IEICE TRANSACTIONS on Information
Verikube: Automatic and Efficient Verification for Container Network Policies
Summary :
Recently, Linux Container has been the de-facto standard for a cloud system, enabling cloud providers to create a virtual environment in a much more scaled manner. However, configuring container networks remains immature and requires automatic verification for efficient cloud management. We propose Verikube, which utilizes a novel graph structure representing policies to reduce memory consumption and accelerate verification. Moreover, unlike existing works, Verikube is compatible with the complex semantics of Cilium Policy which a cloud adopts from its advantage of performance. Our evaluation results show that Verikube performs at least seven times better for memory efficiency, at least 1.5 times faster for data structure management, and 20K times better for verification.
- Publication
- IEICE TRANSACTIONS on Information Vol.E105-D No.12 pp.2131-2134
- Publication Date
- 2022/12/01
- Publicized
- 2022/08/26
- Online ISSN
- 1745-1361
- DOI
- 10.1587/transinf.2022EDL8046
- Type of Manuscript
- LETTER
- Category
- Information Network
Authors
Haney KANG
KAIST
Seungwon SHIN
KAIST
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Haney KANG, Seungwon SHIN, "Verikube: Automatic and Efficient Verification for Container Network Policies" in IEICE TRANSACTIONS on Information,
vol. E105-D, no. 12, pp. 2131-2134, December 2022, doi: 10.1587/transinf.2022EDL8046.
Abstract: Recently, Linux Container has been the de-facto standard for a cloud system, enabling cloud providers to create a virtual environment in a much more scaled manner. However, configuring container networks remains immature and requires automatic verification for efficient cloud management. We propose Verikube, which utilizes a novel graph structure representing policies to reduce memory consumption and accelerate verification. Moreover, unlike existing works, Verikube is compatible with the complex semantics of Cilium Policy which a cloud adopts from its advantage of performance. Our evaluation results show that Verikube performs at least seven times better for memory efficiency, at least 1.5 times faster for data structure management, and 20K times better for verification.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2022EDL8046/_p
Copy
@ARTICLE{e105-d_12_2131,
author={Haney KANG, Seungwon SHIN, },
journal={IEICE TRANSACTIONS on Information},
title={Verikube: Automatic and Efficient Verification for Container Network Policies},
year={2022},
volume={E105-D},
number={12},
pages={2131-2134},
abstract={Recently, Linux Container has been the de-facto standard for a cloud system, enabling cloud providers to create a virtual environment in a much more scaled manner. However, configuring container networks remains immature and requires automatic verification for efficient cloud management. We propose Verikube, which utilizes a novel graph structure representing policies to reduce memory consumption and accelerate verification. Moreover, unlike existing works, Verikube is compatible with the complex semantics of Cilium Policy which a cloud adopts from its advantage of performance. Our evaluation results show that Verikube performs at least seven times better for memory efficiency, at least 1.5 times faster for data structure management, and 20K times better for verification.},
keywords={},
doi={10.1587/transinf.2022EDL8046},
ISSN={1745-1361},
month={December},}
Copy
TY - JOUR
TI - Verikube: Automatic and Efficient Verification for Container Network Policies
T2 - IEICE TRANSACTIONS on Information
SP - 2131
EP - 2134
AU - Haney KANG
AU - Seungwon SHIN
PY - 2022
DO - 10.1587/transinf.2022EDL8046
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E105-D
IS - 12
JA - IEICE TRANSACTIONS on Information
Y1 - December 2022
AB - Recently, Linux Container has been the de-facto standard for a cloud system, enabling cloud providers to create a virtual environment in a much more scaled manner. However, configuring container networks remains immature and requires automatic verification for efficient cloud management. We propose Verikube, which utilizes a novel graph structure representing policies to reduce memory consumption and accelerate verification. Moreover, unlike existing works, Verikube is compatible with the complex semantics of Cilium Policy which a cloud adopts from its advantage of performance. Our evaluation results show that Verikube performs at least seven times better for memory efficiency, at least 1.5 times faster for data structure management, and 20K times better for verification.
ER -
English
