SymNet: Symbolic Execution for Static Network Analysis Radu Stoenescu Matei Popovici Lorina Negreanu Costin Raiciu University POLITEHNICA of Bucharest 1
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
SymNet: Symbolic Execution for Static Network Analysis
Radu StoenescuMatei PopoviciLorina NegreanuCostin Raiciu
University POLITEHNICA of Bucharest
2
Context and problem
• Middleboxes vs. End-to-End Principle
Reasoning about network behavior is increasingly difficult.
• Network Function Virtualization
3
Introducing SymNet
Client ServerProxy
• Can the Client communicate with the Server using TCP ?
• If so, in what way do the header fields change along the path ?
4
Intuition behind SymNet
Network hosts Program blocks
Traffic flow analysis Data flow analysis
void process(Packet* p) { Port out = getDestination(p); send(p, out);}
Network Program
Network element Program block
Network hosts as Program blocks
IP_src = Client_IPIP_dst = Proxy_IP
IP_src = Client_IPIP_dst = Server_IP
IP_src = Proxy_IPIP_dst = Client_IP
IP_src = Server_IPIP_dst = Client_IP
Packet proxy(Packet* in) { if (in->IP_src == Server_IP) { // outbound traffic in->IP_src = Proxy_IP; } else { // inbound traffic in->IP_dst = Server_IP; }}
6
Data Flow Analysis using Symbolic Execution
Packet proxy(Packet* in) { if (in->IP_src == Server_IP) { // outbound traffic in->IP_src = Proxy_IP; } else { // inbound traffic in->IP_dst = Server_IP; }}
in = ?in->IP_src = ?in->IP_dst = ?
in = ?in->IP_src = Server_IPin->IP_dst = ?
NULL pointer ?
in = ?in->IP_src = Proxy_IPin->IP_dst = ?in = ?in->IP_src != Server_IPin->IP_dst = ?
in = ?in->IP_src != Server_IPin->IP_dst = Server_IP
Traffic reachingthe client
in = ?in->IP_src = Proxy_IPin->IP_dst = ?
Traffic reaching the server
in = ?in->IP_src != Server_IPin->IP_dst = Server_IP
Results
7
Networks as ProgramsNetwork
req = client();Client
Server
Proxy
Program Symbolicexecution
req = proxy(req);
req = server(req);
req = proxy(req);
client(req);
IP_src = Client_IPIP_dst = Proxy_IP
IP_src = Client_IPIP_dst = Server_IP
IP_src = Proxy_IPIP_dst = Client_IP
IP_src = Server_IPIP_dst = Client_IP
8
Assumptions
● Global state is not relevant to network traffic analysis– What if the proxy runs out of memory ?
● Any traffic flows are independent
Implementing SymNet
Click language parserClickconfiguration
Network ModelSelect
ExecuteAnalyze
10
Scalability
11
Evaluation
• TCP/IP connectivity over IP-in-IP tunnels• Client – Server TCP/IP connectivity over
stateful middleboxes such as NAT, Proxy, Firewall
• TCP/IP connectivity over middleboxes that alter the Options header field or the initial SEQ
12
Conclusions
• SymNet can perform analysis of networks• Analysis performed - reachability and loop
detection• SymNet offers a scalable alternative to the
problem of static network checking
13
Future work
• Extend SymNet to allow input in the form of C source files
• Extend the coverage of Click elements that SymNet can analyze
14
Q&A
Summary• SymNet can perform analysis of networks• Analysis performed - reachability and loop
detection• SymNet offers a scalable alternative to the
problem of static network checking
Related Documents
