Z3 to Lean, Efficient Verification
From Z3 to Lean, Efficient Verification Turing Gateway to Mathematics, 19 July 2017 Leonardo de Moura, Microsoft Research Joint work with Nikolaj Bjorner and Christoph Wintersteiger Satisfiability Solution/Model
More informationddnf: An Efficient Data Structure for Header Spaces
ddnf: An Efficient Data Structure for Header Spaces Nikolaj Bjørner 1, Garvit Juniwal 2, Ratul Mahajan 1, Sanjit A. Seshia 2, and George Varghese 3 1 Microsoft Research 2 University of California, Berkeley
More informationNetwork Verification: Reflections from Electronic Design Automation (EDA)
Network Verification: Reflections from Electronic Design Automation (EDA) Sharad Malik Princeton University MSR Faculty Summit: 7/8/2015 $4 Billion EDA industry EDA Consortium $350 Billion Semiconductor
More informationA Hypothesis Testing Framework for Network Security
A Hypothesis Testing Framework for Network Security P. Brighten Godfrey University of Illinois at Urbana-Champaign TSS Seminar, September 15, 2015 Part of the SoS Lablet with David Nicol Kevin Jin Matthew
More informationChecking Beliefs in Dynamic Networks
Nuno P. Lopes Microsoft Research Checking Beliefs in Dynamic Networks Nikolaj Bjørner Microsoft Research George Varghese Microsoft Research Patrice Godefroid Microsoft Research Karthick Jayaraman Microsoft
More informationChecking Cloud Contracts in Microsoft Azure
Checking Cloud Contracts in Microsoft Azure Nikolaj Bjørner 1 and Karthick Jayaraman 2 1 Microsoft Research nbjorner@microsoft.com 2 Microsoft Azure karjay@microsoft.com Abstract. Cloud Contracts capture
More informationFOUNDATIONS OF INTENT- BASED NETWORKING
FOUNDATIONS OF INTENT- BASED NETWORKING Loris D Antoni Aditya Akella Aaron Gember Jacobson Network Policies Enterprise Network Cloud Network Enterprise Network 2 3 Tenant Network Policies Enterprise Network
More informationA General Approach to Network Configuration Verification
A General Approach to Network Configuration Verification Ryan Beckett Princeton University Aarti Gupta Princeton University Ratul Mahajan Microsoft Research David Walker Princeton University Abstract We
More informationData Plane Verification and Anteater
Data Plane Verification and Anteater Brighten Godfrey University of Illinois Work with Haohui Mai, Ahmed Khurshid, Rachit Agarwal, Matthew Caesar, and Sam King Summer School on Formal Methods and Networks
More informationPractical Network-wide Packet Behavior Identification by AP Classifier
Practical Network-wide Packet Behavior Identification by AP Classifier NETWORK-WIDE PACKET BEHAVIOR IDENTIFICATION o An control plane application identifying forwarding behaviors of packets in a flow:
More informationTenantGuard: Scalable Runtime Verification of Cloud-Wide VM-Level Network Isolation
NDSS 2017 TenantGuard: Scalable Runtime Verification of Cloud-Wide -Level Network Isolation Y. Wang 1, T. Madi 1, S. Majumdar 1, Y. Jarraya 2, A. Alimohammadifar 1, M. Pourzandi 2, L. Wang 1 and M. Debbabi
More informationNetwork Verification Using Atomic Predicates (S. S. Lam) 3/28/2017 1
Network Verification Using Atomic Predicates 1 Difficulty in Managing Large Networks Complexity of network protocols o unexpected protocol interactions o links may be physical or virtual (e.g., point to
More informationCOCO N: CORRECT-BY-CONSTRUCTION NETWORKS USING STEPWISE REFINEMENT
COCO N: CORRECT-BY-CONSTRUCTION NETWORKS USING STEPWISE REFINEMENT Leonid Ryzhyk Nikolaj Bjorner Marco Canini Jean-Baptiste Jeannin Cole Schlesinger Douglas Terry George Varghese RUNNING EXAMPLE: CAMPUS
More informationCisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack
White Paper Cisco Application Centric Infrastructure and Microsoft SCVMM and Azure Pack Introduction Cisco Application Centric Infrastructure (ACI) is a next-generation data center fabric infrastructure
More informationA General Approach to Network Configuration Verification
A General Approach to Network Configuration Verification ABSTRACT Ryan Beckett Princeton University Ratul Mahajan Microsoft Research & Intentionet We present Minesweeper, a tool to verify that a network
More informationSymbolic and Concolic Execution of Programs
Symbolic and Concolic Execution of Programs Information Security, CS 526 Omar Chowdhury 10/7/2015 Information Security, CS 526 1 Reading for this lecture Symbolic execution and program testing - James
More informationTowards Systematic Design of Enterprise Networks
Towards Systematic Design of Enterprise Networks Geoffrey Xie Naval Postgraduate School In collaboration with: Eric Sung, Xin Sun, and Sanjay Rao (Purdue Univ.) David Maltz (MSR) Copyright 2008 AT&T. All
More informationCrash Course in Applied PL
Crash Course in Applied PL (with applications to Networks) Software Reliability Lab Department of Computer Science ETH Zurich Overview of Applied PL techniques Static Analysis Program Synthesis ibgp, OSPF,
More informationSession objectives and takeaways
Session objectives and takeaways Objectives Explain SDN Core Concepts Deploy SDN Fabric with SCVMM 2016 Takeaways: Deploying SDN Fabric components with SCVMM requires planning Deploying Tenant Resources
More informationRouter Router Microprocessor controlled traffic direction home router DSL modem Computer Enterprise routers Core routers
Router Router is a Microprocessor controlled device that forwards data packets across the computer network. It is used to connect two or more data lines from different net works. The function of the router
More informationFormal Verification of Computer Switch Networks
Formal Verification of Computer Switch Networks Sharad Malik; Department of Electrical Engineering; Princeton Univeristy (with Shuyuan Zhang (Princeton), Rick McGeer (HP Labs)) 1 SDN: So what changes for
More informationConfiguring the Catena Solution
This chapter describes how to configure Catena on a Cisco NX-OS device. This chapter includes the following sections: About the Catena Solution, page 1 Licensing Requirements for Catena, page 2 Guidelines
More informationRobust validation of network designs under uncertain demands and failures
Robust validation of network designs under uncertain demands and failures Yiyang Chang, Sanjay Rao, and Mohit Tawarmalani Purdue University USENIX NSDI 2017 Validating network design Network design today
More informationlecture 18: network virtualization platform (NVP) 5590: software defined networking anduo wang, Temple University TTLMAN 401B, R 17:30-20:00
lecture 18: network virtualization platform (NVP) 5590: software defined networking anduo wang, Temple University TTLMAN 401B, R 17:30-20:00 Network Virtualization in multi-tenant Datacenters Teemu Koponen.,
More information5 years of research on GENI: From the Future Internet Back to the Present
5 years of research on GENI: From the Future Internet Back to the Present P. Brighten Godfrey University of Illinois at Urbana-Champaign GENI NICE Workshop November 10, 2015 5 years of research on GENI:
More informationSQL Azure. Abhay Parekh Microsoft Corporation
SQL Azure By Abhay Parekh Microsoft Corporation Leverage this Presented by : - Abhay S. Parekh MSP & MSP Voice Program Representative, Microsoft Corporation. Before i begin Demo Let s understand SQL Azure
More informationProgramming Network Policies by Examples: Platform, Abstraction and User Studies
Programming Network Policies by Examples: Platform, Abstraction and User Studies Boon Thau Loo University of Pennsylvania NetPL workshop @ SIGCOMM 2017 Joint work with Yifei Yuan, Dong Lin, Siri Anil,
More informationAutomatic Test Packet Generation
Automatic Test Packet Generation James Hongyi Zeng with Peyman Kazemian, George Varghese, Nick McKeown Stanford University, UCSD, Microsoft Research http://eastzone.github.com/atpg/ CoNEXT 2012, Nice,
More informationExploiting Cloud Technologies in Networks: NFV and SDN. Andy Reid and Peter Willis BT Research and Innovation
Exploiting Cloud Technologies in Networks: NFV and SDN Andy Reid and Peter Willis BT Research and Innovation Clarifying what we mean by: SDN Separation of control plane logic/processing data plane header
More informationStick to the Script: Monitoring The Policy Compliance of SDN Data Plane
Stick to the Script: Monitoring The Policy Compliance of SDN Data Plane Peng Zhang, Hao Li, Chengchen Hu, Liujia Hu, and Lei Xiong Department of Computer Science and Technology, Xi an Jiaotong University
More informationTowards a Universal Stream Processing System Robert Soulé Cornell University
1 Towards a Universal Stream Processing System Robert Soulé Cornell University 2 Data Crisis 2.5 quintillion bytes every day 90% of the world s data was created in the last 2 years 3 How Big is Your Data?
More informationDebugging the Data Plane with Anteater
Debugging the Data Plane with Anteater Haohui Mai, Ahmed Khurshid Rachit Agarwal, Matthew Caesar P. Brighten Godfrey, Samuel T. King University of Illinois at Urbana-Champaign Network debugging is challenging
More informationAbstraction-Driven Network Verification and Design (a personal odyssey) Geoffrey Xie Naval Postgraduate School
Abstraction-Driven Network Verification and Design (a personal odyssey) Geoffrey Xie Naval Postgraduate School xie@nps.edu It started in 2004 A sabbatical at CMU Joined a collaborative project with AT&T
More informationNetwork Verification: From Algorithms to Deployment. Brighten Godfrey Associate Professor, UIUC Co-founder and CTO, Veriflow
Network Verification: From Algorithms to Deployment Brighten Godfrey Associate Professor, UIUC Co-founder and CTO, Veriflow 2nd Hebrew University Networking Summer June 21, 2017 Networks are so complex
More informationCCNA 1 Chapter 7 v5.0 Exam Answers 2013
CCNA 1 Chapter 7 v5.0 Exam Answers 2013 1 A PC is downloading a large file from a server. The TCP window is 1000 bytes. The server is sending the file using 100-byte segments. How many segments will the
More informationSDN SEMINAR 2017 ARCHITECTING A CONTROL PLANE
SDN SEMINAR 2017 ARCHITECTING A CONTROL PLANE NETWORKS ` 2 COMPUTER NETWORKS 3 COMPUTER NETWORKS EVOLUTION Applications evolve become heterogeneous increase in traffic volume change dynamically traffic
More informationProvisioning Overlay Networks
This chapter has the following sections: Using Cisco Virtual Topology System, page 1 Creating Overlays, page 2 Creating Network using VMware, page 3 Creating Subnetwork using VMware, page 4 Creating Routers
More informationNetwork Monitoring using Test Packet Generation
Network Monitoring using Test Packet Generation Madhuram Kabra Modern Education Society s College of Engineering Pune, India Mohammed Sukhsarwala Modern Education Society s College of Engineering Pune,
More informationProgrammable Software Switches. Lecture 11, Computer Networks (198:552)
Programmable Software Switches Lecture 11, Computer Networks (198:552) Software-Defined Network (SDN) Centralized control plane Data plane Data plane Data plane Data plane Why software switching? Early
More informationVMWARE AND NETROUNDS ACTIVE ASSURANCE SOLUTION FOR COMMUNICATIONS SERVICE PROVIDERS
SOLUTION OVERVIEW VMWARE AND NETROUNDS ACTIVE ASSURANCE SOLUTION FOR COMMUNICATIONS SERVICE PROVIDERS Combined solution provides end-to-end service and infrastructure visibility, service monitoring and
More informationAutomatic Test Packet Generation
Automatic Test Packet Generation Hongyi Zeng, Peyman Kazemian, Nick McKeown University, Stanford, CA, USA George Varghese UCSD, La Jolla Microsoft Research, Mountain View, CA, USA https://github.com/eastzone/atpg/wiki
More informationCisco recommends that you have basic knowledge of Performance Routing (PfR).
Contents Introduction Prerequisites Requirements Components Used Background Information Passive Monitoring Active Monitoring Hybrid Mode Configure Network Diagram Relevant Configuration Verify Passive
More informationSecurity Considerations for Cloud Readiness
Application Note Zentera Systems CoIP Platform CoIP Defense-in-Depth with Advanced Segmentation Advanced Segmentation is Essential for Defense-in-Depth There is no silver bullet in security a single solution
More informationAutomatically verifying reachability and well-formedness in P4 Networks
Automatically verifying reachability and well-formedness in P4 Networks Nuno P. Lopes Microsoft Research Nikolaj Bjørner Microsoft Research Nick McKeown Stanford University Andrey Rybalchenko Microsoft
More informationSlicing a Network. Software-Defined Network (SDN) FlowVisor. Advanced! Computer Networks. Centralized Network Control (NC)
Slicing a Network Advanced! Computer Networks Sherwood, R., et al., Can the Production Network Be the Testbed? Proc. of the 9 th USENIX Symposium on OSDI, 2010 Reference: [C+07] Cascado et al., Ethane:
More information2018 Cisco and/or its affiliates. All rights reserved.
Beyond Data Center A Journey to self-driving Data Center with Analytics, Intelligent and Assurance Mohamad Imaduddin Systems Engineer Cisco Oct 2018 App is the new Business Developer is the new Customer
More informationLecture 10.1 A real SDN implementation: the Google B4 case. Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it
Lecture 10.1 A real SDN implementation: the Google B4 case Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it WAN WAN = Wide Area Network WAN features: Very expensive (specialized high-end
More informationStateless Datacenter Load Balancing with Beamer
Stateless Datacenter Load Balancing with Beamer Vladimir Olteanu, Alexandru Agache, Andrei Voinescu, Costin Raiciu University Politehnica of Bucharest Thanks to Datacenter load balancing Datacenter load
More informationOn the Complexity of Verifying Stateful Networks. A. Panda S. Shenker Y. Velner K. Alpernas A. Rabinovich M. Sagiv
On the Complexity of Verifying Stateful Networks A. Panda S. Shenker Y. Velner K. Alpernas A. Rabinovich M. Sagiv Alice Classical Networking Ted Stevens was right Bob Mallory Trent Networks provide end-to-end
More informationNetComplete: Practical Network-Wide Configuration Synthesis with Autocompletion. Ahmed El-Hassany Petar Tsankov Laurent Vanbever Martin Vechev
NetComplete: Practical Network-Wide Configuration Synthesis with Autocompletion Ahmed El-Hassany Petar Tsankov Laurent Vanbever Martin Vechev I shouldn t be the one giving this talk Third year PhD student
More informationFeatures. HDX WAN optimization. QoS
May 2013 Citrix CloudBridge Accelerates, controls and optimizes applications to all locations: datacenter, branch offices, public and private clouds and mobile users Citrix CloudBridge provides a unified
More informationCisco Application Policy Infrastructure Controller Data Center Policy Model
White Paper Cisco Application Policy Infrastructure Controller Data Center Policy Model This paper examines the Cisco Application Centric Infrastructure (ACI) approach to modeling business applications
More informationSNAP: Stateful Network-Wide Abstractions for Packet Processing
SNAP: Stateful Network-Wide Abstractions for Packet Processing Mina Tahmasbi Arashloo1, Yaron Koral1, Michael Greenberg2, Jennifer Rexford1, and David Walker1 1 Princeton University, 2 Pomona College Early
More informationECE 587 Hardware/Software Co-Design Lecture 11 Verification I
ECE 587 Hardware/Software Co-Design Spring 2018 1/23 ECE 587 Hardware/Software Co-Design Lecture 11 Verification I Professor Jia Wang Department of Electrical and Computer Engineering Illinois Institute
More informationIdentifying Anomalous Traffic Using Delta Traffic. Tsuyoshi KONDOH and Keisuke ISHIBASHI Information Sharing Platform Labs. NTT
Identifying Anomalous Traffic Using Delta Traffic Tsuyoshi KONDOH and Keisuke ISHIBASHI Information Sharing Platform Labs. NTT Flocon2008, January 7 10, 2008, Savannah GA Outline Background and Motivation
More informationOn the State of the Inter-domain and Intra-domain Routing Security
On the State of the Inter-domain and Intra-domain Routing Security Mingwei Zhang April 19, 2016 Mingwei Zhang Internet Routing Security 1 / 54 Section Internet Routing Security Background Internet Routing
More informationTree Interpolation in Vampire
Tree Interpolation in Vampire Régis Blanc 1, Ashutosh Gupta 2, Laura Kovács 3, and Bernhard Kragl 4 1 EPFL 2 IST Austria 3 Chalmers 4 TU Vienna Abstract. We describe new extensions of the Vampire theorem
More informationData Center Configuration. 1. Configuring VXLAN
Data Center Configuration 1. 1 1.1 Overview Virtual Extensible Local Area Network (VXLAN) is a virtual Ethernet based on the physical IP (overlay) network. It is a technology that encapsulates layer 2
More informationDeploy Microsoft SQL Server 2014 on a Cisco Application Centric Infrastructure Policy Framework
White Paper Deploy Microsoft SQL Server 2014 on a Cisco Application Centric Infrastructure Policy Framework August 2015 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public.
More informationSteelConnect. The Future of Networking is here. It s Application- Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN
Data Sheet SteelConnect The Future of Networking is here. It s Application- Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN The Business Challenge Delivery of applications is becoming
More informationChapter 7. Denial of Service Attacks
Chapter 7 Denial of Service Attacks DoS attack: An action that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources such as central processing units (CPU),
More informationCS513/EE506/CS4514 Intro to Local and Wide Area Networks WPI, Summer 2006
CS513/EE506/CS4514 Intro to Local and Wide Area Networks WPI, Summer 006 Craig E. Wills Final Exam (100 pts) Given: Wednesday, July 19, 006 NAME: This is a closed book (and notes) examination. Answer all
More informationVS 3 : SMT Solvers for Program Verification
VS 3 : SMT Solvers for Program Verification Saurabh Srivastava 1,, Sumit Gulwani 2, and Jeffrey S. Foster 1 1 University of Maryland, College Park, {saurabhs,jfoster}@cs.umd.edu 2 Microsoft Research, Redmond,
More informationScalable Verification of Stateful Networks. Aurojit Panda, Ori Lahav, Katerina Argyraki, Mooly Sagiv, Scott Shenker UC Berkeley, TAU, ICSI
Scalable Verification of Stateful Networks Aurojit Panda, Ori Lahav, Katerina Argyraki, Mooly Sagiv, Scott Shenker UC Berkeley, TAU, ICSI Roadmap Why consider stateful networks? The current state of stateful
More informationNetSMC: A Symbolic Model Checker for Stateful Network Verification
NetSMC: A Symbolic Model Checker for Stateful Network Verification YIFEI YUAN LIMIN JIA VYAS SEKAR CARNEGIE MELLON UNIVERSITY Abstract Formal verification of computer networks is critical for ensuring
More informationCounterexample-Driven Genetic Programming
Counterexample-Driven Genetic Programming Iwo Błądek, Krzysztof Krawiec Institute of Computing Science, Poznań University of Technology Poznań, 12.12.2017 I. Błądek, K. Krawiec Counterexample-Driven Genetic
More informationXuandong Li. BACH: Path-oriented Reachability Checker of Linear Hybrid Automata
BACH: Path-oriented Reachability Checker of Linear Hybrid Automata Xuandong Li Department of Computer Science and Technology, Nanjing University, P.R.China Outline Preliminary Knowledge Path-oriented Reachability
More informationLost in translation. Leonardo de Moura Microsoft Research. how easy problems become hard due to bad encodings. Vampire Workshop 2015
Lost in translation how easy problems become hard due to bad encodings Vampire Workshop 2015 Leonardo de Moura Microsoft Research I wanted to give the following talk http://leanprover.github.io/ Automated
More informationProgrammable Networks with Synthesis
Programmable Networks with Synthesis Ahmed ElHassany Petar Tsankov Laurent Vanbever Martin Vechev Network Misconfigurations are Common What Example Makes Network Configuration Hard? Low-level, local router
More informationRouting Protocols. Autonomous System (AS)
Routing Protocols Two classes of protocols: 1. Interior Routing Information Protocol (RIP) Open Shortest Path First (OSPF) 2. Exterior Border Gateway Protocol (BGP) Autonomous System (AS) What is an AS?
More informationService Graph Design with Cisco Application Centric Infrastructure
White Paper Service Graph Design with Cisco Application Centric Infrastructure 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 101 Contents Introduction...
More informationCisco ACI App Center. One Platform, Many Applications. Overview
White Paper Cisco ACI App Center One Platform, Many Applications Overview Cisco Application Centric Infrastructure (Cisco ACI ) is a comprehensive software-defined networking (SDN) solution designed from
More informationThe OSI Model. Open Systems Interconnection (OSI). Developed by the International Organization for Standardization (ISO).
Network Models The OSI Model Open Systems Interconnection (OSI). Developed by the International Organization for Standardization (ISO). Model for understanding and developing computer-to-computer communication
More informationPVS, SAL, and the ToolBus
PVS, SAL, and the ToolBus John Rushby Computer Science Laboratory SRI International Menlo Park, CA John Rushby, SR I An Evidential Tool Bus 1 Overview Backends (PVS) and frontends (SAL) What s wrong with
More informationInterdomain Routing Design for MobilityFirst
Interdomain Routing Design for MobilityFirst October 6, 2011 Z. Morley Mao, University of Michigan In collaboration with Mike Reiter s group 1 Interdomain routing design requirements Mobility support Network
More informationFrom Zero Touch Provisioning to Secure Business Intent
From Zero Touch Provisioning to Secure Business Intent Flexible Orchestration with Silver Peak s EdgeConnect SD-WAN Solution From Zero Touch Provisioning to Secure Business Intent Flexible Orchestration
More informationCyberP3i Course Module Series
CyberP3i Course Module Series Spring 2017 Designer: Dr. Lixin Wang, Associate Professor Firewall Configuration Firewall Configuration Learning Objectives 1. Be familiar with firewalls and types of firewalls
More informationUNIVERSITY OF CAGLIARI
UNIVERSITY OF CAGLIARI DIEE - Department of Electrical and Electronic Engineering Infrastrutture ed Applicazioni Avanzate nell Internet SDN: Control Plane ACK: content taken from Foundations of Modern
More informationSmart Home Network Management with Dynamic Traffic Distribution. Chenguang Zhu Xiang Ren Tianran Xu
Smart Home Network Management with Dynamic Traffic Distribution Chenguang Zhu Xiang Ren Tianran Xu Motivation Motivation Per Application QoS In small home / office networks, applications compete for limited
More informationIntegrating a SAT Solver with Isabelle/HOL
Integrating a SAT Solver with / Tjark Weber (joint work with Alwen Tiu et al.) webertj@in.tum.de First Munich-Nancy Workshop on Decision Procedures for Theorem Provers March 6th & 7th, 2006 Integrating
More informationSoftware Defined Networking
Software Defined Networking Daniel Zappala CS 460 Computer Networking Brigham Young University Proliferation of Middleboxes 2/16 a router that manipulatees traffic rather than just forwarding it NAT rewrite
More informationNetwork Security: Network Flooding. Seungwon Shin GSIS, KAIST
Network Security: Network Flooding Seungwon Shin GSIS, KAIST Detecting Network Flooding Attacks SYN-cookies Proxy based CAPCHA Ingress/Egress filtering Some examples SYN-cookies Background In a TCP 3-way
More informationNetwork Behavior Analysis
N E T W O R K O P E R AT I O N S. S I M P L I F I E D. FORWARD ENTERPRISE HIGHLIGHTS Forward Networks is the leader in Intent-based Networking and network assurance to automate the analysis and verification
More informationOn Network Dimensioning Approach for the Internet
On Dimensioning Approach for the Internet Masayuki Murata ed Environment Division Cybermedia Center, (also, Graduate School of Engineering Science, ) e-mail: murata@ics.es.osaka-u.ac.jp http://www-ana.ics.es.osaka-u.ac.jp/
More informationIQ for DNA. Interactive Query for Dynamic Network Analytics. Haoyu Song. HUAWEI TECHNOLOGIES Co., Ltd.
IQ for DNA Interactive Query for Dynamic Network Analytics Haoyu Song www.huawei.com Motivation Service Provider s pain point Lack of real-time and full visibility of networks, so the network monitoring
More informationGoogle SDN Peering: An Early Engagement Case Study
Google SDN Peering: An Early Engagement Case Study Murali Suriar, msuriar@google.com On behalf of Google Technical Infrastructure and Network Infrastructure SRE August 30, 2017 Who am I? Murali Suriar
More informationLecture 14 SDN and NFV. Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it
Lecture 14 SDN and NFV Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it Traditional network vs SDN TRADITIONAL Closed equipment Software + hardware Cost Vendor-specific management.
More informationProgrammable Dataplane
Programmable Dataplane THE NEXT STEP IN SDN? S I M O N J O U E T S I M O N. J O U E T @ G L A S G O W. A C. U K H T T P : / / N E T L A B. D C S.G L A. A C. U K GTS TECH+FUTURES WORKSHOP - SIMON JOUET
More informationLecture 7 Advanced Networking Virtual LAN. Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it
Lecture 7 Advanced Networking Virtual LAN Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it Advanced Networking Scenario: Data Center Network Single Multiple, interconnected via Internet
More informationTHETARAY ANOMALY DETECTION
NEPTUNE 0100110001101111011100100110010101101101001000000110100101110 0000111001101110101011011010010000001100100011011110110110001 1011110111001000100000011100110110100101110100001000000110000 1011011010110010101110100001011000010000001100011011011110110
More informationI Know What Your Packet Did Last Hop: Using Packet Histories to Troubleshoot Networks.
I Know What Your Packet Did Last Hop: Using Packet Histories to Troubleshoot Networks. Paper by: Nikhil Handigol, Brandon Heller, Vimalkumar Jeyakumar, David Mazières, and Nick McKeown, Stanford University
More informationIntroduction to Segment Routing
Segment Routing (SR) is a flexible, scalable way of doing source routing. Overview of Segment Routing, page 1 How Segment Routing Works, page 2 Examples for Segment Routing, page 3 Benefits of Segment
More informationCore Syllabus. Version 2.6 C OPERATE KNOWLEDGE AREA: OPERATION AND SUPPORT OF INFORMATION SYSTEMS. June 2006
Core Syllabus C OPERATE KNOWLEDGE AREA: OPERATION AND SUPPORT OF INFORMATION SYSTEMS Version 2.6 June 2006 EUCIP CORE Version 2.6 Syllabus. The following is the Syllabus for EUCIP CORE Version 2.6, which
More informationLeonardo de Moura and Nikolaj Bjorner Microsoft Research
Leonardo de Moura and Nikolaj Bjorner Microsoft Research A Satisfiability Checker with built-in support for useful theories Z3 is a solver developed at Microsoft Research. Development/Research driven by
More informationDistributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 29. Firewalls Paul Krzyzanowski Rutgers University Fall 2015 2013-2015 Paul Krzyzanowski 1 Network Security Goals Confidentiality: sensitive data & systems not accessible Integrity:
More informationDPLL(Γ+T): a new style of reasoning for program checking
DPLL(Γ+T ): a new style of reasoning for program checking Dipartimento di Informatica Università degli Studi di Verona Verona, Italy June, 2011 Motivation: reasoning for program checking Program checking
More informationHEADER SPACE ANALYSIS
HEADER SPACE ANALYSIS Peyman Kazemian (Stanford University) George Varghese (UCSD, Yahoo Labs) Nick McKeown (Stanford University) 1 July 17 th, 2012 Joint Techs 2012 TODAY A typical network is a complex
More informationAMP-Based Flow Collection. Greg Virgin - RedJack
AMP-Based Flow Collection Greg Virgin - RedJack AMP- Based Flow Collection AMP - Analytic Metadata Producer : Patented US Government flow / metadata producer AMP generates data including Flows Host metadata
More information