Matei Popovici

SymNet: Scalable symbolic execution for modern networks

We present SymNet, a network static analysis tool based on symbolic execution. SymNet injects symbolic packets and tracks their evolution through the network. Our key novelty is SEFL, a language we designed for expressing data plane processing in a symbolic-execution friendly manner. SymNet statically analyzes an abstract data plane model that consists of the SEFL code for every node and the links between nodes. SymNet can check networks containing routers with hundreds of thousands of prefixes and NATs in seconds, while verifying packet header memory-safety and covering network functionality such as dynamic tunneling, stateful processing and encryption. We used SymNet to debug mid- dlebox interactions from the literature, to check properties of our department’s network and the Stanford backbone. Modeling network functionality is not easy. To aid users we have developed parsers that automatically generate SEFL models from router and switch tables, firewall configura- tions and arbitrary Click modular router configurations. The parsers rely on prebuilt models that are exact and fast to an- alyze. Finally, we have built an automated testing tool that combines symbolic execution and testing to check whether the model is an accurate representation of the real code.

In-Net: in-network processing for the masses

Network Function Virtualization is pushing network operators to deploy commodity hardware that will be used to run middlebox functionality and processing on behalf of third parties: in effect, network operators are slowly but surely becoming in-network cloud providers. The market for innetwork clouds is large, ranging from content providers, mobile applications and even end-users. We show in this paper that blindly adopting cloud technologies in the context of in-network clouds is not feasible from both the security and scalability points of view. Instead we propose In-Net, an architecture that allows untrusted endpoints as well as content-providers to deploy custom in-network processing to be run on platforms owned by network operators. In-Net relies on static analysis to allow platforms to check whether the requested processing is safe, and whether it contradicts the operators policies. We have implemented In-Net and tested it in the wide-area, supporting a range of use-cases that are difficult to deploy today. Our experience shows that In-Net is secure, scales to many users (thousands of clients on a single inexpensive server), allows for a wide-range of functionality, and offers benefits to end-users, network operators and content providers alike.

SymNet: static checking for stateful networks

Todays networks deploy many stateful procesing boxes ranging from NATs to firewalls and application optimizers: these boxes operate on packet flows, rather than individual packets. As more and more middleboxes are deployed, understanding their composition is becoming increasingly difficult. Static checking of network configurations is a promising approach to help understand whether a network is configured properly, but existing tools are limited as they only support stateless processing. We propose to use symbolic execution---a technique prevalent in compilers---to check network properties more general than basic reachability. The key idea is to track the possible values for specified fields in the packet as it travels through a network. Each middlebox or router will impose constraints on certain fields of the packet via forwarding actions, packet modifications and filtering. The symbolic approach also allows us to model middlebox per-flow state in a scalable way. We have implemented this technique in a tool we call SymNet and conducted preliminary evaluation. Early results show SymNet scales well and models basic stateful middleboxes, opening the possibility of analyzing complex stateful middlebox behaviours.

An Ontology-Based Dynamic Service Composition Framework for Intelligent Houses

In order to improve users ability to interact with devices in an intelligent house, we propose a platform for intelligent device composition, based on Service Oriented Architecture. In such an environment, devices can be controlled and monitored using Service invocations, or they can interoperate in order to fulfil complex tasks, using Service composition. As part of our platform, we define a language for dynamic service composition, called MetaBPEL. It extends the WS-BPEL 2.0 language with semantic information, and acts as an abstract workflow definition mechanism. Unlike BPEL and other conventional composition languages, MetaBPEL does not bind to actual service implementations, but merely describes capabilities that services must have, in order to participate in a workflow. This feature allows both workflow migration between different environments as well as service replacement without modifying the composition scheme. In the article, we describe the MetaBPEL structure and the associated creation, generalization and instantiation mechanisms.

Using Evolution Graphs for Describing Topology-Aware Prediction Models in Large Clusters

We present and formally investigate a modelling method suitable for describing events and time-dependent properties and for performing possibly complex reasoning tasks regarding the evolution of dynamic domains. Our proposal consists of a distinguished data structure called evolution graph, and a logical language (\(\ensuremath{L_\ensuremath{\mathcal{H}}}\)) used for identifying temporal patterns in evolution graphs. First, we define and study the complexity of the model checking problem for our language. We then investigate the relation between our language and the well-known Computation Tree Logic (CTL), both in terms of complexity and expressive power. Finally, we apply our method for solving a well-known problem from High Performance Computing (HPC): the extraction of topology information from event logs produced by supercomputers.

A modeling method and declarative language for temporal reasoning based on fluid qualities

Current knowledge representation mechanisms focus more on providing a static description of a modeled universe and less on capturing evolution. Ontology modeling languages, such as OWL, have no inherent means for describing time or time-dependent properties. In such settings, time is usually represented along with other applicationdependent concepts, yielding complex models that are difficult to maintain, extend, and reason about. On the other hand, in imperative languages that allow the definition of time-dependent behavior and interactions such as WS-BPEL, the emphasis is on specifying the control flow in a service-oriented environment. In contrast, we argue that a declarative approach is more suitable. We propose a modeling method and a declarative language, designed for representing and reasoning about time-dependent properties. The method is applicable in areas such as ubiquitous computing, allowing the specification of intelligent device behaviour.

Exploiting Multipath Congestion Control for Fun and Profit

Multipath congestion control prefers sending more traffic over paths with lower loss rates. This behaviour is key to achieving resource pooling and efficiently allocating resources in multipath networks. However, loss rates can be manipulated in the Internet by service providers to trick multipath traffic to travel via different paths. We show how providers can use policy drop to artificially increase the loss rate for all traffic using information about client subscriptions (i.e. speed of access links) and per-connection RTTs such that regular TCP throughput is unaffected, and Multipath TCP traffic is rerouted to other paths when alternatives exist. Policy drop is cheap: our prototype does not hold per flow state and can process in excess of 64B 9Mbps on a single machine, or 40Gbps with Internet-sized packets. Finally, we use game theory to understand the implications of policy drop on the Internet ecosystem. Our results show that policy drop will be widely deployed for low-bandwidth subscriptions, and may be deployed for higher-throughput subscriptions too.

ATL* with truly perfect recall: expressivity and validities

In alternating-time temporal logic ATL*, agents with perfect recall assign choices to sequences of states, i.e., to possible finite histories of the game. However, when a nested strategic modality is interpreted, the new strategy does not take into account the previous sequence of events. It is as if agents collect their observations in the nested game again from scratch, thus effectively forgetting what they observed before. Intuitively, it does not fit the assumption of agents having perfect recall of the past. Recently we have proposed a new semantics for ATL* where the past is not forgotten in nested games [8]. In this paper we give a formal treatment and show that the standard semantics of ATL* coincides with our new semantics in case of agents with perfect information. On the other hand, both kinds of semantics differ if agents have imperfect information about the state of the game. We compare the expressivity of the logics and their sets of validities. The latter characterize general properties of the underlying class of games.

Strategic Behaviour in Multi-Agent Systems Able to Perform Temporal Reasoning

Temporal reasoning and strategic behaviour are important abilities of Multi-Agent Systems. We introduce a method suitable for modelling agents which can store and reason about the evolution of an environment, and which can reason strategically, that is, make a rational and self-interested choice, in an environment where all other agents will behave in the same way. We introduce a game-theoretic formal framework, and provide with a computational characterisation of our solution concepts, which suggests that our method can easily be put into practice.

Modeling Ontologies for Time-Dependent Applications

The typical approach for declaratively reasoning about phenomena that evolves in time is to use a cognitive system centered on the given problem domain ontology as a vehicle for knowledge representation and processing. Current ontological-based approaches are successful only for the static structural description of a given domain of discourse. We present a modeling approach suitable for building and processingontologies for applications where time-dependent evolution is of crucial importance. We also present the underlying concepts that form the basis of our modeling method and describe the temporal graph used for linking these concepts in order to encode the model evolution. That graph can be inspected in order to analyze the current and past events that a model generates, and their effects, and can be used for predicting he future model behavior. We present results on the capability of the modeling method to correctly describe temporal knowledge.