Scalable runtime verification of distributed middleboxes with Aaragog (OSDI 2020)
Перейти к файлу
Nofel Yaseen a4c03b9245 repo rename 2020-10-14 13:57:39 -04:00
C++Verifier documentation added 2020-10-04 14:24:53 -04:00
Setup repo rename 2020-10-14 13:57:39 -04:00
config repo rename 2020-10-14 13:57:39 -04:00
cppkafka@5e4b350806 submodule corrected 2020-09-15 08:38:46 -04:00
firewall repo rename 2020-10-14 13:57:39 -04:00
generateSFA readme files updated 2020-10-05 09:25:09 -04:00
out documentation added 2020-10-04 14:24:53 -04:00
runme repo rename 2020-10-14 13:57:39 -04:00
traffic minor scripting issues 2020-09-09 17:02:41 -04:00
verification syntax error correction 2020-10-04 15:59:14 -04:00
.gitignore minor scripting issues 2020-09-09 17:02:41 -04:00
.gitmodules submodule corrected 2020-09-15 08:38:46 -04:00
CODE_OF_CONDUCT.md Initial CODE_OF_CONDUCT.md commit 2020-09-08 15:41:20 -07:00
LICENSE Initial LICENSE commit 2020-09-08 15:41:21 -07:00
README.md repo rename 2020-10-14 13:57:39 -04:00
SECURITY.md Initial SECURITY.md commit 2020-09-08 15:41:24 -07:00
osdi20-paper162.pdf paper added 2020-09-15 09:30:53 -04:00
parse-config.sh working on pushing to mS branch 2020-09-08 15:58:14 -07:00

README.md

Scalable Runtime Verification of Distributed Middleboxes

Table of Content

Techonologies

  • JAVA 9.0.4
  • Maven
  • z3
  • Symbolic Automata
  • Cppkafka
  • Apache Flink

Setup

Below are the instructions to run the firewall experiment. To set up verifier for you own cloud, please refer to aragog/Setup/cloudSetup.md. The firewall experiment information can be found at aragog/firewall/README.md. We have automated the setup using scripts, but details can be found in aragog/firewall/firewallconf.md.

How to set up cloud lab machines

First click on experiments and then create experiment profile.

Second step is to fill out the name (anything would work). Click on edit source, copy the file ./Setup/cloudlabProfile.txt and paste it in the textbox. Click Accept. Click Create.

In the next screen. Click Instantiate.

Select APT UTAH as the cluster and finish.

Wait for the experiment to get ready.

Invariant Compilation

We have already compiled invariants for firewall and put it out/ folder.

Invariant compilation was tested on MacOS. It requires JDK and maven to run. Instructions to install maven can be found here. For compiling invariants by yourself, please follow these:

git clone --recurse-submodules https://github.com/microsoft/aragog.git
cd aragog/generateSFA
./install_z3.sh
mvn clean package

Example Compilation:

cd aragog/generateSFA
mvn exec:java -Dexec.args="--packet_format ../out/packetformat.json --invar_file ../config/firewall/new_established.invar"

Verifier Setup

Assuming Cloublab is up and running with ssh key in all the servers. Please paste the server list in Setup/servers.txt. It can executed at both macOS and Linux. The default bash on macOS is still bash v3, the script need >= 4. Please follow the instructions here

cd Setup
./setup.sh

For experiment details, please see firewall/README.md

It installs the required software and sets up Apache Flink, Kafka and install the firewall rules accordingly.

Run

It can executed at both macOS and Linux. The default bash on macOS is still bash v3, the script need >= 4. Please follow the instructions here To run the firewall experiment:

cd runme
./runme.sh

Output

The output will be .txt files. Each file for specific invariant. Each line will show the alerts raised.

Authors

This code was mainly written by:

Nofel Yaseen and Vincent Liu

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.