VeriCon either confirms the correctness of the controller program on all admissible network topologies or outputs a concrete counterexample. We present VeriCon, the first system for verifying that an SDN program is correct on all admissible topologies and for all possible (infinite) sequences of network events. However, in general, scaling these methods to large networks is challenging and, moreover, they cannot guarantee the absence of errors. Indeed, recently much effort has been invested in applying finite state model checking to check that SDN programs behave correctly. SDN opens up the possibility of applying formal methods to prove the correctness of computer networks. Network operators can run both inhouse and third-party SDN programs (often called applications) on top of the controller, e.g., to specify routing and access control policies. SDN enables logically-centralized control over network devices through a "controller" software that operates independently from the network hardware, and can be viewed as the network operating system. We demonstrate our results by addressing compliance with the NaCl security policies in real-world cryptographic code, highlighting the potential for automation of our techniques.read more read lessĪbstract: Software-defined networking (SDN) is a new paradigm for operating and managing computer networks. We formalize these policies and propose a formal verification approach based on self-composition, extending the range of security policies that could previously be handled using this technique. We tackle the formal verification of high-level security policies adopted in the implementation of the recently proposed NaCl cryptographic library. In this paper, we extend previous results supporting the practicality of self-composition proofs of non-interference and generalizations thereof. This is due to the domain-specific characteristics of the code, involving aggressive optimizations and non-functional security requirements, namely the critical aspect of countermeasures against side-channel attacks. Abstract: Formal verification of cryptographic software implementations poses significant challenges for off-the-shelf tools.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |