LFVeri：虚拟私有云网络配置验证

IF 3 3区计算机科学 Q2 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

IEEE/ACM Transactions on Networking Pub Date : 2024-10-03 DOI:10.1109/TNET.2024.3469386

Kun Wang;Chengcheng Zhao;Jinpei Chu;Yiping Shi;Jianyuan Lu;Biao Lyu;Shunmin Zhu;Peng Cheng;Jiming Chen

{"title":"LFVeri：虚拟私有云网络配置验证","authors":"Kun Wang;Chengcheng Zhao;Jinpei Chu;Yiping Shi;Jianyuan Lu;Biao Lyu;Shunmin Zhu;Peng Cheng;Jiming Chen","doi":"10.1109/TNET.2024.3469386","DOIUrl":null,"url":null,"abstract":"The Virtual Private Cloud (VPC) service enables users to configure shared resources within public clouds on demand, providing isolation between users. However, configuring the VPC network is a complex and error-prone task, and misconfiguration has been the leading cause of cloud network security issues. The large number of complex network components and configurations makes it difficult to perform scalable, efficient, and accurate fault verification of the network behavior. To address this issue, we design a comprehensive and automated fault diagnosis and localization tool, called \n<monospace>LFVeri</monospace>\n, which is built upon an innovative modular network model that accurately captures the logic functions of real components within VPC networks, and propose eleven functions to verify network reachability and security requirements. We conduct performance testing of \n<monospace>LFVeri</monospace>\n on various datasets and compared it with other verification tools. The experiments show that \n<monospace>LFVeri</monospace>\n outperforms in modeling and analyzing real VPC scenarios while also possessing the fastest verification speed. It can model and analyze large VPC networks with tens of thousands of components and millions of configuration rules in less than half an hour.","PeriodicalId":13443,"journal":{"name":"IEEE/ACM Transactions on Networking","volume":"32 6","pages":"5475-5490"},"PeriodicalIF":3.0000,"publicationDate":"2024-10-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"LFVeri: Network Configuration Verification for Virtual Private Cloud Networks\",\"authors\":\"Kun Wang;Chengcheng Zhao;Jinpei Chu;Yiping Shi;Jianyuan Lu;Biao Lyu;Shunmin Zhu;Peng Cheng;Jiming Chen\",\"doi\":\"10.1109/TNET.2024.3469386\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The Virtual Private Cloud (VPC) service enables users to configure shared resources within public clouds on demand, providing isolation between users. However, configuring the VPC network is a complex and error-prone task, and misconfiguration has been the leading cause of cloud network security issues. The large number of complex network components and configurations makes it difficult to perform scalable, efficient, and accurate fault verification of the network behavior. To address this issue, we design a comprehensive and automated fault diagnosis and localization tool, called \\n<monospace>LFVeri</monospace>\\n, which is built upon an innovative modular network model that accurately captures the logic functions of real components within VPC networks, and propose eleven functions to verify network reachability and security requirements. We conduct performance testing of \\n<monospace>LFVeri</monospace>\\n on various datasets and compared it with other verification tools. The experiments show that \\n<monospace>LFVeri</monospace>\\n outperforms in modeling and analyzing real VPC scenarios while also possessing the fastest verification speed. It can model and analyze large VPC networks with tens of thousands of components and millions of configuration rules in less than half an hour.\",\"PeriodicalId\":13443,\"journal\":{\"name\":\"IEEE/ACM Transactions on Networking\",\"volume\":\"32 6\",\"pages\":\"5475-5490\"},\"PeriodicalIF\":3.0000,\"publicationDate\":\"2024-10-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE/ACM Transactions on Networking\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10703850/\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE/ACM Transactions on Networking","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10703850/","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

摘要

VPC （Virtual Private Cloud）业务提供了在公有云中按需配置共享资源的功能，实现了用户间的资源隔离。然而，VPC网络的配置是一项复杂且容易出错的任务，错误的配置已经成为云网络安全问题的主要原因。大量复杂的网络组件和配置使得对网络行为进行可扩展、高效、准确的故障验证变得困难。为了解决这一问题，我们设计了一种全面、自动化的故障诊断和定位工具LFVeri，该工具基于创新的模块化网络模型，能够准确捕获VPC网络中真实组件的逻辑功能，并提出了11种功能来验证网络可达性和安全需求。我们在不同的数据集上对LFVeri进行了性能测试，并与其他验证工具进行了比较。实验表明，LFVeri在建模和分析真实VPC场景方面表现优异，同时具有最快的验证速度。它可以在不到半小时的时间内对具有数万个组件和数百万条配置规则的大型VPC网络进行建模和分析。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

LFVeri: Network Configuration Verification for Virtual Private Cloud Networks

The Virtual Private Cloud (VPC) service enables users to configure shared resources within public clouds on demand, providing isolation between users. However, configuring the VPC network is a complex and error-prone task, and misconfiguration has been the leading cause of cloud network security issues. The large number of complex network components and configurations makes it difficult to perform scalable, efficient, and accurate fault verification of the network behavior. To address this issue, we design a comprehensive and automated fault diagnosis and localization tool, called LFVeri , which is built upon an innovative modular network model that accurately captures the logic functions of real components within VPC networks, and propose eleven functions to verify network reachability and security requirements. We conduct performance testing of LFVeri on various datasets and compared it with other verification tools. The experiments show that LFVeri outperforms in modeling and analyzing real VPC scenarios while also possessing the fastest verification speed. It can model and analyze large VPC networks with tens of thousands of components and millions of configuration rules in less than half an hour.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE/ACM Transactions on Networking 工程技术-电信学

CiteScore

8.20

自引率

5.40%

发文量

246

审稿时长

4-8 weeks

期刊介绍： The IEEE/ACM Transactions on Networking’s high-level objective is to publish high-quality, original research results derived from theoretical or experimental exploration of the area of communication/computer networking, covering all sorts of information transport networks over all sorts of physical layer technologies, both wireline (all kinds of guided media: e.g., copper, optical) and wireless (e.g., radio-frequency, acoustic (e.g., underwater), infra-red), or hybrids of these. The journal welcomes applied contributions reporting on novel experiences and experiments with actual systems.