Diagnose network failures via data-plane analysis

Diagnosing problems in networks is a time-consuming and error-prone process. Previous tools to assist operators primarily focus on analyzing control plane configuration. Configuration analysis is limited in that it cannot find bugs in router software, and is harder to generalize across protocols since it must model complex configuration languages and dynamic protocol behavior. This paper studies an alternate approach: diagnosing problems through static analysis of the data plane. This approach can catch bugs that are invisible at the level of configuration files, and simplifies unified analysis of a network across many protocols and implementations. We present Anteater, a tool for checking invariants in the data plane. Anteater translates high-level network invariants into boolean satisfiability problems, checks them against network state using a SAT solver, and reports counterexamples if violations have been found. Applied to a large campus network, Anteater revealed 23 bugs, including forwarding loops and stale ACL rules, with only five false positives. Nine of these faults are being fixed by campus network operators

Applying Formal Methods to Networking: Theory, Techniques and Applications

Despite its great importance, modern network infrastructure is remarkable for the lack of rigor in its engineering. The Internet which began as a research experiment was never designed to handle the users and applications it hosts today. The lack of formalization of the Internet architecture meant limited abstractions and modularity, especially for the control and management planes, thus requiring for every new need a new protocol built from scratch. This led to an unwieldy ossified Internet architecture resistant to any attempts at formal verification, and an Internet culture where expediency and pragmatism are favored over formal correctness. Fortunately, recent work in the space of clean slate Internet design---especially, the software defined networking (SDN) paradigm---offers the Internet community another chance to develop the right kind of architecture and abstractions. This has also led to a great resurgence in interest of applying formal methods to specification, verification, and synthesis of networking protocols and applications. In this paper, we present a self-contained tutorial of the formidable amount of work that has been done in formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial

Reliable fault-tolerant model predictive control of drinking water transport networks

This paper proposes a reliable fault-tolerant model predictive control applied to drinking water transport networks. After a fault has occurred, the predictive controller should be redesigned to cope with the fault effect. Before starting to apply the fault-tolerant control strategy, it should be evaluated whether the predictive controller will be able to continue operating after the fault appearance. This is done by means of a structural analysis to determine loss of controllability after the fault complemented with feasibility analysis of the optimization problem related to the predictive controller design, so as to consider the fault effect in actuator constraints. Moreover, by evaluating the admissibility of the different actuator-fault configurations, critical actuators regarding fault tolerance can be identified considering structural, feasibility, performance and reliability analyses. On the other hand, the proposed approach allows a degradation analysis of the system to be performed. As a result of these analyses, the predictive controller design can be modified by adapting constraints such that the best achievable performance with some pre-established level of reliability will be achieved. The proposed approach is tested on the Barcelona drinking water transport network.Postprint (author's final draft

Using formal methods to support testing

Formal methods and testing are two important approaches that assist in the development of high quality software. While traditionally these approaches have been seen as rivals, in recent years a new consensus has developed in which they are seen as complementary. This article reviews the state of the art regarding ways in which the presence of a formal specification can be used to assist testing

Fault detection and isolation using viability theory and interval observers

This paper proposes the use of interval observers and viability theory in fault detection and isolation (FDI). Viability theory develops mathematical and algorithmic methods for investigating the viability constraints characterisation of dynamic evolutions of complex systems under uncertainty. These methods can be used for checking the consistency between observed and predicted behaviour by using simple sets that approximate the exact set of possible behaviour (in the parameter or state space). In this paper, FDI is based on checking for an inconsistency between the measured and predicted behaviours using viability theory concepts and sets. Finally, an example is provided in order to show the usefulness of the proposed approachPeer ReviewedPostprint (author's final draft

A Case Study on Formal Verification of Self-Adaptive Behaviors in a Decentralized System

Self-adaptation is a promising approach to manage the complexity of modern software systems. A self-adaptive system is able to adapt autonomously to internal dynamics and changing conditions in the environment to achieve particular quality goals. Our particular interest is in decentralized self-adaptive systems, in which central control of adaptation is not an option. One important challenge in self-adaptive systems, in particular those with decentralized control of adaptation, is to provide guarantees about the intended runtime qualities. In this paper, we present a case study in which we use model checking to verify behavioral properties of a decentralized self-adaptive system. Concretely, we contribute with a formalized architecture model of a decentralized traffic monitoring system and prove a number of self-adaptation properties for flexibility and robustness. To model the main processes in the system we use timed automata, and for the specification of the required properties we use timed computation tree logic. We use the Uppaal tool to specify the system and verify the flexibility and robustness properties.Comment: In Proceedings FOCLASA 2012, arXiv:1208.432