Results 11 - 20
of
133
Declarative Network Verification
, 2009
"... In this paper, we present our initial design and implementation of a declarative network verifier (DNV). DNV utilizes theorem proving, a well established verification technique where logic-based axioms that automatically capture network semantics are generated, and a userdriven proof process is used ..."
Abstract
-
Cited by 35 (16 self)
- Add to MetaCart
(Show Context)
In this paper, we present our initial design and implementation of a declarative network verifier (DNV). DNV utilizes theorem proving, a well established verification technique where logic-based axioms that automatically capture network semantics are generated, and a userdriven proof process is used to establish network correctness properties. DNV takes as input declarative networking specifications written in the Network Datalog (NDlog) query language, and maps that automatically into logical axioms that can be directly used in existing theorem provers to validate protocol correctness. DNV is a significant improvement compared to existing use case of theorem proving which typically require several man-months to construct the system specifications. Moreover, NDlog, a high-level specification, whose semantics are precisely compiled into DNV without loss, can be directly executed as implementations, hence bridging specifications, verification, and implementation. To validate the use of DNV, we present case studies using DNV in conjunction with the PVS theorem prover to verify routing protocols, including eventual properties of protocols in dynamic settings.
Netlog, a rule-based language for distributed programming
- Proceedings of the International Conference on Practical Aspects of Declarative Languages
, 2010
"... Abstract. We propose a rule-based language, Netlog, to express dis-tributed applications such as communication protocols or P2P appli-cations in a declarative manner. The language extends Datalog with communication primitives, as well as aggregation and non-deterministic constructs, standard in netw ..."
Abstract
-
Cited by 30 (7 self)
- Add to MetaCart
(Show Context)
Abstract. We propose a rule-based language, Netlog, to express dis-tributed applications such as communication protocols or P2P appli-cations in a declarative manner. The language extends Datalog with communication primitives, as well as aggregation and non-deterministic constructs, standard in network applications. Our contribution is twofold. First we define a sound distributed fixpoint semantics, which takes ex-plicitly into account the in-node behavior as well as the communication between nodes, and solves semantic problems raised in declarative net-working. Second, we show that syntactic restrictions over the programs can ensure polynomial bounds on the complexity (time and message) of the distributed execution. The language has been implemented and runs over a virtual machine, Netquest, which relies on a DBMS. Netlog pro-grams are partly compiled into SQL queries, which makes them portable over heterogeneous architecture. 1
Evita Raced: Metacompilation for Declarative Networks ABSTRACT
"... Declarative languages have recently been proposed for many new applications outside of traditional data management. Since these are relatively early research efforts, it is important that the architectures of these declarative systems be extensible, in order to accommodate unforeseen needs in these ..."
Abstract
-
Cited by 28 (6 self)
- Add to MetaCart
(Show Context)
Declarative languages have recently been proposed for many new applications outside of traditional data management. Since these are relatively early research efforts, it is important that the architectures of these declarative systems be extensible, in order to accommodate unforeseen needs in these new domains. In this paper, we apply the lessons of declarative systems to the internals of a declarative engine. Specifically, we describe our design and implementation of Evita Raced, an extensible compiler for the OverLog language used in our declarative networking system, P2. Evita Raced is a metacompiler: an OverLog compiler written in OverLog. We describe the minimalist architecture of Evita Raced, including its extensibility interfaces and its reuse of P2’s data model and runtime engine. We demonstrate that a declarative language like OverLog is well-suited to expressing traditional and novel query optimizations as well as other query manipulations, in a compact and natural fashion. Finally, we present initial results of Evita Raced extended with various optimization programs, running on both Internet overlay networks and wireless sensor networks. 1.
Datalog and Emerging Applications: An Interactive Tutorial
"... We are witnessing an exciting revival of interest in recursive Datalog queries in a variety of emerging application domains such as data integration, information extraction, networking, program analysis, security, and cloud computing. This tutorial briefly reviews the Datalog language and recursive ..."
Abstract
-
Cited by 26 (3 self)
- Add to MetaCart
(Show Context)
We are witnessing an exciting revival of interest in recursive Datalog queries in a variety of emerging application domains such as data integration, information extraction, networking, program analysis, security, and cloud computing. This tutorial briefly reviews the Datalog language and recursive query processing and optimization techniques, then discusses applications of Datalog in three application domains: data integration, declarative networking, and program analysis. Throughout the tutorial, we use LogicBlox, a commercial Datalog engine for enterprise software systems, to allow the audience to walk through code examples presented in the tutorial.
Unified Declarative Platform for Secure Networked Information Systems
, 2009
"... We present a unified declarative platform for specifying, implementing, and analyzing secure networked information systems. Our work builds upon techniques from logic-based trust management systems, declarative networking, and data analysis via provenance. We make the following contributions. First ..."
Abstract
-
Cited by 24 (13 self)
- Add to MetaCart
(Show Context)
We present a unified declarative platform for specifying, implementing, and analyzing secure networked information systems. Our work builds upon techniques from logic-based trust management systems, declarative networking, and data analysis via provenance. We make the following contributions. First, we propose the Secure Network Datalog (SeNDlog) language that unifies Binder, a logic-based language for access control in distributed systems, and Network Datalog, a distributed recursive query language for declarative networks. SeNDlog enables network routing, information systems, and their security policies to be specified and implemented within a common declarative framework. Second, we extend existing distributed recursive query processing techniques to execute SeNDlog programs that incorporate authenticated communication among untrusted nodes. Third, we demonstrate that distributed network provenance can be supported naturally within our declarative framework for network security analysis and diagnostics. Finally, using a local cluster and the PlanetLab testbed, we perform a detailed performance study of a variety of secure networked systems implemented using our platform.
Towards a declarative language and system for secure networking
- In NetDB ’07: Proceedings of the 3rd International Workshop on Networking meets Databases
, 2007
"... In this paper, we present a declarative language and system for describing and implementing secure networks. Our proposed language, SeNDlog, is an attempt at unifying Binder, a logic-based language for access control in distributed systems, and Network Datalog (NDlog), a database query language for ..."
Abstract
-
Cited by 23 (3 self)
- Add to MetaCart
(Show Context)
In this paper, we present a declarative language and system for describing and implementing secure networks. Our proposed language, SeNDlog, is an attempt at unifying Binder, a logic-based language for access control in distributed systems, and Network Datalog (NDlog), a database query language for declarative networks. The contributions of this paper are as follows. First, we highlight the similarities and differences between Binder and NDlog with regards to their notion of location, trust model, and evaluation strategies. Second, we motivate and propose the SeNDlog language that combines features from Binder and NDlog. Third, we demonstrate the use of SeNDlog for specifying secure networks and present directions for future work. 1
A Declarative Perspective on Adaptive MANET Routing
"... In this paper, we present a declarative perspective on adaptable extensible MANET protocols. Our work builds upon declarative networking, a recent innovation for building extensible network architectures using declarative languages. We make the following contributions. First, we demonstrate that tra ..."
Abstract
-
Cited by 23 (10 self)
- Add to MetaCart
(Show Context)
In this paper, we present a declarative perspective on adaptable extensible MANET protocols. Our work builds upon declarative networking, a recent innovation for building extensible network architectures using declarative languages. We make the following contributions. First, we demonstrate that traditional MANET protocols, ranging from proactive, reactive, to epidemic can be expressed in a compact fashion as declarative networks, and we validate experimentally the use of declarative techniques to implement traditional MANETs emulated on a testbed cluster. Second, we show that the declarative framework enables policy-driven adaptation, in which a generic set of declarative rule-based policies are used to make runtime decisions on the choice of MANET protocols. Third, we present some initial ideas on fine-grained protocol composition and adaptation, where a typical MANET protocol can be composed and adapted from simpler components.
Towards application-aware anonymous routing
- In Second USENIX Workshop on Hot Topics in Security (HotSec
, 2007
"... This paper investigates the problem of designing anonymity networks that meet application-specific performance and security constraints. We argue that existing anonymity networks take a narrow view of performance by considering only the strength of the offered anonymity. However, real-world applicat ..."
Abstract
-
Cited by 22 (7 self)
- Add to MetaCart
(Show Context)
This paper investigates the problem of designing anonymity networks that meet application-specific performance and security constraints. We argue that existing anonymity networks take a narrow view of performance by considering only the strength of the offered anonymity. However, real-world applications impose a myriad of communication requirements, including end-to-end bandwidth and latency, trustworthiness of intermediary routers, and network jitter. We pose a grand challenge for anonymity: the development of a network architecture that enables applications to customize routes that tradeoff between anonymity and performance. Towards this challenge, we present the Application-Aware Anonymity (A 3) routing service. We envision that A 3 will serve as a powerful and flexible anonymous communications layer that will spur the future development of anonymity services. 1
Recursive Computation of Regions and Connectivity in Networks
, 2008
"... In recent years, data management has begun to consider situations in which data access is closely tied to network routing and distributed acquisition: sensor networks, in which reachability and contiguous regions are of interest; declarative networking, in which shortest paths and reachability are k ..."
Abstract
-
Cited by 22 (14 self)
- Add to MetaCart
(Show Context)
In recent years, data management has begun to consider situations in which data access is closely tied to network routing and distributed acquisition: sensor networks, in which reachability and contiguous regions are of interest; declarative networking, in which shortest paths and reachability are key; distributed and peer-to-peer stream systems, in which we may monitor for associations among data at the distributed sources (e.g., transitive relationships). In each case, the fundamental operation is to maintain a view over dynamic network state; the view is frequently distributed, recursive and may contain aggregation, e.g., describing transitive connectivity, shortest paths, least costly paths, or region membership. Surprisingly, solutions to this problem are often domain-specific, expensive to compute, and incomplete. In this paper, we recast the problem as one of incremental recursive view maintenance in the presence of distributed streams of updates to tuples: new stream data becomes insert operations and tuple expirations become deletions. We develop a set of techniques that maintain information about tuple derivability — a compact form of data provenance. We complement this with techniques to reduce communication: aggregate selections to prune irrelevant aggregation tuples, provenance-aware operators that can determine when tuples are no longer derivable and remove them from their state, and shipping operators that greatly reduce the tuple and provenance information being propagated while still maintaining correct answers. We validate our work in a distributed setting with sensor and network router queries, showing significant gains in bandwidth consumption without sacrificing performance. 1
Towards a Modern Communications API
- In Proceedings of the 6 th Workshop on Hot Topics in Networks (HotNets-VI
, 2007
"... We contend that a new networking API could better serve the needs of data- and service-oriented applications, and could more easily map to heterogeneous environments, than the pervasive Sockets API does. In this paper, we present an initial design of a networking API based on the publish/subscribe p ..."
Abstract
-
Cited by 21 (1 self)
- Add to MetaCart
(Show Context)
We contend that a new networking API could better serve the needs of data- and service-oriented applications, and could more easily map to heterogeneous environments, than the pervasive Sockets API does. In this paper, we present an initial design of a networking API based on the publish/subscribe paradigm, along with an exploration of its security implications, examples to demonstrate several common use cases, and a discussion of how the implementation of such an API could leverage a wide range of networking technologies. We propose this model not as a final design but as the first step towards a wider community discussion of the need for a modern communications API. 1
