Concurrent programming in ERLANG (2nd ed.)
Concurrent programming in ERLANG (2nd ed.)
Moving from the design of usable security technologies to the design of useful secure applications
Proceedings of the 2002 workshop on New security paradigms
A study of Erlang ETS table implementations and performance
Proceedings of the 2003 ACM SIGPLAN workshop on Erlang
Modeling and Verification of IPSec and VPN Security Policies
ICNP '05 Proceedings of the 13TH IEEE International Conference on Network Protocols
FIREMAN: A Toolkit for FIREwall Modeling and ANalysis
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Computer Networks: The International Journal of Computer and Telecommunications Networking
Detecting BGP configuration faults with static analysis
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Declarative Infrastructure Configuration Synthesis and Debugging
Journal of Network and Systems Management
On understanding transient interdomain routing failures
IEEE/ACM Transactions on Networking (TON)
Internet optometry: assessing the broken glasses in internet reachability
Proceedings of the 9th ACM SIGCOMM conference on Internet measurement conference
Quantifying and Querying Network Reachability
ICDCS '10 Proceedings of the 2010 IEEE 30th International Conference on Distributed Computing Systems
Debugging the data plane with anteater
Proceedings of the ACM SIGCOMM 2011 conference
Network configuration in a box: towards end-to-end verification of network reachability and security
ICNP '09 Proceedings of the 2009 17th IEEE International Conference on Network Protocols. ICNP 2009
Hi-index | 0.00 |
This paper presents our new design and implementation of a configuration verification system called ConfVS. With the increasing complexity of network configuration, verifying network behavior has become a highly time-consuming and error-prone process. Much research effort has been made to tackle this challenge. In this paper, we propose a formalization scheme based on binary decision diagram to model the entire network behavior specified by diverse configuration requirements (e.g., security policies, routing policies, and address translation rules), and design a set of algorithms to efficiently verify the compliance of network behavior to the requirements. Our experiments show that ConfVS can validate thousands of network devices configured by millions rules with ten times improved efficiency when compared to several well-known existing solutions.