SymNet: Scalable symbolic execution for modern networks

We present SymNet, a network static analysis tool based on symbolic execution. SymNet injects symbolic packets and tracks their evolution through the network. Our key novelty is SEFL, a language we designed for expressing data plane processing in a symbolic-execution friendly manner. SymNet statically analyzes an abstract data plane model that consists of the SEFL code for every node and the links between nodes. SymNet can check networks containing routers with hundreds of thousands of prefixes and NATs in seconds, while verifying packet header memory-safety and covering network functionality such as dynamic tunneling, stateful processing and encryption. We used SymNet to debug mid- dlebox interactions from the literature, to check properties of our department’s network and the Stanford backbone. Modeling network functionality is not easy. To aid users we have developed parsers that automatically generate SEFL models from router and switch tables, firewall configura- tions and arbitrary Click modular router configurations. The parsers rely on prebuilt models that are exact and fast to an- alyze. Finally, we have built an automated testing tool that combines symbolic execution and testing to check whether the model is an accurate representation of the real code.

• Publication year

  2016

• Venue

  Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication

• Publication date

  2016-04-11

• Fields of study

  Computer Science, Engineering

• Identifiers
  DOI 10.1145/2934872.2934881arXiv 1604.02847
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• BUZZ: Testing Context-Dependent Policies in Stateful Networks

  2016cited by this paper
• A General Approach to Network Configuration Analysis

  2015cited by this paper
• Checking Beliefs in Dynamic Networks

  2015cited by this paper
• Scalable Testing of Context-Dependent Policies over Stateful Data Planes with Armstrong

  2015cited by this paper
• Experiences Deploying a Transparent Split TCP Middlebox and the Implications for NFV

  2015cited by this paper
• Automatic Test Packet Generation

  2014cited by this paper
• NetKAT: semantic foundations for networks

  2014cited by this paper
• Verifying Isolation Properties in the Presence of Middleboxes

  2014cited by this paper
• Real Time Network Policy Checking Using Header Space Analysis

  2013cited by this paper
• -OVERIFY: Optimizing Programs for Fast Verification

  2013cited by this paper
• VeriFlow: verifying network-wide invariants in real time

  2012cited by this paper
• Header Space Analysis: Static Checking for Networks

  2012cited by this paper
• A NICE Way to Test OpenFlow Applications

  2012cited by this paper
• Frenetic: a network programming language

  2011influential reference
• Debugging the data plane with anteater

  2011cited by this paper
• KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs

  2008cited by this paper
• Z3: An Efficient SMT Solver

  2008cited by this paper
• Detecting BGP configuration faults with static analysis

  2005cited by this paper
• On static reachability analysis of IP networks

  2005cited by this paper
• Generalized Symbolic Execution for Model Checking and Testing

  2003cited by this paper
• Formal verification of standards for distance vector routing protocols

  2002cited by this paper
• The Click modular router

  1999cited by this paper
• This Paper Is Included in the Proceedings of the 11th Usenix Symposium on Networked Systems Design and Implementation (nsdi '14). Software Dataplane Verification Software Dataplane Verification

  year unknowncited by this paper

• Static Analysis Techniques for Embedded, Cyber-Physical, and Electronic Software Systems: A Comprehensive Survey

  2026cites this paper
• Argo: An efficient verification framework for distributed in-network computing

  2025cites this paper
• Enabling Symbolic Execution for Hardware TCP/IP Stack based on AMD Vitis HLS

  2025cites this paper
• New Evolution of Hoyan: Enhancing Scalability, Usability, and Accuracy for Alibaba's Global WAN Verification

  2025cites this paper
• SafeMigration: Safe Large-scale Migration Planning via Symbolic Execution

  2025cites this paper
• Optimal ACL Policy Placement in Hybrid SDN Networks: A Reinforcement Learning Approach

  2025cites this paper
• LIFT: Automating Symbolic Execution Optimization with Large Language Models for AI Networks

  2025cites this paper
• Verifying maximum link loads in a changing world

  2025cites this paper
• Fast and Scalable Data Plane Verification for Burst Updates With Edge-Predicate

  2025cites this paper
• Verifying Network-level Properties for Large-scale Networks with Header Transformations in Realtime

  2025cites this paper
• HOL4P4: Mechanized Small-Step Semantics for P4

  2024cites this paper
• LFVeri: Network Configuration Verification for Virtual Private Cloud Networks

  2024cites this paper
• VERCEL: Verification and Rectification of Configuration Errors With Least Squares

  2024cites this paper
• P4Inv: Inferring Packet Invariants for Verification of Stateful P4 Programs

  2024cites this paper
• A General and Efficient Approach to Verifying Traffic Load Properties under Arbitrary k Failures

  2024cites this paper
• Rethinking DNS Configuration Verification with a Distributed Architecture

  2024cites this paper
• Proactively Verifying Quantitative Network Policy Across Unsafe and Unreliable Environments

  2024cites this paper
• A Two-Fold Traffic Flow Model for Network Security Management

  2024influential citation
• EPVerifier: Accelerating Update Storms Verification with Edge-Predicate

  2024cites this paper
• Empowering Network Security With Programmable Switches: A Comprehensive Survey

  2023cites this paper
• Kano: Efficient Cloud Native Network Policy Verification

  2023influential citation
• HIVE: Scalable Hardware-Firmware Co-Verification Using Scenario-Based Decomposition and Automated Hint Extraction

  2023cites this paper
• Lessons from the evolution of the Batfish configuration analysis tool

  2023cites this paper
• Packet processing and data plane program verification: A survey with tools, techniques, and challenges

  2023influential citation
• A General Approach to Generate Test Packets With Network Configurations

  2023cites this paper
• Symbolic ns-3 for Efficient Exhaustive Testing: Design, Implementation, and Simulations

  2022cites this paper
• A review on computational tools for analytical visualisation and molecular interactions of sncRNAs: prospects in NDDs

  2022cites this paper
• HOL4P4: semantics for a verified data plane

  2022cites this paper
• P4Testgen: An Extensible Test Oracle For P4

  2022cites this paper
• A Simple Approach to Verify and Debug Data Plane Programs

  2022cites this paper
• A Low-Overhead and High-Precision Attack Traceback Scheme with Combination Bloom Filters

  2022cites this paper
• Meissa: scalable network testing for programmable data planes

  2022cites this paper
• Security Automation using Traffic Flow Modeling

  2022cites this paper
• Optimizing distributed firewall reconfiguration transients

  2022cites this paper
• Automatic, verifiable and optimized policy-based security enforcement for SDN-aware IoT networks

  2022cites this paper
• Improving network resilience with Middlebox Minions

  2022cites this paper
• Accelerating BGP Configuration Verification Through Reducing Cycles in SMT Constraints

  2022cites this paper
• Performance Interfaces for Network Functions

  2022cites this paper
• Efficient Protocol Testing Under Temporal Uncertain Event Using Discrete-event Network Simulations

  2022cites this paper
• SAND: semi-automated adaptive network defense via programmable rule generation and deployment

  2022cites this paper
• A survey on security applications of P4 programmable switches and a STRIDE-based vulnerability assessment

  2022cites this paper
• Improving the Formal Verification of Reachability Policies in Virtualized Networks

  2021influential citation
• An Exhaustive Survey on P4 Programmable Data Plane Switches: Taxonomy, Applications, Challenges, and Future Trends

  2021cites this paper
• Verifying Network Properties in SRv6 based Service Function Chaining

  2021influential citation
• Tardis: A Fault-Tolerant Design for Network Control Planes

  2021cites this paper
• Determination of throughput guarantees for processor-based SmartNICs

  2021cites this paper
• Ultrasound Triggered ZnO‐Based Devices for Tunable and Multifaceted Biomedical Applications

  2021cites this paper
• Continuous Verification of Network Security Compliance

  2021cites this paper
• Component-based Error Detection of P4 programs

  2021cites this paper
• Aquila: a practically usable verification system for production-scale programmable data planes

  2021cites this paper
• Netter: Probabilistic, Stateful Network Models

  2021cites this paper
• Dynamic Property Enforcement in Programmable Data Planes

  2021cites this paper
• A Framework for eBPF-Based Network Functions in an Era of Microservices

  2021cites this paper
• Probabilistic profiling of stateful data planes for adversarial testing

  2021cites this paper
• Automatically derived stateful network functions including non-field attributes

  2021cites this paper
• Flow Algebra: Towards an Efficient, Unifying Framework for Network Management Tasks

  2021cites this paper
• Fast Configuration Change Impact Analysis for Network Overlay Data Center Networks

  2020cites this paper
• Towards Model Checking Real-World Software-Defined Networks

  2020cites this paper
• NetSMC: A Custom Symbolic Model Checker for Stateful Network Verification

  2020cites this paper
• Toward Comprehensive Network Verification: Practices, Challenges and Beyond

  2020cites this paper
• Automated Verification of Customizable Middlebox Properties with Gravel

  2020cites this paper
• APKeep: Realtime Verification for Real Networks

  2020cites this paper
• Liveness Verification of Stateful Network Functions

  2020cites this paper
• Gauntlet: Finding Bugs in Compilers for Programmable Packet Processing

  2020cites this paper
• Assisting reachability verification of network configurations updates with NUV

  2020cites this paper
• P4 Switch Code Data Flow Analysis: Towards Stronger Verification of Forwarding Plane Software

  2020cites this paper
• bf4: towards bug-free P4 programs

  2020cites this paper
• Accuracy, Scalability, Coverage: A Practical Configuration Verifier on a Global WAN

  2020cites this paper
• Model Checking Software-Defined Networks with Flow Entries that Time Out

  2020cites this paper
• Data Quality Model-based Testing of Information Systems

  2020cites this paper
• Feasibility analysis for reduction of carbon footprint in a wastewater treatment plant

  2020influential citation
• AED: incrementally synthesizing policy-compliant and manageable configurations

  2020cites this paper
• Symbolic Execution for Network Functions with Time-Driven Logic

  2020influential citation
• Enhancing Performance, Security, and Management in Network Function Virtualization

  2020cites this paper
• DAI: Dynamic ACL Policy Implementation for Software-Defined Networking

  2020cites this paper
• Rethinking Software Network Data Planes in the Era of Microservices

  2020cites this paper
• Probabilistic Profiling of Stateful Data Planes for Adversarial Testing (Extended Abstract)

  2020influential citation
• HybridSFC: Accelerating Service Function Chains with Parallelism

  2019cites this paper
• Dynamic Property Enforcement in Programmable Data Planes

  2019cites this paper
• Formally specifying and checking policies and anomalies in service function chaining

  2019cites this paper
• A Framework for Verification-Oriented User-Friendly Network Function Modeling

  2019influential citation
• Safely and automatically updating in-network ACL configurations with intent language

  2019cites this paper
• A VNF modeling approach for verification purposes

  2019influential citation
• How to Avoid Making a Billion-Dollar Mistake: Type-Safe Data Plane Programming with SafeP4

  2019cites this paper
• MSAID: Automated detection of interference in multiple SDN applications

  2019cites this paper
• Position Papers of the 2019 Federated Conference on Computer Science and Information Systems, FedCSIS 2019, Leipzig, Germany, September 1-4, 2019

  2019cites this paper
• Name Space Analysis: Verification of Named Data Network Data Planes

  2019cites this paper
• A formal method to detect possible P4 16 specific errors

  2019cites this paper
• Formal modeling and verification of software‐defined networks: A survey

  2019cites this paper
• Model-Agnostic and Efficient Exploration of Numerical State Space of Real-World TCP Congestion Control Implementations

  2019cites this paper
• Alembic: Automated Model Inference for Stateful Network Functions

  2019influential citation
• Performance Contracts for Software Network Functions

  2019cites this paper
• Dataplane equivalence and its applications

  2019influential citation
• Improving network flexibility

  2019cites this paper
• Fault Management in Software-Defined Networking: A Survey

  2019cites this paper
• A Survey on Network Verification and Testing With Formal Methods: Approaches and Challenges

  2019influential citation
• Extended Finite State Machine based test generation for an OpenFlow switch

  2019cites this paper
• Automated Finite State Machine Extraction

  2019cites this paper
• Verifying software network functions with no verification expertise

  2019cites this paper
• Net2Text: Query-Guided Summarization of Network Forwarding Behaviors

  2018cites this paper