research-article

VeriCon: towards verifying controller programs in software-defined networks

Authors:

Nikolaj Bjørner,

Shachar Itzhaky,

Aleksandr Karbyshev,

Michael Schapira,

Asaf ValadarskyAuthors Info & Claims

ACM SIGPLAN Notices, Volume 49, Issue 6

Pages 282 - 293

https://doi.org/10.1145/2666356.2594317

Published: 09 June 2014 Publication History

Abstract

Software-defined networking (SDN) is a new paradigm for operating and managing computer networks. SDN enables logically-centralized control over network devices through a "controller" software that operates independently from the network hardware, and can be viewed as the network operating system. Network operators can run both inhouse and third-party SDN programs (often called applications) on top of the controller, e.g., to specify routing and access control policies. SDN opens up the possibility of applying formal methods to prove the correctness of computer networks. Indeed, recently much effort has been invested in applying finite state model checking to check that SDN programs behave correctly. However, in general, scaling these methods to large networks is challenging and, moreover, they cannot guarantee the absence of errors.

We present VeriCon, the first system for verifying that an SDN program is correct on all admissible topologies and for all possible (infinite) sequences of network events. VeriCon either confirms the correctness of the controller program on all admissible network topologies or outputs a concrete counterexample. VeriCon uses first-order logic to specify admissible network topologies and desired network-wide invariants, and then implements classical Floyd-Hoare-Dijkstra deductive verification using Z3. Our preliminary experience indicates that VeriCon is able to rapidly verify correctness, or identify bugs, for a large repertoire of simple core SDN programs. VeriCon is compositional, in the sense that it verifies the correctness of execution of any single network event w.r.t. the specified invariant, and can thus scale to handle large programs. To relieve the burden of specifying inductive invariants from the programmer, VeriCon includes a separate procedure for inferring invariants, which is shown to be effective on simple controller programs. We view VeriCon as a first step en route to practical mechanisms for verifying network-wide invariants of SDN programs.

References

[1]

OpenFlow Switch Specification, Oct. 2013. Version 1.4.0.

[2]

Anderson, C. J., Foster, N., Guha, A., Jeannin, J.-B., Kozen, D., Schlesinger, C., and Walker, D. NetKAT: Semantic foundations for networks. In POPL (2014), S. Jagannathan and P. Sewell, Eds., ACM, pp. 113--126.

Digital Library

[3]

Canini, M., Venzano, D., Peres, P., Kostic, D., and Rexford, J. A NICE Way to Test OpenFlow Applications. In NSDI (2012).

Digital Library

[4]

de Moura, L. M., and Bjørner, N. Z3: An Efficient SMT Solver. In TACAS (2008), C. R. Ramakrishnan and J. Rehof, Eds., vol. 4963 of Lecture Notes in Computer Science, Springer, pp. 337--340.

Digital Library

[5]

Dijkstra, E. W. Guarded commands, nondeterminacy and formal derivation of programs. Commun. ACM 18, 8 (1975), 453--457.

Digital Library

[6]

Foster, N., Guha, A., Reitblatt, M., Story, A., Freedman, M. J., Katta, N. P., Monsanto, C., Reich, J., Rexford, J., Schlesinger, C., Walker, D., and Harrison, R. Languages for software-defined networks. IEEE Communications Magazine 51, 2 (2013), 128--134.

[7]

Frade, M., and Pinto, J. Verification conditions for source-level imperative programs. Computer Science Review 5, 3 (2011), 252--277.

Digital Library

[8]

Gember, A., Krishnamurthy, A., John, S. S., Grandl, R., Gao, X., Anand, A., Benson, T., Akella, A., and Sekar, V. Stratos: A Network-Aware Orchestration Layer for Middleboxes in the Cloud. Tech. Rep. arXiv:1305.0209, 2013.

[9]

Godefroid, P., Klarlund, N., and Sen, K. DART: directed automated random testing. In PLDI (2005), pp. 213--223.

Digital Library

[10]

Guha, A., Reitblatt, M., and Foster, N. Machine-verified network controllers. In PLDI (2013), pp. 483--494.

Digital Library

[11]

Jain, S., Kumar, A., Mandal, S., Ong, J., Poutievski, L., Singh, A., Venkata, S., Wanderer, J., Zhou, J., Zhu, M., Zolla, J., Hölzle, U., Stuart, S., and Vahdat, A. B4: Experience with a Globally-deployed Software Defined WAN. In ACM SIGCOMM (2013), pp. 3--14.

Digital Library

[12]

Katta, N. P., Rexford, J., and Walker, D. Logic programming for software-defined networks. In ACM SIGPLAN Workshop on Cross-model Language Design and Implementation (Sept. 2012).

[13]

Kazemian, P., Chang, M., Zeng, H., Varghese, G., McKeown, N., and Whyte, S. Real Time Network Policy Checking using Header Space Analysis. In 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI '13) (2013).

Digital Library

[14]

Kazemian, P., Varghese, G., and McKeown, N. Header Space Analysis: Static Checking For Networks. In 9th USENIX Symposium on Networked Systems Design and Implementation (NSDI '12) (2012).

Digital Library

[15]

Khurshid, A., Zhou, W., Caesar, M., and Godfrey, B. Veriflow: verifying network-wide invariants in real time. Computer Communication Review 42, 4 (2012), 467--472.

Digital Library

[16]

Koponen, T., Amidon, K., Balland, P., Casado, M., Chanda, A., Fulton, B., Ganichev, I., Gross, J., Gude, N., Ingram, P., Jackson, E., Lambeth, A., Lenglet, R., Li, S.-H., Padmanabhan, A., Pettit, J., Pfaff, B., Ramanathan, R., Shenker, S., Shieh, A., Stribling, J., Thakkar, P., Wendlandt, D., Yip, A., and Zhang, R. Network virtualization in multi-tenant datacenters. In 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI '14) (2014).

Digital Library

[17]

Kuzniar, M., Peresini, P., Canini, M., Venzano, D., and Kostic, D. A SOFT Way for OpenFlow Switch Interoperability Testing. In CoNEXT (2012), pp. 265--276.

Digital Library

[18]

McCarthy, J. Towards a mathematical science of computation. In IFIP Congress (1962), pp. 21--28.

[19]

Nayak, A. K., Reimers, A., Feamster, N., and Clark, R. Resonance: Dynamic Access Control for Enterprise Networks. In Proceedings of the 1st ACM Workshop on Research on Enterprise Networking (WREN '09) (2009), pp. 11--18.

Digital Library

[20]

Nelson, T., Ferguson, A. D., Scheer, M. J. G., and Krishnamurthi, S. A balance of power: Expressive, analyzable controller programming. In 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI '14) (2014).

[21]

Qazi, Z. A., Tu, C.-C., Miao, R., Sekar, V., and Yu, M. SIMPLE-fying Middlebox Policy Enforcement Using SDN. In ACM SIGCOMM (2013), pp. 27--38.

Digital Library

[22]

Reitblatt, M., Foster, N., Rexford, J., Schlesinger, C., and Walker, D. Abstractions for network update. In ACM SIGCOMM (2012), pp. 323--334.

Digital Library

[23]

Sethi, D., Narayana, S., and Malik, S. Abstractions for model checking sdn controllers. In FMCAD (2013).

[24]

Skowyra, R., Lapets, A., Bestavros, A., and Kfoury, A. A verification platform for sdn-enabled applications. In HiCoNS (2013).

[25]

Voellmy, A., Wang, J., Yang, Y. R., Ford, B., and Hudak, P. Maple: simplifying SDN programming using algorithmic policies. In ACM SIGCOMM (2013), pp. 87--98.

Digital Library

Cited By

Dundua BKapanadze ISeidl H(2024)Prenex Universal First-order Safety PropertiesInformation Processing Letters10.1016/j.ipl.2024.106488(106488)Online publication date: Feb-2024
https://doi.org/10.1016/j.ipl.2024.106488
Liao JHe BWang JWang JQi QLiao JHe BWang JWang JQi Q(2024)Intelligent Allocation Technologies for All-Scenario KDN ResourcesKey Technologies for On-Demand 6G Network Services10.1007/978-3-031-70606-6_7(163-201)Online publication date: 26-Sep-2024
https://doi.org/10.1007/978-3-031-70606-6_7
Abood MAbdul-Majeed G(2023)Classification of network slicing threats based on slicing enablers: A surveyInternational Journal of Intelligent Networks10.1016/j.ijin.2023.04.0024(103-112)Online publication date: 2023
https://doi.org/10.1016/j.ijin.2023.04.002
Show More Cited By

Index Terms

VeriCon: towards verifying controller programs in software-defined networks
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Formal software verification
  2. Software organization and properties
    1. Software functional properties
      1. Correctness
      2. Formal methods
2. Theory of computation
  1. Logic
    1. Proof theory
  2. Semantics and reasoning
    1. Program reasoning
      1. Invariants
      2. Program verification

Recommendations

VeriCon: towards verifying controller programs in software-defined networks
PLDI '14: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation

Software-defined networking (SDN) is a new paradigm for operating and managing computer networks. SDN enables logically-centralized control over network devices through a "controller" software that operates independently from the network hardware, and ...
UPPAAL-Based Software-Defined Network Verification
TMPA '13: Proceedings of the 2013 Tools & Methods of Program Analysis

A lot of efforts were made in the last few years in the area of software-defined networks (SDN) - a special kind of computer networks in which the switching device control is fully centralized. This paper investigates the problems of formal description ...
Verifiably-safe software-defined networks for CPS
HiCoNS '13: Proceedings of the 2nd ACM international conference on High confidence networked systems

Next generation cyber-physical systems (CPS) are expected to be deployed in domains which require scalability as well as performance under dynamic conditions. This scale and dynamicity will require that CPS communication networks be programmatic (i.e., ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGPLAN Notices

ACM SIGPLAN Notices Volume 49, Issue 6

PLDI '14

June 2014

598 pages

ISSN:0362-1340

EISSN:1558-1160

DOI:10.1145/2666356

Editor:
Andy Gill
University of Kansas, Lawrence, KS

Issue’s Table of Contents

PLDI '14: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation
June 2014
619 pages
ISBN:9781450327848
DOI:10.1145/2594291
General Chair:
Michael O'Boyle
University of Edinburgh
,
Program Chair:
Keshav Pingali
University of Texas, Austin

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 June 2014

Published in SIGPLAN Volume 49, Issue 6

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Seventh Framework Programme
Technical University of Munich

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

82
Total Citations
View Citations
993
Total Downloads

Downloads (Last 12 months)43
Downloads (Last 6 weeks)1

Reflects downloads up to 24 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Dundua BKapanadze ISeidl H(2024)Prenex Universal First-order Safety PropertiesInformation Processing Letters10.1016/j.ipl.2024.106488(106488)Online publication date: Feb-2024
https://doi.org/10.1016/j.ipl.2024.106488
Liao JHe BWang JWang JQi QLiao JHe BWang JWang JQi Q(2024)Intelligent Allocation Technologies for All-Scenario KDN ResourcesKey Technologies for On-Demand 6G Network Services10.1007/978-3-031-70606-6_7(163-201)Online publication date: 26-Sep-2024
https://doi.org/10.1007/978-3-031-70606-6_7
Abood MAbdul-Majeed G(2023)Classification of network slicing threats based on slicing enablers: A surveyInternational Journal of Intelligent Networks10.1016/j.ijin.2023.04.0024(103-112)Online publication date: 2023
https://doi.org/10.1016/j.ijin.2023.04.002
Patgiri RNayak SMuppalaneni N(2023)Enhancement of software-defined networking using Bloom FilterBloom Filter10.1016/B978-0-12-823520-1.00018-3(117-130)Online publication date: 2023
https://doi.org/10.1016/B978-0-12-823520-1.00018-3
Xi SBu KMao WZhang XRen KRen X(2022)RuleOut Forwarding Anomalies for SDNIEEE/ACM Transactions on Networking10.1109/TNET.2022.3194970(1-13)Online publication date: 2022
https://doi.org/10.1109/TNET.2022.3194970
Müller CSeidl H(2022)Stratified guarded first-order transition systemsFormal Methods in System Design10.1007/s10703-022-00404-9Online publication date: 22-Nov-2022
https://doi.org/10.1007/s10703-022-00404-9
Shi LWang YAlur RLoo B(2022)Automatic Repair for Network ProgramsTools and Algorithms for the Construction and Analysis of Systems10.1007/978-3-030-99527-0_19(353-372)Online publication date: 30-Mar-2022
https://doi.org/10.1007/978-3-030-99527-0_19
Bringhenti DMarchetto GSisto RSpinoso SValenza FYusupov J(2021)Improving the Formal Verification of Reachability Policies in Virtualized NetworksIEEE Transactions on Network and Service Management10.1109/TNSM.2020.304578118:1(713-728)Online publication date: 1-Mar-2021
https://dl.acm.org/doi/10.1109/TNSM.2020.3045781
Müller CSeidl H(2021)Stratified Guarded First-Order Transition SystemsStatic Analysis10.1007/978-3-030-65474-0_6(113-133)Online publication date: 13-Jan-2021
https://doi.org/10.1007/978-3-030-65474-0_6
Belkhiri ADagenais M(2021)Diagnostic and troubleshooting of OpenFlow‐enabled switches using kernel and userspace tracesInternational Journal of Communication Systems10.1002/dac.492034:14Online publication date: 17-Jul-2021
https://doi.org/10.1002/dac.4920
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents