Formal Analysis of Network Protocols

Today’s Internet is becoming increasingly complex and fragile. Current performance centric techniques on network analysis and runtime verification have became inadequate in the development of robust networks. To cope with these challenges there is a growing interest in the use of formal analysis techniques to reason about network protocol correctness throughout the network development cycle. This talk surveys recent work on the use of formal analysis techniques to aid in design, implementation, and analysis of network protocols. We first present a general framework that covers a majority of existing formal analysis techniques on both the control and routing planes of networks, and present a classification and taxonomy of techniques according to the proposed framework. Using four representative case studies (Metarouting, rcc, axiomatic formulation, and Alloy based analysis), we discuss various aspects of formal network analysis, including formal specification, formal verification, and system validation. Their strengths and limitations are evaluated and compared in detail

Automated Formal Analysis of Internet Routing Configurations

Today\u27s Internet interdomain routing protocol, the Border Gateway Protocol (BGP), is increasingly complicated and fragile due to policy misconfigurations by individual autonomous systems (ASes). To create provably correct networks, the past twenty years have witnessed, among many other efforts, advances in formal network modeling, system verification and testing, and point solutions for network management by formal reasoning. On the conceptual side, the formal models usually abstract away low-level details, specifying what are the correct functionalities but not how to achieve them. On the practical side, system verification of existing networked systems is generally hard, and system testing or simulation provide limited formal guarantees. This is known as a long standing challenge in network practice --- formal reasoning is decoupled from actual implementation. This thesis seeks to bridge formal reasoning and actual network implementation in the setting of the Border Gateway Protocol (BGP), by developing the Formally Verifiable Routing (FVR) toolkit that combines formal methods and programming language techniques. Starting from the formal model, FVR automates verification of routing models and the synthesis of faithful implementations that carries the correctness property. Conversely, starting from large real-world BGP systems with arbitrary policy configurations, automates the analysis of Internet routing configurations, and also includes a novel network reduction technique that scales up existing techniques for automated analysis. By developing the above formal theories and tools, this thesis aims to help network operators to create and manage BGP systems with correctness guarantee

Analyzing BGP Instances in Maude

Analyzing Border Gateway Protocol (BGP) instances is a crucial stepin the design and implementation of safe BGP systems. Today, the analysis is amanual and tedious process. Researchers study the instances by manually constructingexecution sequences, hoping to either identify an oscillation or showthat the instance is safe by exhaustively examining all possible sequences. Wepropose to automate the analysis by using Maude, a tool based on rewriting logic.We have developed a library specifying a generalized path vector protocol, andmethods to instantiate the library with customized routing policies. Protocols canbe analyzed automatically by Maude, once users provide specifications of thenetwork topology and routing policies. Using our Maude library, protocols orpolicies can be easily specified and checked for problems. To validate our approach,we performed safety analysis of well-known BGP instances and actualrouting configurations

Breif Announcement: A Calculus of Policy-Based Routing Systems

The BGP (Border Gateway Protocol) is the single inter-domain routing protocol that enables network operators within each autonomous system (AS) to influence routing decisions by independently setting local policies on route filtering and selection. This independence leads to fragile networking and makes analysis of policy configurations very complex. To aid the systematic and efficient study of the policy configuration space, this paper presents a reduction calculus on policy-based routing systems. In the calculus, we provide two types of reduction rules that transform policy configurations by merging duplicate and complementary router configurations to simplify analysis. We show that the reductions are sound, dual of each other and are locally complete. The reductions are also computationally attractive, requiring only local configuration information and modification. These properties establish our reduction calculus as a sound, efficient, and complete theory for scaling up existing analysis techniques

A Reduction-Based Approach Towards Scaling Up Formal Analysis of Internet Configurations

The Border Gateway Protocol (BGP) is the single inter-domain routing protocol that enables network operators within each autonomous system (AS) to influence routing decisions by independently setting local policies on route filtering and selection. This independence leads to fragile networking and makes analysis of policy configurations very complex. To aid the systematic and efficient study of the policy configuration space, this paper presents network reduction, a scalability technique for policy-based routing systems. In network reduction, we provide two types of reduction rules that transform policy configurations by merging duplicate and complementary router configurations to simplify analysis. We show that the reductions are sound, dual of each other and are locally complete. The reductions are also computationally attractive, requiring only local configuration information and modification. We have developed a prototype of network reduction and demonstrated that it is applicable on various BGP systems and enables significant savings in analysis time. In addition to making possible safety analysis on large networks that would otherwise not complete within reasonable time, network reduction is also a useful tool for discovering possible redundancies in BGP systems

Effect of Ridge Width on the Lasing Characteristics of Triangular and Rectangular InAs/In0.53Ga0.47As Quantum Well Lasers

The lasing characteristics of InP-based InAs/In0.53Ga0.47As quantum well (QW) lasers with different ridge widths are investigated. Two groups of lasers are grown for comparison, one with active triangular QW regions and the other with rectangular QW regions. Their output powers, characteristic temperatures (T0), external differential quantum efficiencies (ηd) and junction temperatures (Tj) are analyzed and compared. The parameter of ridge width is found to play an important role in the performance of the lasers. In triangular QW lasers, by broadening the ridge width from 8 to 12\ua0μm, output power and ηd of the lasers are decreased for the temperature range of 100–320\ua0K due to heating effect. But by broadening the ridge width from 8 to 100\ua0μm in rectangular QW lasers, output power has about 3.5 time increase at 100\ua0K and ηd also has a little increase for temperatures from 100 to 180\ua0K due to much larger emission area and much faster heat dissipation. Tj, the real temperature of the active region, is also found to have accelerated increase at high injection current and heat sink temperature. Besides, compared to the rectangular QW laser of the same ridge width, the improved thermal performance of triangular QW laser is also demonstrated

Recent Advances in Declarative Networking

Declarative networking is a programming methodology that enables developers to concisely specify network protocols and services, and directly compile these specifications into a dataflow framework for execution. This paper describes recent advances in declarative networking, tracing its evolution from a rapid prototyping framework towards a platform that serves as an important bridge connecting formal theories for reasoning about protocol correctness and actual implementations. In particular, the paper focuses on the use of declarative networking for addressing four main challenges in the distributed systems development cycle: the generation of safe routing implementations, debugging, security and privacy, and optimizing distributed systems