Tongxin xuebao (Mar 2023)
Design, implementation and formal verification of BGP proxy for mimic router
Abstract
To ensure the safety and correctness of the critical ‘mimic bracket’ components such as protocol proxies of mimic routers, a BGP (border gateway protocol) proxy was designed and implemented, and formal methods were applied to verify the safety and correctness of the BGP proxy.The BGP packets communicated between the peer routers and the master actor were monitored by the BGP proxy.The BGP sessions with the slave actors on behalf of peer routers were established, ensuring the consistency of the BGP protocol states for all actors.The formal specification of the BGP proxy was written based on separation logic.The VeriFast theorem prover was used to prove that the program had no memory safety problems such as null pointer reference.Furthermore, the formal verification of high-level attributes of each module in BGP proxy was also conducted to strictly ensure that the implementation met the specification.The implementation to proof code ratio of BGP proxy is about 1.8:1, and the implementation to proof labor hour ratio is about 1:3.The formally verified BGP proxy consume 0.16 seconds to process 100 000 BGP routes, which is about 7 times as long as the unverified one.Works done provide a reference for applying formal methods to verify the safety and correctness of critical components in mimic defense equipment and systems.
