NeTS: Medium: From Verification to Synthesis in Software Defined Networks
NeTS:媒介:软件定义网络从验证到综合
基本信息
- 批准号:1513906
- 负责人:
- 金额:$ 120万
- 依托单位:
- 依托单位国家:美国
- 项目类别:Continuing Grant
- 财政年份:2015
- 资助国家:美国
- 起止时间:2015-10-01 至 2020-09-30
- 项目状态:已结题
- 来源:
- 关键词:
项目摘要
Every aspect of our society, from business, to government, to medicine and the sciences, is now tightly intertwined with the functioning of computer networks such as the Internet. Unfortunately, modern computer networks are extremely complicated, making them prone to implementation errors and misconfigurations, which can lead to vulnerabilities and other avenues to attack. To address this challenge, this project is designing and implementing systems which automatically verify correctness of network behavior, and correct vulnerabilities and errors in operational networks. These systems can provide immediate practical assistance to protecting networks and critical infrastructure against the attacks and cyberthreats we read about in the news every day.The project's technology functions by scanning a network, constructing a formal model of the network's behavior, and using custom formal logic algorithms to automatically derive diagnoses and repairs to network state. The core technical approach is founded on data-plane verification (DPV), which models network-wide properties using a view of the network that is as close as possible to the network's actual running behavior, i.e., the data plane: forwarding tables contained in routers, switches, firewalls, and other networking equipment. This low-level view allows DPV to catch and prevent errors that other tools miss, and provides a framework for the unified analysis of heterogeneous, multi-protocol networks.Intellectual Merit: This research is designing new algorithms to detect, prevent, and repair errors in complex networks. To achieve this, the researchers are developing a new class of formal methods to efficiently model network properties such as reachability, as well as techniques to store and query these models in real time. The researchers are also developing systems based on these algorithms to quickly and correctly localize faults, repair them before they can affect live networks, and deploy operating environments based on software-defined networking that automate application of their techniques. This research is shedding light on the ability to formally model networks, and is building insights into how to design networks and network protocols that have strong security properties from first principles. The work will also help enable interdisciplinary research across formal methods and networking disciplines, with the common goal of enabling highly available networking infrastructures.Broader Impacts: The results of this research will significantly enhance reliability and security of critical network infrastructure, and ease network management tasks. Being able to construct networks that can provide formal guarantees on the correctness and resilience of packet forwarding would have significant economic impact, by making networks more reliable and cost-effective. Networks that can deal reliably with rarely encountered exceptions are an essential component of attack survival and recovery for business and government communication systems. The techniques developed in this research will also improve resilience to misconfigurations, which may accelerate deployment of networks in underdeveloped and rural areas lacking experienced network operators with resources to troubleshoot network problems. Finally, the project is training students on cutting-edge and cross-disciplinary research in networking, formal methods, and security.
我们社会的每一个方面,从商业到政府,到医学和科学,现在都与像互联网这样的计算机网络的功能紧密地交织在一起。不幸的是,现代计算机网络极其复杂,容易出现实现错误和错误配置,从而导致漏洞和其他攻击途径。为了应对这一挑战,该项目正在设计和实现自动验证网络行为正确性的系统,并纠正运行网络中的漏洞和错误。这些系统可以为保护网络和关键基础设施免受我们每天在新闻中看到的攻击和网络威胁提供即时的实际帮助。该项目的技术功能是扫描网络,构建网络行为的形式化模型,并使用自定义的形式化逻辑算法自动导出网络状态的诊断和修复。核心技术方法建立在数据平面验证(DPV)的基础上,它使用尽可能接近网络实际运行行为的网络视图(即数据平面:路由器、交换机、防火墙和其他网络设备中包含的转发表)对网络范围的属性进行建模。这种低级视图允许DPV捕捉和防止其他工具遗漏的错误,并为异构、多协议网络的统一分析提供框架。智力优势:这项研究设计了新的算法来检测、预防和修复复杂网络中的错误。为了实现这一目标,研究人员正在开发一类新的形式化方法来有效地建模网络属性,如可达性,以及实时存储和查询这些模型的技术。研究人员还在开发基于这些算法的系统,以快速、正确地定位故障,在故障影响现有网络之前进行修复,并基于软件定义网络部署操作环境,自动应用他们的技术。这项研究揭示了对网络进行形式化建模的能力,并为如何从第一原则设计具有强大安全属性的网络和网络协议提供了见解。这项工作还将有助于实现跨正式方法和网络学科的跨学科研究,共同目标是实现高度可用的网络基础设施。更广泛的影响:本研究的结果将显著提高关键网络基础设施的可靠性和安全性,并简化网络管理任务。能够构建能够对数据包转发的正确性和弹性提供正式保证的网络,通过使网络更可靠和更具成本效益,将产生重大的经济影响。能够可靠地处理很少遇到的异常的网络是企业和政府通信系统攻击生存和恢复的重要组成部分。本研究中开发的技术还将提高对错误配置的弹性,这可能会加速在缺乏经验丰富的网络运营商和资源来解决网络问题的农村地区部署网络。最后,该项目在网络、形式化方法和安全性方面对学生进行前沿和跨学科研究方面的培训。
项目成果
期刊论文数量(0)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)
数据更新时间:{{ journalArticles.updateTime }}
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
数据更新时间:{{ journalArticles.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ monograph.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ sciAawards.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ conferencePapers.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ patent.updateTime }}
Philip Godfrey其他文献
Philip Godfrey的其他文献
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
{{ truncateString('Philip Godfrey', 18)}}的其他基金
NeTS: Medium: SLATE: Service Layer Traffic Engineering
NeTS:媒介:SLATE:服务层流量工程
- 批准号:
2312714 - 财政年份:2023
- 资助金额:
$ 120万 - 项目类别:
Standard Grant
NSF-BSF: CNS Core: Small: Machine Learning for Real-Time Network Rate Control
NSF-BSF:CNS 核心:小型:用于实时网络速率控制的机器学习
- 批准号:
2008971 - 财政年份:2020
- 资助金额:
$ 120万 - 项目类别:
Standard Grant
NeTS: Medium: Collaborative Research: The Internet at the Speed of Light
NeTS:媒介:协作研究:光速的互联网
- 批准号:
1763841 - 财政年份:2018
- 资助金额:
$ 120万 - 项目类别:
Standard Grant
NeTS: Small: Designing Networks for High Throughput
NetS:小型:设计高吞吐量网络
- 批准号:
1423452 - 财政年份:2014
- 资助金额:
$ 120万 - 项目类别:
Standard Grant
CAREER: Flexible Networks with Source Control
职业:具有源代码控制的灵活网络
- 批准号:
1149895 - 财政年份:2012
- 资助金额:
$ 120万 - 项目类别:
Continuing Grant
FIA: Collaborative Research: Architecting for Innovation
FIA:协作研究:创新架构
- 批准号:
1040396 - 财政年份:2010
- 资助金额:
$ 120万 - 项目类别:
Standard Grant
NeTS: Small: Scaling Routing: From Theory to Practice (and Back Again)
NetS:小型:扩展路由:从理论到实践(然后再回来)
- 批准号:
1017069 - 财政年份:2010
- 资助金额:
$ 120万 - 项目类别:
Continuing Grant
EAGER: Adaptive Source Routing on GENI
EAGER:GENI 上的自适应源路由
- 批准号:
1050146 - 财政年份:2010
- 资助金额:
$ 120万 - 项目类别:
Standard Grant
New Approaches to Protecting Transportation Infrastructure
保护交通基础设施的新方法
- 批准号:
0900226 - 财政年份:2009
- 资助金额:
$ 120万 - 项目类别:
Standard Grant
相似海外基金
NeTS: Medium: Foundations and Applications of Modular Verification of Networks
NeTS:媒介:网络模块化验证的基础和应用
- 批准号:
2312539 - 财政年份:2023
- 资助金额:
$ 120万 - 项目类别:
Continuing Grant
Medium- and long-term verification of developing competencies on lesson design and learning assessment through lesson study based on learning science
通过基于学习科学的课程研究,对课程设计和学习评估能力的发展进行中长期验证
- 批准号:
23K02727 - 财政年份:2023
- 资助金额:
$ 120万 - 项目类别:
Grant-in-Aid for Scientific Research (C)
RI: Medium: Foundations of Recourse Verification in Machine Learning
RI:媒介:机器学习资源验证的基础
- 批准号:
2313105 - 财政年份:2023
- 资助金额:
$ 120万 - 项目类别:
Standard Grant
Collaborative Research: FET: Medium: Engineering DNA and RNA computation through simulation, sequence design, and experimental verification
合作研究:FET:中:通过模拟、序列设计和实验验证进行 DNA 和 RNA 计算
- 批准号:
2211792 - 财政年份:2022
- 资助金额:
$ 120万 - 项目类别:
Continuing Grant
Collaborative Research: SHF: Medium: Integrated Verification of IoT and Real-time Communication Protocols
合作研究:SHF:中:物联网和实时通信协议的集成验证
- 批准号:
2211996 - 财政年份:2022
- 资助金额:
$ 120万 - 项目类别:
Standard Grant
Collaborative Research: FET: Medium: Engineering DNA and RNA computation through simulation, sequence design, and experimental verification
合作研究:FET:中:通过模拟、序列设计和实验验证进行 DNA 和 RNA 计算
- 批准号:
2211793 - 财政年份:2022
- 资助金额:
$ 120万 - 项目类别:
Continuing Grant
Collaborative Research: CNS Core: Medium: Robust Behavioral Analysis and Synthesis of Network Control Protocols Using Formal Verification
合作研究:CNS 核心:中:使用形式验证的网络控制协议的鲁棒行为分析和综合
- 批准号:
2212102 - 财政年份:2022
- 资助金额:
$ 120万 - 项目类别:
Standard Grant
Collaborative Research: CNS Core: Medium: Robust Behavioral Analysis and Synthesis of Network Control Protocols Using Formal Verification
合作研究:CNS 核心:中:使用形式验证的网络控制协议的鲁棒行为分析和综合
- 批准号:
2212103 - 财政年份:2022
- 资助金额:
$ 120万 - 项目类别:
Standard Grant
Collaborative Research: SHF: Medium: Integrated Verification of IoT and Real-time Communication Protocols
合作研究:SHF:中:物联网和实时通信协议的集成验证
- 批准号:
2211997 - 财政年份:2022
- 资助金额:
$ 120万 - 项目类别:
Standard Grant
Collaborative Research: FET: Medium: Engineering DNA and RNA computation through simulation, sequence design, and experimental verification
合作研究:FET:中:通过模拟、序列设计和实验验证进行 DNA 和 RNA 计算
- 批准号:
2211794 - 财政年份:2022
- 资助金额:
$ 120万 - 项目类别:
Continuing Grant