176 research outputs found
Graph Subsumption in Abstract State Space Exploration
In this paper we present the extension of an existing method for abstract
graph-based state space exploration, called neighbourhood abstraction, with a
reduction technique based on subsumption. Basically, one abstract state
subsumes another when it covers more concrete states; in such a case, the
subsumed state need not be included in the state space, thus giving a
reduction. We explain the theory and especially also report on a number of
experiments, which show that subsumption indeed drastically reduces both the
state space and the resources (time and memory) needed to compute it.Comment: In Proceedings GRAPHITE 2012, arXiv:1210.611
Model-Based Development of firewall rule sets: Diagnosing model inconsistencies
The design and management of firewall rule sets is a very difficult and error-prone task because of the
difficulty of translating access control requirements into complex low-level firewall languages. Although
high-level languages have been proposed to model firewall access control lists, none has been widely
adopted by the industry. We think that the main reason is that their complexity is close to that of many
existing low-level languages. In addition, none of the high-level languages that automatically generate
firewall rule sets verifies the model prior to the code-generation phase. Error correction in the early
stages of the development process is cheaper compared to the cost associated with correcting errors in
the production phase. In addition, errors generated in the production phase usually have a huge impact
on the reliability and robustness of the generated code and final system.
In this paper, we propose the application of the ideas of Model-Based Development to firewall access control
list modelling and automatic rule set generation. First, an analysis of the most widely used firewall
languages in the industry is conducted. Next, a Platform-Independent Model for firewall ACLs is proposed.
This model is the result of exhaustive analysis and of a discussion of different alternatives for models
in a bottom-up methodology. Then, it is proposed that a verification stage be added in the early stages
of the Model-Based Development methodology, and a polynomial time complexity process and algorithms
are proposed to detect and diagnose inconsistencies in the Platform-Independent Model. Finally,
a theoretical complexity analysis and empirical tests with real models were conducted, in order to prove
the feasibility of our proposal in real environments
Recommended from our members
Abstractions and optimisations for model-checking software-defined networks
Software-Defined Networking introduces a new programmatic abstraction layer by shifting the distributed network functions (NFs) from silicon chips (ASICs) to a logically centralized (controller) program. And yet, controller programs are a common source of bugs that can cause performance degradation, security exploits and poor reliability in networks. Assuring that a controller program satisfies the specifications is thus most preferable, yet the size of the network and the complexity of the controller makes this a challenging effort.
This thesis presents a highly expressive, optimised SDN model, (code-named MoCS), that can be reasoned about and verified formally in an acceptable timeframe. In it, we introduce reusable abstractions that (i) come with a rich semantics, for capturing subtle real-world bugs that are hard to track down, and (ii) which are formally proved correct. In addition, MoCS deals with timeouts of flow table entries, thus supporting automatic state refresh (soft state) in the network. The optimisations are achieved by (1) contextually analysing the model for possible partial order reductions in view of the concrete control program, network topology and specification property in question, (2) pre-computing packet equivalence classes and (3) indexing packets and rules that exist in the model and bit-packing (compressing) them.
Each of these developments is demonstrated by a set of real-world controller programs that have been implemented in network topologies of varying size, and publicly released under an open-source license
Model Checking Dynamic-Epistemic Spatial Logic
In this paper we focus on Dynamic Spatial Logic, the extension of Hennessy-Milner logic with the parallel operator. We develop a sound complete Hilbert-style axiomatic system for it comprehending the behavior of spatial operators in relation with dynamic/temporal ones. Underpining on a new congruence we define over the class of processes - the structural bisimulation - we prove the finite model property for this logic that provides the decidability for satisfiability, validity and model checking against process semantics. Eventualy we propose algorithms for validity, satisfiability and model checking
First-Order Models for Configuration Analysis
Our world teems with networked devices. Their configuration exerts an ever-expanding influence on our daily lives. Yet correctly configuring systems, networks, and access-control policies is notoriously difficult, even for trained professionals. Automated static analysis techniques provide a way to both verify a configuration\u27s correctness and explore its implications. One such approach is scenario-finding: showing concrete scenarios that illustrate potential (mis-)behavior. Scenarios even have a benefit to users without technical expertise, as concrete examples can both trigger and improve users\u27 intuition about their system. This thesis describes a concerted research effort toward improving scenario-finding tools for configuration analysis. We developed Margrave, a scenario-finding tool with special features designed for security policies and configurations. Margrave is not tied to any one specific policy language; rather, it provides an intermediate input language as expressive as first-order logic. This flexibility allows Margrave to reason about many different types of policy. We show Margrave in action on Cisco IOS, a common language for configuring firewalls, demonstrating that scenario-finding with Margrave is useful for debugging and validating real-world configurations. This thesis also presents a theorem showing that, for a restricted subclass of first-order logic, if a sentence is satisfiable then there must exist a satisfying scenario no larger than a computable bound. For such sentences scenario-finding is complete: one can be certain that no scenarios are missed by the analysis, provided that one checks up to the computed bound. We demonstrate that many common configurations fall into this subclass and give algorithmic tests for both sentence membership and counting. We have implemented both in Margrave. Aluminum is a tool that eliminates superfluous information in scenarios and allows users\u27 goals to guide which scenarios are displayed. We quantitatively show that our methods of scenario-reduction and exploration are effective and quite efficient in practice. Our work on Aluminum is making its way into other scenario-finding tools. Finally, we describe FlowLog, a language for network programming that we created with analysis in mind. We show that FlowLog can express many common network programs, yet demonstrate that automated analysis and bug-finding for FlowLog are both feasible as well as complete
- …