Formal Verification of SDN-Based Firewalls by Using TLA+

Kim, Youngmi; Kang, Miyoung

doi:10.1109/access.2020.2979894

Cited by 17 publications

(65 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Formal verification has been introduced in this field by some subsequent articles ( [11], [15], [16], [17], [18]), which underlined the importance of formal correctness assurance for the automatically computed configurations. Formal verification of firewall configurations has recently become a vital requirement for critical environments, as underlined in [6]. All these approaches miss some of the other features characterizing our approach.…”

Section: Automatic Firewall Configurationmentioning

confidence: 99%

“…Designing and managing these complex architectures requires automation, because positioning and configuring virtual instances manually can likely lead to incorrect or non-optimal solutions, in addition to taking excessive time. Instead, automation, paired with formal verification techniques (e.g., [5] or [6]), is the key for computing provably correct and optimized solutions rapidly enough.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Automated Firewall Configuration in Virtual Networks

Bringhenti

Marchetto

Sisto

et al. 2023

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

The configuration of security functions in computer networks is still typically performed manually, which likely leads to security breaches and long re-configuration times. This problem is exacerbated for modern networks based on network virtualization, because their complexity and dynamics make a correct manual configuration practically unfeasible. This article focuses on packet filters, i.e., the most common firewall technology used in computer networks, and it proposes a new methodology to automatically define the allocation scheme and configuration of packet filters in the logical topology of a virtual network. The proposed method is based on solving a carefully designed partial weighted Maximum Satisfiability Modulo Theories problem by means of a state-of-the-art solver. This approach formally guarantees the correctness of the solution, i.e., that all security requirements are satisfied, and it minimizes the number of needed firewalls and firewall rules. This methodology is extensively evaluated using different metrics and tests on both synthetic and real use cases, and compared to the state-of-the-art solutions, showing its superiority.

show abstract

Section: Automatic Firewall Configurationmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Automated Firewall Configuration in Virtual Networks

Bringhenti

Marchetto

Sisto

et al. 2023

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

show abstract

“…On contrary, deterministic models are significantly more complex and can represent only a single behavior at most [12]. Reasoning in terms of non-deterministic models, it should be noted that model checking technique on the basis of FSM (Finite-state Machine) has already proved itself to be a plausible solution: checking the design solutions for Amazon Web Services [13], implementing the Temporal Logic of Actions (TLA), corresponding TLA+ formalism and TLC (TLA Checker) model checker [14]; specifying and verifying the rules of Firewall (on the basis of TLA) [15]; modeling and developing the fault-tolerant safety-critical modules for a platform for railway control applications up to safety integrity level 4 (on the basis of TLA) [16].…”

Section: Related Workmentioning

confidence: 99%

On the Approaches to Cyber-physical Systems Simulation

Shkarupylo,

Kudermetov,

Polska

2018

ACPS

View full text Add to dashboard Cite

A comparative analysis of existing approaches to Cyber-Physical Systems simulation has been conducted. The intrinsic peculiarities of Cyber-Physical Systems have been reasoned and generalized. The limitations of available simulation tools have been pointed out. The approach to Cyber-Physical Systems design solutions checking on the basis of timed automata, UPPAAL integrated tool environment and Temporal Logic of Actions usage has been proposed. The proposed approach is supposed to be applied at designing stage -to prevent the potential time and computational expenses on overcomplicated or faulty formal models checking. A case study on electric power delivery system usage scenario has been conducted.

show abstract

“…In the recent years several formal models of SDN (e.g. [2,15,16]) have been proposed in order to test or check that a network behave correctly.…”

Section: Introductionmentioning

confidence: 99%

“…It does not support update of flow tables nor routing of multiple packets. TLA+ [18] has also been used to model the behaviour of SDN but in a very restrictive manner, allowing only a single switch [16]. Formal models are used not only to verify properties of an SDN such as consistency of flow tables, violation of safety policies, or forwarding loops, but also for finding flaws in security protocols using CSP and the model checker PAT [24].…”

Section: Introductionmentioning

confidence: 99%

A Reo Model of Software Defined Networks

Feng

Arbab

Bonsangue

2019

Formal Methods and Software Engineering

View full text Add to dashboard Cite

Reo is a compositional coordination language for component connectors with a formal semantics based on automata. In this paper, we propose a formal model of software defined networks (SDNs) based on Reo where declarative constructs comprising of basic Reo primitives compose to specify descriptive models of both data and control planes of SDNs. We first describe the model of an SDN switch which can be compactly represented as a single state constraint automaton with a memory storing its flow table. A full network can then be compositionally constructed by composing the switches with basic communication channels. The reactive and proactive behaviour of the controllers in the control plane of an SDN can also be modelled by Reo connectors, which can compose the connectors representing data plane. The resulting model is suitable for testing, simulation, visualization, verification, and ultimately compilation into SDN switch code using the standard tools already available for Reo. Keywords: Formal model • Software defined networks • Reo • Constraint automata • Component composition • Coordination This research is supported by China Scholarship Council.

show abstract

Formal Verification of SDN-Based Firewalls by Using TLA+

Cited by 17 publications

References 14 publications

Automated Firewall Configuration in Virtual Networks

Automated Firewall Configuration in Virtual Networks

On the Approaches to Cyber-physical Systems Simulation

A Reo Model of Software Defined Networks

Contact Info

Product

Resources

About