ECAI '92 Proceedings of the 10th European conference on Artificial intelligence
PROLOG Programming for Artificial Intelligence
PROLOG Programming for Artificial Intelligence
Solving the minimum-cost satisfiability problem using SAT based branch-and-bound search
Proceedings of the 2006 IEEE/ACM international conference on Computer-aided design
Network configuration management via model finding
LISA '05 Proceedings of the 19th conference on Large Installation System Administration Conference - Volume 19
Why do internet services fail, and what can be done about it?
USITS'03 Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4
Kodkod: a relational model finder
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Zchaff2004: an efficient SAT solver
SAT'04 Proceedings of the 7th international conference on Theory and Applications of Satisfiability Testing
Modeling and Management of Firewall Policies
IEEE Transactions on Network and Service Management
Boolean satisfiability from theoretical hardness to practical success
Communications of the ACM - A Blind Person's Interaction with Technology
Configuration management and security
IEEE Journal on Selected Areas in Communications - Special issue on network infrastructure configuration
Sat-solving approaches to context-aware enterprise network security management
IEEE Journal on Selected Areas in Communications - Special issue on network infrastructure configuration
Multi-aspect security configuration assessment
Proceedings of the 2nd ACM workshop on Assurable and usable security configuration
Towards automatic creation of usable security configuration
INFOCOM'10 Proceedings of the 29th conference on Information communications
Network-wide deployment of intrusion detection and prevention systems
Proceedings of the 6th International COnference
Declarative automated cloud resource orchestration
Proceedings of the 2nd ACM Symposium on Cloud Computing
Distilling critical attack graph surface iteratively through minimum-cost SAT solving
Proceedings of the 27th Annual Computer Security Applications Conference
On synthesizing distributed firewall configurations considering risk, usability and cost constraints
Proceedings of the 7th International Conference on Network and Services Management
Cologne: a declarative distributed constraint optimization platform
Proceedings of the VLDB Endowment
Generalized resource allocation for the cloud
Proceedings of the Third ACM Symposium on Cloud Computing
A declarative approach to automated configuration
lisa'12 Proceedings of the 26th international conference on Large Installation System Administration: strategies, tools, and techniques
Towards an efficient verification approach on network configuration
Proceedings of the 8th International Conference on Network and Service Management
| Hi-index | 0.00 |
There is a large conceptual gap between end-to-end infrastructure requirements and detailed component configuration implementing those requirements. Today, this gap is manually bridged so large numbers of configuration errors are made. Their adverse effects on infrastructure security, availability, and cost of ownership are well documented. This paper presents ConfigAssure to help automatically bridge the above gap. It proposes solutions to four fundamental problems: specification, configuration synthesis, configuration error diagnosis, and configuration error repair. Central to ConfigAssure is a Requirement Solver. It takes as input a configuration database containing variables, and a requirement as a first-order logic constraint in finite domains. The Solver tries to compute as output, values for variables that make the requirement true of the database when instantiated with these values. If unable to do so, it computes a proof of unsolvability. The Requirement Solver is used in different ways to solve the above problems. The Requirement Solver is implemented with Kodkod, a SAT-based model finder for first-order logic. While any requirement can be directly encoded in Kodkod, parts of it can often be solved much more efficiently by non model-finding methods using information available in the configuration database. Solving these parts and simplifying can yield a reduced constraint that truly requires the power of model-finding. To implement this plan, a quantifier-free form, QFF, is defined. A QFF is a Boolean combination of simple arithmetic constraints on integers. A requirement is specified by defining a partial evaluator that transforms it into an equivalent QFF. This QFF is efficiently solved by Kodkod. The partial evaluator is implemented in Prolog. ConfigAssure is shown to be natural and scalable in the context of a realistic, secure and fault-tolerant datacenter.