Verisim: Formal Analysis of Network Simulations
IEEE Transactions on Software Engineering
Distributed Algorithms
Formal verification of standards for distance vector routing protocols
Journal of the ACM (JACM)
From symptom to cause: localizing errors in counterexample traces
POPL '03 Proceedings of the 30th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Finding Feasible Counter-examples when Model Checking Abstracted Java Programs
TACAS 2001 Proceedings of the 7th International Conference on Tools and Algorithms for the Construction and Analysis of Systems
Java-MaC: A Run-Time Assurance Approach for Java Programs
Formal Methods in System Design
What went wrong: explaining counterexamples
SPIN'03 Proceedings of the 10th international conference on Model checking software
A methodology for model-checking ad-hoc networks
SPIN'03 Proceedings of the 10th international conference on Model checking software
| Hi-index | 0.00 |
One of the prerequisites for information society is secure and reliable communication among computing systems. Accordingly, network security appliances become key components of infrastructure, not only as security guardians, but also as reliable network components. Thus, for both fault tolerance and high network throughput, multiple security appliances are often deployed together in a group and managed via High-Availability (HA) protocol. In this paper, we present our experience of formally modeling and verifying the HA protocol used for commercial network security appliances through model checking. In addition, we applied a new debugging technique to detect multiple bugs without modifying/fixing the HA model by analyzing all counter examples. Throughout these formal analysis, we could effectively detect several design flaws.