Strong Detection of Misconfigurations Raj Kumar Rajendran Vishal Misra Dan Rubenstein

Distributed Algorithms Node’s misbehavior can have disastrous consequences: BGP AS7007 incident Important that Nodes detect incorrect implementation by other nodes. Use only information provided by the routing-protocol (e.g. its state) Can I tell if my neighbors are giving me the correct information?

“Weak” Detection can Fail Suppose graph edge lengths є {1,2} No violation of triangle inequality Dest/ Neighbor AB A02 B20 C A B C d(B,C) ≠ 3!!! How do we know if we’ve checked everything we can? Find a property that a node’s state should exhibit Find a method for checking the property Declare misconfiguration if property is violated Eg. Triangle Inequality [DMZ’03]

“Strong” Detection A detection method is “strong” if it always detects all detectable anomalies Given s’ i node i’s state and C={N} the set of allowable networks μ is a strong detection method if, when another node j is misconfigured it either detects a misconfiguration Fails to detect the misconfiguration, but no method exists that can detect misconfiguration from s’ i

Strong Detection in D.V. at node n Take node n’s state, s’ n Use this state to build the canonical graph, M є C Simulate D.V. on M to generate simulated state s n (M) We prove: If s n (M) ≠ s’ n, then misconfiguration detected Else, either there is no misconfiguration, or it is undetectable (using node n’s state) because M might be the actual network Complexity is O(|V| 3 ) Dest/ Neighbo r ABE A0112 B407 C 138 D5912 E964 F 1513 G492 Dest/ Neighbor ABE A0112 B407 C 138 D5912 E964 F 1513 G492 s’ n s n (M) G A B C E F D G A B C n E F D M n