TY - GEN
T1 - Config2Spec
T2 - 17th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2020
AU - Birkner, Rüdiger
AU - Drachsler Cohen, Dana
AU - Vanbever, Laurent
AU - Vechev, Martin
N1 - Publisher Copyright: © Proc. of the 17th USENIX Symposium on Networked Systems Design and Impl., NSDI 2020. All rights reserved.
PY - 2020
Y1 - 2020
N2 - Network verification and configuration synthesis are promising approaches to make networks more reliable and secure by enforcing a set of policies. However, these approaches require a formal and precise description of the intended network behavior, imposing a major barrier to their adoption: network operators are not only reluctant to write formal specifications, but often do not even know what these specifications are. We present Config2Spec, a system that automatically synthesizes a formal specification (a set of policies) of a network given its configuration and a failure model (e.g., up to two link failures). A key technical challenge is to design a synthesis algorithm which can efficiently explore the large space of possible policies. To address this challenge, Config2Spec relies on a careful combination of two well-known methods: data plane analysis and control plane verification. Experimental results show that Config2Spec scales to mining specifications of large networks (>150 routers).
AB - Network verification and configuration synthesis are promising approaches to make networks more reliable and secure by enforcing a set of policies. However, these approaches require a formal and precise description of the intended network behavior, imposing a major barrier to their adoption: network operators are not only reluctant to write formal specifications, but often do not even know what these specifications are. We present Config2Spec, a system that automatically synthesizes a formal specification (a set of policies) of a network given its configuration and a failure model (e.g., up to two link failures). A key technical challenge is to design a synthesis algorithm which can efficiently explore the large space of possible policies. To address this challenge, Config2Spec relies on a careful combination of two well-known methods: data plane analysis and control plane verification. Experimental results show that Config2Spec scales to mining specifications of large networks (>150 routers).
UR - http://www.scopus.com/inward/record.url?scp=85080777248&partnerID=8YFLogxK
M3 - منشور من مؤتمر
T3 - Proceedings of the 17th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2020
SP - 969
EP - 984
BT - Proceedings of the 17th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2020
Y2 - 25 February 2020 through 27 February 2020
ER -