Visible to the public Scalable Impact Range Detection against Newly Added Rules for Smart Network Verification

TitleScalable Impact Range Detection against Newly Added Rules for Smart Network Verification
Publication TypeConference Paper
Year of Publication2020
AuthorsTakita, Yutaka, Miyabe, Masatake, Tomonaga, Hiroshi, Oguchi, Naoki
Conference Name2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC)
KeywordsAccess Control, cloud computing, compositionality, detection algorithms, Firewalls (computing), Hasse diagram, impact range recognition, Internet of Things, IP networks, network verification, packet equivalence class, packet forwarding, Predictive Metrics, pubcrawl, Resiliency, Scalability, scalable verification, Servers
AbstractTechnological progress in cloud networking, 5G networks, and the IoT (Internet of Things) are remarkable. In addition, demands for flexible construction of SoEs (Systems on Engagement) for various type of businesses are increasing. In such environments, dynamic changes of network rules, such as access control (AC) or packet forwarding, are required to ensure function and security in networks. On the other hand, it is becoming increasingly difficult to grasp the exact situation in such networks by utilizing current well-known network verification technologies since a huge number of network rules are complexly intertwined. To mitigate these issues, we have proposed a scalable network verification approach utilizing the concept of "Packet Equivalence Class (PEC)," which enable precise network function verification by strictly recognizing the impact range of each network rule. However, this approach is still not scalable for very large-scale networks which consist of tens of thousands of routers. In this paper, we enhanced our impact range detection algorithm for practical large-scale networks. Through evaluation in the network with more than 80,000 AC rules, we confirmed that our enhanced algorithm can achieve precise impact range detection in under 600 seconds.
Citation Keytakita_scalable_2020