| dc.description.abstract | Today’s computing and networking systems are characterized by increasing complexity, multiple administrative domains, diversity of basic components, and increasing uncertainty about their underlying topology and internal structure, cross-layer interactions, and administration policies. While the complexity of network systems has increased dramatically, the basic process of design, construction, optimization, and verification has not kept pace. As a result, the current process of development of network protocols and systems is extremely inefficient, error prone, and does not scale well for large networks. While design typically uses a high level of abstraction; construction, optimization, and verification of practical systems still primarily involve low-level systems programming languages. The advent of the Software-Defined Networking (SDN) has only exacerbated the problem. While SDN has emerged as a transformational tool for building next generation communication network and services that offer a greater degree of flexibility to network designers and operations, the complexity of the constructing SDN systems is orders of magnitude higher than that of the traditional (non-SDN) systems. For example, the SDN framework makes it far too easy for programmers to unwittingly configure data paths that violate protocol definitions and various networking standards that define when a packet is valid. Moreover, SDN programs present unique safety challenges above and beyond traditional programming language libraries and run-times. Due to the practical importance of the emerging SDN architectures, large research and industrial populations are interested in solutions to these problems.
This dissertation introduces techniques and tools that can be used to construct safe and efficient dataplane configurations and control plane programs. First, we focus on eliminating certain classes of vulnerabilities present in binary format network protocols using OpenFlow as the message layer. Second, we introduce an abstraction that factors the complexity of an OpenFlow dataplane into a simple model that supports programmer reasoning. Third, we introduce a system that leverages simplified OpenFlow abstractions to support automatic dataplane safety checks as well as program transformations given runtime hardware limitations. Finally, we introduce techniques for handling resource starvation at the dataplane level encountered during large scale Denial of Service (DoS) attacks. Our work has contributed to understanding the foundation of the design of provably correct and secure computer and networking systems in general and in the SDN environments in particular. The methodology developed in the course of this project contributes to rapid development of vulnerability-free, safe and secure systems and will greatly benefits researchers, industry developers, and educators. This research led to the creation of Flowgrammable, a non-profit focused on education and research, which has produced libraries and simulators used by 1,000s of developers, researchers and students across the SDN/OpenFlow community. | en |
