Radu Stoenescu, Matei Popovici, L. Negreanu, C. Raiciu
{"title":"SymNet:静态检查有状态网络","authors":"Radu Stoenescu, Matei Popovici, L. Negreanu, C. Raiciu","doi":"10.1145/2535828.2535835","DOIUrl":null,"url":null,"abstract":"Today's networks deploy many stateful procesing boxes ranging from NATs to firewalls and application optimizers: these boxes operate on packet flows, rather than individual packets. As more and more middleboxes are deployed, understanding their composition is becoming increasingly difficult. Static checking of network configurations is a promising approach to help understand whether a network is configured properly, but existing tools are limited as they only support stateless processing.\n We propose to use symbolic execution---a technique prevalent in compilers---to check network properties more general than basic reachability. The key idea is to track the possible values for specified fields in the packet as it travels through a network. Each middlebox or router will impose constraints on certain fields of the packet via forwarding actions, packet modifications and filtering. The symbolic approach also allows us to model middlebox per-flow state in a scalable way.\n We have implemented this technique in a tool we call SymNet and conducted preliminary evaluation. Early results show SymNet scales well and models basic stateful middleboxes, opening the possibility of analyzing complex stateful middlebox behaviours.","PeriodicalId":325481,"journal":{"name":"Workshop on Hot topics in Middleboxes and Network Function Virtualization","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"23","resultStr":"{\"title\":\"SymNet: static checking for stateful networks\",\"authors\":\"Radu Stoenescu, Matei Popovici, L. Negreanu, C. Raiciu\",\"doi\":\"10.1145/2535828.2535835\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Today's networks deploy many stateful procesing boxes ranging from NATs to firewalls and application optimizers: these boxes operate on packet flows, rather than individual packets. As more and more middleboxes are deployed, understanding their composition is becoming increasingly difficult. Static checking of network configurations is a promising approach to help understand whether a network is configured properly, but existing tools are limited as they only support stateless processing.\\n We propose to use symbolic execution---a technique prevalent in compilers---to check network properties more general than basic reachability. The key idea is to track the possible values for specified fields in the packet as it travels through a network. Each middlebox or router will impose constraints on certain fields of the packet via forwarding actions, packet modifications and filtering. The symbolic approach also allows us to model middlebox per-flow state in a scalable way.\\n We have implemented this technique in a tool we call SymNet and conducted preliminary evaluation. Early results show SymNet scales well and models basic stateful middleboxes, opening the possibility of analyzing complex stateful middlebox behaviours.\",\"PeriodicalId\":325481,\"journal\":{\"name\":\"Workshop on Hot topics in Middleboxes and Network Function Virtualization\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-12-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"23\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Workshop on Hot topics in Middleboxes and Network Function Virtualization\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2535828.2535835\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Workshop on Hot topics in Middleboxes and Network Function Virtualization","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2535828.2535835","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Today's networks deploy many stateful procesing boxes ranging from NATs to firewalls and application optimizers: these boxes operate on packet flows, rather than individual packets. As more and more middleboxes are deployed, understanding their composition is becoming increasingly difficult. Static checking of network configurations is a promising approach to help understand whether a network is configured properly, but existing tools are limited as they only support stateless processing.
We propose to use symbolic execution---a technique prevalent in compilers---to check network properties more general than basic reachability. The key idea is to track the possible values for specified fields in the packet as it travels through a network. Each middlebox or router will impose constraints on certain fields of the packet via forwarding actions, packet modifications and filtering. The symbolic approach also allows us to model middlebox per-flow state in a scalable way.
We have implemented this technique in a tool we call SymNet and conducted preliminary evaluation. Early results show SymNet scales well and models basic stateful middleboxes, opening the possibility of analyzing complex stateful middlebox behaviours.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
