1,557 research outputs found
Applying Formal Methods to Networking: Theory, Techniques and Applications
Despite its great importance, modern network infrastructure is remarkable for
the lack of rigor in its engineering. The Internet which began as a research
experiment was never designed to handle the users and applications it hosts
today. The lack of formalization of the Internet architecture meant limited
abstractions and modularity, especially for the control and management planes,
thus requiring for every new need a new protocol built from scratch. This led
to an unwieldy ossified Internet architecture resistant to any attempts at
formal verification, and an Internet culture where expediency and pragmatism
are favored over formal correctness. Fortunately, recent work in the space of
clean slate Internet design---especially, the software defined networking (SDN)
paradigm---offers the Internet community another chance to develop the right
kind of architecture and abstractions. This has also led to a great resurgence
in interest of applying formal methods to specification, verification, and
synthesis of networking protocols and applications. In this paper, we present a
self-contained tutorial of the formidable amount of work that has been done in
formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial
Parameterized Verification of Safety Properties in Ad Hoc Network Protocols
We summarize the main results proved in recent work on the parameterized
verification of safety properties for ad hoc network protocols. We consider a
model in which the communication topology of a network is represented as a
graph. Nodes represent states of individual processes. Adjacent nodes represent
single-hop neighbors. Processes are finite state automata that communicate via
selective broadcast messages. Reception of a broadcast is restricted to
single-hop neighbors. For this model we consider a decision problem that can be
expressed as the verification of the existence of an initial topology in which
the execution of the protocol can lead to a configuration with at least one
node in a certain state. The decision problem is parametric both on the size
and on the form of the communication topology of the initial configurations. We
draw a complete picture of the decidability and complexity boundaries of this
problem according to various assumptions on the possible topologies.Comment: In Proceedings PACO 2011, arXiv:1108.145
Model Checking Paxos in Spin
We present a formal model of a distributed consensus algorithm in the
executable specification language Promela extended with a new type of guards,
called counting guards, needed to implement transitions that depend on majority
voting. Our formalization exploits abstractions that follow from reduction
theorems applied to the specific case-study. We apply the model checker Spin to
automatically validate finite instances of the model and to extract
preconditions on the size of quorums used in the election phases of the
protocol.Comment: In Proceedings GandALF 2014, arXiv:1408.556
Graph- versus Vector-Based Analysis of a Consensus Protocol
The Paxos distributed consensus algorithm is a challenging case-study for
standard, vector-based model checking techniques. Due to asynchronous
communication, exhaustive analysis may generate very large state spaces already
for small model instances. In this paper, we show the advantages of graph
transformation as an alternative modelling technique. We model Paxos in a rich
declarative transformation language, featuring (among other things) nested
quantifiers, and we validate our model using the GROOVE model checker, a
graph-based tool that exploits isomorphism as a natural way to prune the state
space via symmetry reductions. We compare the results with those obtained by
the standard model checker Spin on the basis of a vector-based encoding of the
algorithm.Comment: In Proceedings GRAPHITE 2014, arXiv:1407.767
Formal verification of secure ad-hoc network routing protocols using deductive model-checking
Ad-hoc networks do not rely on a pre-installed infrastructure, but they are formed by end-user devices in a self-organized manner. A consequence of this principle is that end-user devices must also perform routing functions. However, end-user devices can easily be compromised, and they may not follow the routing protocol faithfully. Such compromised and misbehaving nodes can disrupt routing, and hence, disable the operation of the network. In order to cope with this problem, several secured routing protocols have been proposed for ad-hoc networks. However, many of them have design flaws that still make them vulnerable to attacks mounted by compromised nodes. In this paper, we propose a formal verification method for secure ad-hoc network routing protocols that helps increasing the confidence in a protocol by providing an analysis framework that is more systematic, and hence, less error-prone than the informal analysis. Our approach is based on a new process calculus that we specifically developed for secure ad-hoc network routing protocols and a deductive proof technique. The novelty of this approach is that contrary to prior attempts to formal verification of secure ad-hoc network routing protocols, our verification method can be made fully automated
- …