Some complexity results for stateful network verification

Kalev Alpernas; Aurojit Panda; Alexander Rabinovich; Mooly Sagiv; Scott Shenker; Sharon Shoham; Yaron Velner

doi:10.1007/s10703-018-00330-9

Some complexity results for stateful network verification

Kalev Alpernas, Aurojit Panda, Alexander Rabinovich, Mooly Sagiv, Scott Shenker, Sharon Shoham, Yaron Velner

Computer Science

Research output: Contribution to journal › Article › peer-review

Abstract

In modern networks, forwarding of packets often depends on the history of previously transmitted traffic. Such networks contain stateful middleboxes, whose forwarding behaviour depends on a mutable internal state. Firewalls and load balancers are typical examples of stateful middleboxes. This work addresses the complexity of verifying safety properties, such as isolation, in networks with finite-state middleboxes. Unfortunately, we show that even in the absence of forwarding loops, reasoning about such networks is undecidable due to interactions between middleboxes connected by unbounded ordered channels. We therefore abstract away channel ordering. This abstraction is sound for safety, and makes the problem decidable. Specifically, safety checking becomes EXPSPACE-complete in the number of hosts and middleboxes in the network. To tackle the high complexity, we identify two useful subclasses of finite-state middleboxes which admit better complexities. The simplest class includes, e.g., firewalls and permits polynomial-time verification. The second class includes, e.g., cache servers and learning switches, and makes the safety problem coNP-complete. Finally, we implement a tool for verifying the correctness of stateful networks.

Original language	English (US)
Pages (from-to)	191-231
Number of pages	41
Journal	Formal Methods in System Design
Volume	54
Issue number	2
DOIs	https://doi.org/10.1007/s10703-018-00330-9
State	Published - Nov 1 2019

Keywords

Channel systems
Complexity bounds
Middleboxes
Petri nets
Safety verification
Stateful networks

ASJC Scopus subject areas

Software
Theoretical Computer Science
Hardware and Architecture

Access to Document

10.1007/s10703-018-00330-9

Cite this

@article{641edbafee7346ddb1de6fb822e8e330,

title = "Some complexity results for stateful network verification",

abstract = "In modern networks, forwarding of packets often depends on the history of previously transmitted traffic. Such networks contain stateful middleboxes, whose forwarding behaviour depends on a mutable internal state. Firewalls and load balancers are typical examples of stateful middleboxes. This work addresses the complexity of verifying safety properties, such as isolation, in networks with finite-state middleboxes. Unfortunately, we show that even in the absence of forwarding loops, reasoning about such networks is undecidable due to interactions between middleboxes connected by unbounded ordered channels. We therefore abstract away channel ordering. This abstraction is sound for safety, and makes the problem decidable. Specifically, safety checking becomes EXPSPACE-complete in the number of hosts and middleboxes in the network. To tackle the high complexity, we identify two useful subclasses of finite-state middleboxes which admit better complexities. The simplest class includes, e.g., firewalls and permits polynomial-time verification. The second class includes, e.g., cache servers and learning switches, and makes the safety problem coNP-complete. Finally, we implement a tool for verifying the correctness of stateful networks.",

keywords = "Channel systems, Complexity bounds, Middleboxes, Petri nets, Safety verification, Stateful networks",

author = "Kalev Alpernas and Aurojit Panda and Alexander Rabinovich and Mooly Sagiv and Scott Shenker and Sharon Shoham and Yaron Velner",

note = "Funding Information: This publication is part of projects that have received funding from the European Research Council (ERC) under the European Union{\textquoteright}s Seventh Framework Program (FP7/2007–2013)/ERC Grant Agreement No. 321174-VSSC, and Horizon 2020 research and innovation programme (Grant Agreement No. 759102-SVIS). The research was supported in part by Len Blavatnik and the Blavatnik Family foundation, the Blavatnik Interdisciplinary Cyber Research Center, Tel Aviv University, and the Pazy Foundation. This material is based upon work supported by the United States-Israel Binational Science Foundation (BSF) Grant Nos. 2016260 and 2012259. This research was also supported in part by NSF Grants 1704941 and 1420064, and funding provided by Intel Corporation. Publisher Copyright: {\textcopyright} 2019, Springer Science+Business Media, LLC, part of Springer Nature.",

year = "2019",

month = nov,

day = "1",

doi = "10.1007/s10703-018-00330-9",

language = "English (US)",

volume = "54",

pages = "191--231",

journal = "Formal Methods in System Design",

issn = "0925-9856",

publisher = "Springer Netherlands",

number = "2",

}

TY - JOUR

T1 - Some complexity results for stateful network verification

AU - Alpernas, Kalev

AU - Panda, Aurojit

AU - Rabinovich, Alexander

AU - Sagiv, Mooly

AU - Shenker, Scott

AU - Shoham, Sharon

AU - Velner, Yaron

N1 - Funding Information: This publication is part of projects that have received funding from the European Research Council (ERC) under the European Union’s Seventh Framework Program (FP7/2007–2013)/ERC Grant Agreement No. 321174-VSSC, and Horizon 2020 research and innovation programme (Grant Agreement No. 759102-SVIS). The research was supported in part by Len Blavatnik and the Blavatnik Family foundation, the Blavatnik Interdisciplinary Cyber Research Center, Tel Aviv University, and the Pazy Foundation. This material is based upon work supported by the United States-Israel Binational Science Foundation (BSF) Grant Nos. 2016260 and 2012259. This research was also supported in part by NSF Grants 1704941 and 1420064, and funding provided by Intel Corporation. Publisher Copyright: © 2019, Springer Science+Business Media, LLC, part of Springer Nature.

PY - 2019/11/1

Y1 - 2019/11/1

N2 - In modern networks, forwarding of packets often depends on the history of previously transmitted traffic. Such networks contain stateful middleboxes, whose forwarding behaviour depends on a mutable internal state. Firewalls and load balancers are typical examples of stateful middleboxes. This work addresses the complexity of verifying safety properties, such as isolation, in networks with finite-state middleboxes. Unfortunately, we show that even in the absence of forwarding loops, reasoning about such networks is undecidable due to interactions between middleboxes connected by unbounded ordered channels. We therefore abstract away channel ordering. This abstraction is sound for safety, and makes the problem decidable. Specifically, safety checking becomes EXPSPACE-complete in the number of hosts and middleboxes in the network. To tackle the high complexity, we identify two useful subclasses of finite-state middleboxes which admit better complexities. The simplest class includes, e.g., firewalls and permits polynomial-time verification. The second class includes, e.g., cache servers and learning switches, and makes the safety problem coNP-complete. Finally, we implement a tool for verifying the correctness of stateful networks.

AB - In modern networks, forwarding of packets often depends on the history of previously transmitted traffic. Such networks contain stateful middleboxes, whose forwarding behaviour depends on a mutable internal state. Firewalls and load balancers are typical examples of stateful middleboxes. This work addresses the complexity of verifying safety properties, such as isolation, in networks with finite-state middleboxes. Unfortunately, we show that even in the absence of forwarding loops, reasoning about such networks is undecidable due to interactions between middleboxes connected by unbounded ordered channels. We therefore abstract away channel ordering. This abstraction is sound for safety, and makes the problem decidable. Specifically, safety checking becomes EXPSPACE-complete in the number of hosts and middleboxes in the network. To tackle the high complexity, we identify two useful subclasses of finite-state middleboxes which admit better complexities. The simplest class includes, e.g., firewalls and permits polynomial-time verification. The second class includes, e.g., cache servers and learning switches, and makes the safety problem coNP-complete. Finally, we implement a tool for verifying the correctness of stateful networks.

KW - Channel systems

KW - Complexity bounds

KW - Middleboxes

KW - Petri nets

KW - Safety verification

KW - Stateful networks

UR - http://www.scopus.com/inward/record.url?scp=85059783642&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85059783642&partnerID=8YFLogxK

U2 - 10.1007/s10703-018-00330-9

DO - 10.1007/s10703-018-00330-9

M3 - Article

AN - SCOPUS:85059783642

SN - 0925-9856

VL - 54

SP - 191

EP - 231

JO - Formal Methods in System Design

JF - Formal Methods in System Design

IS - 2

ER -

Some complexity results for stateful network verification

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this