article

What packets may come: automata for network monitoring

Authors:

Karthikeyan Bhargavan,

Satish Chandra,

Peter J. McCann,

Carl A. GunterAuthors Info & Claims

ACM SIGPLAN Notices, Volume 36, Issue 3

Pages 206 - 219

https://doi.org/10.1145/373243.360221

Published: 01 January 2001 Publication History

Abstract

We consider the problem of monitoring an interactive device, such as an implementation of a network protocol, in order to check whether its execution is consistent with its specification. At rst glance, it appears that a monitor could simply follow the input-output trace of the device and check it against the specification. However, if the monitor is able to observe inputs and outputs only from a vantage point external to the device---as is typically the case---the problem becomes surprisingly difficult. This is because events may be bu ered, and even lost, between the monitor and the device, in which case, even for a correctly running device, the trace observed at the monitor could be inconsistent with the specification.In this paper, we formulate the problem of external monitoring as a language recognition problem. Given a specification that accepts a certain language of input-output sequences, we de ne another language that corresponds to input-output sequences observable externally. We also give an algorithm to check membership of a string in the derived language. It turns out that without any assumptions on the specification, this algorithm may take unbounded time and space. To address this problem, we de ne a series of properties of device specifications or protocols that can be exploited to construct e cient language recognizers at the monitor. We characterize these properties and provide complexity bounds for monitoring in each case.To illustrate our methodology, we describe properties of the Internet Transmission Control Protocol (TCP), and identify features of the protocol that make it challenging to monitor e ciently.

References

[1]

G. Berry and G. Gonthier. The Esterel synchronous programming language: Design, semantics, implementation. Science of Computer Programming, 19(2):87- 152, November 1992.

Digital Library

[2]

Karthikeyan Bhargavan, Carl A. Gunter, Moonjoo Kim, Insup Lee, Davor Obradovic, Oleg Sokolsky, and Mahesh Viswanathan. Verisim: Formal analysis of network simulations, August 2000. To appear in: International Symposium on Software Testing and Analysis.

Digital Library

[3]

Karthikeyan Bhargavan, Carl A. Gunter, and Davor Obradovic. A taxonomy of logical network analysis techniques. Technical Report MS-CIS-00-14, University of Pennsylvania, 2000.

[4]

Patrice Godefroid. Model checking for programming languages using VeriSoft. In Proceedings of the 24th ACM Symposium on Principles of Programming Languages, pages 174-186, January 1997.

Digital Library

[5]

Gerard J. Holzmann. Design and Validation of Computer Protocols. Prentice Hall, 1991.

Digital Library

[6]

L. J. Jagadeesan, A. Porter, C. Puchol, J. C. Ramming, and L.G.Votta. Specification-based testing of reactive software: Tools and experiments. In Proceedings of the International Conference on Software Engineering, May 1997.

Digital Library

[7]

D. Lee, K. Sabnani, A. Netravali, B. Sugla, and A. John. Passive testing and its applications to network management. In Proceedings of the International Conference on Network Protocols, 1997.

Digital Library

[8]

I. Lee, S. Kannan, M. Kim, O. Sokolsky, and M.Viswanathan. Runtime assurance based on formal specifications. In Proceedings International Conference on Parallel and Distributed Processing Techniques and Applications, 1999.

[9]

Nancy A. Lynch and Mark R. Tuttle. An introduction to input/output automata. CWI Quaterly, 2(3):219- 246, 1989.

[10]

T.O. O'Malley, D.J. Richardson, and L.K. Dillon. Efficient specification-based test oracles. In Second California Software Symposium (CSS'96), April 1996.

[11]

V. Paxson. Automated packet trace analysis of TCP implementations. Computer Communication Review, 27(4), October 1997.

Digital Library

[12]

V. Paxson. Bro: A system for detecting network intruders in real-time. Computer Networks, 31(23-24):2435- 2463, December 1999.

Digital Library

[13]

V. Paxson. End-to-end internet packet dynamics. IEEE/ACM Transactions on Networking, 7(3):277- 292, June 1999.

Digital Library

[14]

M.J. Ranum, K. Landeld, M. Stolarchuk, M. Sienkiewicz, A. Lambeth, and E. Wall. Implementing a generalized tool for network monitoring. In Proceedings of the Eleventh Systems Administration Conference (LISA XI), pages 1-8, 1997.

Digital Library

[15]

W. Richard Stevens. TCP/IP Illustrated, Volume 1: The Protocols. Addison-Wesley, Reading, Massachusetts, 1994.

Digital Library

Cited By

Wang SSun FZhang HZhan DLi SWang J(2021)EDSM-Based Binary Protocol State Machine ReversingComputers, Materials & Continua10.32604/cmc.2021.01656269:3(3711-3725)Online publication date: 2021
https://doi.org/10.32604/cmc.2021.016562
Zhang YChen JHamdan HToral-Cruz HAkleylek SMcheick HBoubiche D(2017)Modeling virtual channel to enforce runtime properties for IoT servicesProceedings of the Second International Conference on Internet of things, Data and Cloud Computing10.1145/3018896.3025150(1-17)Online publication date: 22-Mar-2017
https://dl.acm.org/doi/10.1145/3018896.3025150
Tsankov PTorabi-Dashti MBasin D(2011)Constructing mid-points for two-party asynchronous protocolsProceedings of the 15th international conference on Principles of Distributed Systems10.1007/978-3-642-25873-2_33(481-496)Online publication date: 13-Dec-2011
https://dl.acm.org/doi/10.1007/978-3-642-25873-2_33
Show More Cited By

Index Terms

What packets may come: automata for network monitoring

Recommendations

What packets may come: automata for network monitoring
POPL '01: Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages

We consider the problem of monitoring an interactive device, such as an implementation of a network protocol, in order to check whether its execution is consistent with its specification. At rst glance, it appears that a monitor could simply follow the ...
RFC 5562: Adding Explicit Congestion Notification (ECN) Capability to TCP's SYN/ACK Packets
RFC 6935: IPv6 and UDP Checksums for Tunneled Packets

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM SIGPLAN Notices

ACM SIGPLAN Notices Volume 36, Issue 3

March 2001

303 pages

ISSN:0362-1340

EISSN:1558-1160

DOI:10.1145/373243

Editors:
Cindy Norris
Appalachian State Univ., Boone, NC
,
James B. Fenwick
Appalachian State Univ., Boone, NC

Issue’s Table of Contents

POPL '01: Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
January 2001
304 pages
ISBN:1581133367
DOI:10.1145/360204
Chairmen:
Chris Hankin
Imperial College, London, U. K.
,
Dave Schmidt
Kansas State Univ., Manhattan

Copyright © 2001 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 January 2001

Published in SIGPLAN Volume 36, Issue 3

Check for updates

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

31
Total Citations
View Citations
583
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 17 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Wang SSun FZhang HZhan DLi SWang J(2021)EDSM-Based Binary Protocol State Machine ReversingComputers, Materials & Continua10.32604/cmc.2021.01656269:3(3711-3725)Online publication date: 2021
https://doi.org/10.32604/cmc.2021.016562
Zhang YChen JHamdan HToral-Cruz HAkleylek SMcheick HBoubiche D(2017)Modeling virtual channel to enforce runtime properties for IoT servicesProceedings of the Second International Conference on Internet of things, Data and Cloud Computing10.1145/3018896.3025150(1-17)Online publication date: 22-Mar-2017
https://dl.acm.org/doi/10.1145/3018896.3025150
Tsankov PTorabi-Dashti MBasin D(2011)Constructing mid-points for two-party asynchronous protocolsProceedings of the 15th international conference on Principles of Distributed Systems10.1007/978-3-642-25873-2_33(481-496)Online publication date: 13-Dec-2011
https://dl.acm.org/doi/10.1007/978-3-642-25873-2_33
Khanna GLaguna IArshad FBagchi S(2007)Distributed Diagnosis of Failures in a Three Tier E-Commerce System2007 26th IEEE International Symposium on Reliable Distributed Systems (SRDS 2007)10.1109/SRDS.2007.16(185-198)Online publication date: Oct-2007
https://doi.org/10.1109/SRDS.2007.16
von Bidder-Senn DBasin DCaronni G(2007)Midpoints Versus Endpoints: From Protocols to FirewallsApplied Cryptography and Network Security10.1007/978-3-540-72738-5_4(46-64)Online publication date: 2007
https://doi.org/10.1007/978-3-540-72738-5_4
Khanna GVaradharajan PBagchi S(2006)Automated Online Monitoring of Distributed Applications through External MonitorsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2006.173:2(115-129)Online publication date: 1-Apr-2006
https://dl.acm.org/doi/10.1109/TDSC.2006.17
Bhargavan KGunter C(2002)Requirements for a Practical Network Event Recognition LanguageElectronic Notes in Theoretical Computer Science10.1016/S1571-0661(04)80574-770:4(1-20)Online publication date: Dec-2002
https://doi.org/10.1016/S1571-0661(04)80574-7
Bushkov VDziuma DFatourou PGuerraoui R(2018)The PCL TheoremJournal of the ACM10.1145/326614166:1(1-66)Online publication date: 12-Dec-2018
https://dl.acm.org/doi/10.1145/3266141
Bishop SFairbairn MMehnert HNorrish MRidge TSewell PSmith MWansbrough K(2018)Engineering with LogicJournal of the ACM10.1145/324365066:1(1-77)Online publication date: 12-Dec-2018
https://dl.acm.org/doi/10.1145/3243650
Zhang JYu P(2018)Broad Learning:ACM SIGKDD Explorations Newsletter10.1145/3229329.322933320:1(24-50)Online publication date: 29-May-2018
https://dl.acm.org/doi/10.1145/3229329.3229333
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents