TY - JOUR
T1 - Some complexity results for stateful network verification
AU - Alpernas, Kalev
AU - Panda, Aurojit
AU - Rabinovich, Alexander
AU - Sagiv, Mooly
AU - Shenker, Scott
AU - Shoham, Sharon
AU - Velner, Yaron
N1 - Publisher Copyright:
© 2019, Springer Science+Business Media, LLC, part of Springer Nature.
PY - 2019/11/1
Y1 - 2019/11/1
N2 - In modern networks, forwarding of packets often depends on the history of previously transmitted traffic. Such networks contain stateful middleboxes, whose forwarding behaviour depends on a mutable internal state. Firewalls and load balancers are typical examples of stateful middleboxes. This work addresses the complexity of verifying safety properties, such as isolation, in networks with finite-state middleboxes. Unfortunately, we show that even in the absence of forwarding loops, reasoning about such networks is undecidable due to interactions between middleboxes connected by unbounded ordered channels. We therefore abstract away channel ordering. This abstraction is sound for safety, and makes the problem decidable. Specifically, safety checking becomes EXPSPACE-complete in the number of hosts and middleboxes in the network. To tackle the high complexity, we identify two useful subclasses of finite-state middleboxes which admit better complexities. The simplest class includes, e.g., firewalls and permits polynomial-time verification. The second class includes, e.g., cache servers and learning switches, and makes the safety problem coNP-complete. Finally, we implement a tool for verifying the correctness of stateful networks.
AB - In modern networks, forwarding of packets often depends on the history of previously transmitted traffic. Such networks contain stateful middleboxes, whose forwarding behaviour depends on a mutable internal state. Firewalls and load balancers are typical examples of stateful middleboxes. This work addresses the complexity of verifying safety properties, such as isolation, in networks with finite-state middleboxes. Unfortunately, we show that even in the absence of forwarding loops, reasoning about such networks is undecidable due to interactions between middleboxes connected by unbounded ordered channels. We therefore abstract away channel ordering. This abstraction is sound for safety, and makes the problem decidable. Specifically, safety checking becomes EXPSPACE-complete in the number of hosts and middleboxes in the network. To tackle the high complexity, we identify two useful subclasses of finite-state middleboxes which admit better complexities. The simplest class includes, e.g., firewalls and permits polynomial-time verification. The second class includes, e.g., cache servers and learning switches, and makes the safety problem coNP-complete. Finally, we implement a tool for verifying the correctness of stateful networks.
KW - Channel systems
KW - Complexity bounds
KW - Middleboxes
KW - Petri nets
KW - Safety verification
KW - Stateful networks
UR - http://www.scopus.com/inward/record.url?scp=85059783642&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85059783642&partnerID=8YFLogxK
U2 - 10.1007/s10703-018-00330-9
DO - 10.1007/s10703-018-00330-9
M3 - Article
AN - SCOPUS:85059783642
SN - 0925-9856
VL - 54
SP - 191
EP - 231
JO - Formal Methods in System Design
JF - Formal Methods in System Design
IS - 2
ER -