Gurney, Alexander JT
Email Address
ORCID
Disciplines
Search Results
Now showing 1 - 4 of 4
Publication Having Your Cake and Eating It Too: Routing Security with Privacy Protections(2011-11-01) Gurney, Alexander JT; Haeberlen, Andreas; Loo, Boon Thau; Zhuo, Wenchao; Sherr, MicahInternet Service Providers typically do not reveal details of their interdomain routing policies due to security concerns, or for commercial or legal reasons. As a result, it is difficult to hold ISPs accountable for their contractual agreements. Existing solutions can check basic properties, e.g., whether route announcements correspond to valid routes, but they do not verify how these routes were chosen. In essence, today’s Internet forces us to choose between per-AS privacy and verifiability. In this paper, we argue that making this difficult tradeoff is unnecessary. We propose private and verifiable routing (PVR), a technique that enables ISPs to check whether their neighbors are fulfilling their contractual promises to them, and to obtain evidence of any violations, without disclosing information that the routing protocol does not already reveal. As initial evidence that PVR is feasible, we sketch a PVR system that can verify some simple BGP policies. We conclude by highlighting several research challenges as future work.Publication Partial Specification of Routing Configurations(2011-10-01) Gurney, Alexander JT; Jia, Limin; Loo, Boon Thau; Wang, AnduoThe formal analysis of routing protocol configurations for safety properties is well established. Methods exist to identify potential protocol oscillations by analysis of the network topology and route preference information. However, if not all of this information is available, then the existing theory does not apply. We present an analysis of partial specification of protocol instances and apply it to eBGP and iBGP examples, so that potential oscillations can be detected from the incomplete data. This technique is applicable to the incremental design of network configurations, where some parts of the design have been specified but others are not yet known. We also anticipate that automated tools could be used to ‘fill in the blanks’ of a partial configuration in some optimal way. To that end, we show how our analysis can be used to derive constraints on an IGP weight matrix, characterizing the set of possible weights that do not lead to BGP oscillation. We propose that these integer constraints could be used as part of a link weight optimization engine, to achieve some traffic engineering goal while not violating global stability.Publication Reduction-Based Formal Analysis of BGP Instances(2012-01-01) Wang, Anduo; Talcott, Carolyn; Gurney, Alexander JT; Loo, Boon Thau; Scedrov, AndreToday’s Internet interdomain routing protocol, the Border Gateway Protocol (BGP), is increasingly complicated and fragile due to policy misconfigurations by individual autonomous systems (ASes). These misconfigurations are often difficult to manually diagnose beyond a small number of nodes due to the state explosion problem. To aid the diagnosis of potential anomalies, researchers have developed various formal models and analysis tools. However, these techniques do not scale well or do not cover the full set of anomalies. Current techniques use oversimplified BGP models that capture either anomalies within or across ASes, but not the interactions between the two. To address these limitations, we propose a novel approach that reduces network size prior to analysis, while preserving crucial BGP correctness properties. Using Maude, we have developed a toolkit that takes as input a network instance consisting of ASes and their policy configurations, and then performs formal analysis on the reduced instance for safety (protocol convergence). Our results show that our reduction based analysis allows us to analyze significantly larger network instances at low reduction overhead.Publication A Reduction-Based Approach Towards Scaling Up Formal Analysis of Internet Configurations(2013-01-01) Wang, Anduo; Gurney, Alexander JT; Han, Xianglong; Cao, Jinyan; Loo, Boon T; Talcott, Carolyn; Scedrov, AndreThe Border Gateway Protocol (BGP) is the single inter-domain routing protocol that enables network operators within each autonomous system (AS) to influence routing decisions by independently setting local policies on route filtering and selection. This independence leads to fragile networking and makes analysis of policy configurations very complex. To aid the systematic and efficient study of the policy configuration space, this paper presents network reduction, a scalability technique for policy-based routing systems. In network reduction, we provide two types of reduction rules that transform policy configurations by merging duplicate and complementary router configurations to simplify analysis. We show that the reductions are sound, dual of each other and are locally complete. The reductions are also computationally attractive, requiring only local configuration information and modification. We have developed a prototype of network reduction and demonstrated that it is applicable on various BGP systems and enables significant savings in analysis time. In addition to making possible safety analysis on large networks that would otherwise not complete within reasonable time, network reduction is also a useful tool for discovering possible redundancies in BGP systems.