Formal specification and testing of QUIC

Authors:
Kenneth L. McMillan

Microsoft Research

Microsoft Research
View Profile

,
Lenore D. Zuck

University of Illinois

University of Illinois
View Profile

SIGCOMM '19: Proceedings of the ACM Special Interest Group on Data CommunicationAugust 2019Pages 227–240https://doi.org/10.1145/3341302.3342087

Published:19 August 2019Publication History

SIGCOMM '19: Proceedings of the ACM Special Interest Group on Data Communication

Pages 227–240

ABSTRACT

QUIC is a new Internet secure transport protocol currently in the process of IETF standardization. It is intended as a replacement for the TLS/TCP stack and will be the basis of HTTP/3, the next official version of the hypertext transfer protocol. As a result, it is likely, in the near future, to carry a substantial fraction of traffic on the Internet. We describe our experience applying a methodology of compositional specification-based testing to QUIC. We develop a formal specification of the wire protocol, and use this specification to generate automated randomized testers for implementations of QUIC. The testers effectively take one role of the QUIC protocol, interacting with the other role to generate full protocol executions, and verifying that the implementations conform to the formal specification. This form of testing generates significantly more diverse stimuli and stronger correctness criteria than interoperability testing, the primary method used to date to validate QUIC and its implementations. As a result, numerous implementation errors have been found. These include some vulnerabilities at the protocol and implementation levels, such as an off-path denial of service scenario and an information leak similar to the "heartbleed" vulnerability in OpenSSL.

Supplemental Material

p227-mcmillan.mp4

mp4

1.3 GB

Download

References

Rajeev Alur, Pavol Černý, P. Madhusudan, and Wonhong Nam. 2005. Synthesis of interface specifications for Java classes. In Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2005, Long Beach, California, USA, January 12-14, 2005. ACM, 98--109. Google ScholarDigital Library
Clark W. Barrett, Roberto Sebastiani, Sanjit A. Seshia, and Cesare Tinelli. 2009. Satisfiability Modulo Theories. In Handbook of Satisfiability, Armin Biere, Marijn Heule, Hans van Maaren, and Toby Walsh (Eds.). Frontiers in Artificial Intelligence and Applications, Vol. 185. IOS Press, 825--885.Google Scholar
Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cédric Fournet, Markulf Kohlweiss, Alfredo Pironti, Pierre-Yves Strub, and Jean Karim Zinzindohoue. 2015. A Messy State of the Union: Taming the Composite State Machines of TLS. In 2015 IEEE Symposium on Security and Privacy, SP 2015, San Jose, CA, USA, May 17-21, 2015. IEEE Computer Society, 535--552. Google ScholarDigital Library
Karthikeyan Bhargavan, Cédric Fournet, Markulf Kohlweiss, Alfredo Pironti, and Pierre-Yves Strub. 2013. Implementing TLS with Verified Cryptographic Security. In 2013 IEEE Symposium on Security and Privacy, SP 2013, Berkeley, CA, USA, May 19-22, 2013. IEEE, 445--459. Google ScholarDigital Library
Steve Bishop, Matthew Fairbairn, Hannes Mehnert, Michael Norrish, Tom Ridge, Peter Sewell, Michael Smith, and Keith Wansbrough. 2018. Engineering with Logic: Rigorous Test-Oracle Specification and Validation for TCP/IP and the Sockets API. JACM 1, 66 (12 2018), 1--77. Google ScholarDigital Library
Robert S. Boyer, Bernard Elspas, and Karl N. Levitt. 1975. SELECT-a formal system for testing and debugging programs by symbolic execution. In Proceedings of the International Conference on Reliable Software. ACM, 234--245. Google ScholarDigital Library
Josip Bozic, Lina Marsso, Radu Mateescu, and Franz Wotawa. 2018. A Formal TLS Handshake Model in LNT. In Proceedings Third Workshop on Models for Formal Analysis of Real Systems and Sixth International Workshop on Verification and Program Transformation, MARS/VPT@ETAPS 2018, and Sixth International Workshop on Verification and Program Transformation, Thessaloniki, Greece, 20th April 2018. To be published in EPCT, 1--40.Google Scholar
Cristian Cadar, Daniel Dunbar, and Dawson R. Engler. 2008. KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In 8th USENIX Symposium on Operating Systems Design and Implementation, OSDI 2008, December 8-10, 2008, San Diego, California, USA, Proceedings. USENIX Association, 209--224. Google ScholarDigital Library
Chia Yuan Cho, Domagoj Babic, Eui Chul Richard Shin, and Dawn Song. 2010. Inference and analysis of formal models of botnet command and control protocols. In Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, Ehab Al-Shaer, Angelos D. Keromytis, and Vitaly Shmatikov (Eds.). ACM, 426--439. Google ScholarDigital Library
Andrey Chudnov, Nathan Collins, Byron Cook, Joey Dodds, Brian Huffman, Colm MacCárthaigh, Stephen Magill, Eric Mertens, Eric Mullen, Serdar Tasiran, Aaron Tomb, and Eddy Westbrook. 2018. Continuous Formal Verification of Amazon s2n. In Computer Aided Verification - 30th International Conference Part II, Vol. 10982. Springer, 430--446.Google Scholar
Koen Claessen, Colin Runciman, Olaf Chitil, John Hughes, and Malcolm Wallace. 2002. Testing and Tracing Lazy Functional Programs Using QuickCheck and Hat. In Advanced Functional Programming, 4th International School, AFP 2002, Oxford, UK, August 19-24, 2002, Revised Lectures, Vol. 2638. Springer, 59--99.Google Scholar
The Mitre Corporation. 2014. CVE-2014-0160. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160.Google Scholar
The Mitre Corporation. 2014. CVE-2014-3566. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566.Google Scholar
Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, and Thyla van der Merwe. 2017. A Comprehensive Symbolic Analysis of TLS 1.3. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, Dallas, TX, USA, October 30 - November 03, 2017, Bhavani M. Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu (Eds.). ACM, 1773--1788. Google ScholarDigital Library
Edsger W. Dijkstra. 1975. Guarded Commands, Nondeterminacy and Formal Derivation of Programs. Commun. ACM 18, 8 (1975), 453--457. Google ScholarDigital Library
Dimitra Giannakopoulou, Corina S. Pasareanu, and Colin Blundell. 2008. Assume-guarantee testing for software components. IET Software 2, 6 (2008), 547--562.Google ScholarCross Ref
Internet-Draft. 2019. QUIC: A UDP-Based Multiplexed and Secure Transport (Version 18). https://tools.ietf.org/id/draft-ietf-quic-transport-18.Google Scholar
Internet-Draft. 2019. QUIC: QUIC Loss Detection and Congestion Control. https://tools.ietf.org/html/draft-ietf-quic-recovery-18.Google Scholar
James E. Johnson, David E. Langworthy, Leslie Lamport, and Friedrich H. Vogt. 2007. Formal specification of a Web services protocol. J. Log. Algebr. Program. 70, 1 (2007), 34--52.Google ScholarCross Ref
Hyojeong Lee, Jeff Seibert, Dylan Fistrovic, Charles Edwin Killian, and Cristina Nita-Rotaru. 2015. Gatling: Automatic Performance Attack Discovery in Large-Scale Distributed Systems. ACM Trans. Inf. Syst. Secur. 17, 4 (2015), 13:1--13:34. Google ScholarDigital Library
Kenneth L. McMillan. 2016. Modular specification and verification of a cache-coherent interface. In 2016 Formal Methods in Computer-Aided Design, FMCAD 2016, Mountain View, CA, USA, October 3-6, 2016. IEEE, 109--116. Google ScholarDigital Library
Kenneth L. McMillan. 2019. Mechanized Specification of QUIC. https://github.com/microsoft/ivy/tree/master/doc/examples/quic.Google Scholar
Kenneth L. McMillan. Last updated 2019. Ivy. http://microsoft.github.io/ivy.Google Scholar
K. L. McMillan and L. D. Zuck. 2019. Compositional Testing of Network Protocols. http://mcmil.net/pubs/SECDEV19.pdf. In IEEE Secure Development Conference (SecDev 2019). To appear.Google Scholar
Rashmi Mudduluru, Pantazis Deligiannis, Ankush Desai, Akash Lal, and Shaz Qadeer. 2017. Lasso detection using partial-state caching. In 2017 Formal Methods in Computer Aided Design, FMCAD 2017, Vienna, Austria, October 2-6, 2017. 84--91. Google ScholarDigital Library
B. Neelakantan and S. V.Raghavan. 1995. Protocol Conformance Testing - A Survey. In Computer Networks, Architecture and Applications, S. V. Raghavan et al. (Ed.). Springer, Chapter 1, 175--191.Google Scholar
Oded Padon, Kenneth L. McMillan, Aurojit Panda, Mooly Sagiv, and Sharon Shoham. 2016. Ivy: safety verification by interactive generalization. In Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2016, Santa Barbara, CA, USA, June 13-17, 2016. ACM, 614--630. Google ScholarDigital Library
Javier Paris and Thomas Arts. 2009. Automatic testing of TCP/IP implementations using QuickCheck. In Proceedings of the 8th ACM SIGPLAN Workshop on Erlang, Edinburgh, Scotland, UK, September 5, 2009. ACM, 83--92. Google ScholarDigital Library
Luis Pedrosa, Ari Fogel, Nupur Kothari, Ramesh Govindan, Ratul Mahajan, and Todd D. Millstein. 2015. Analyzing Protocol Implementations for Interoperability. In 12th USENIX Symposium on Networked Systems Design and Implementation, NSDI 15, Oakland, CA, USA, May 4-6, 2015. USENIX Association, 485--498. https://www.usenix.org/conference/nsdi15/technical-sessions/presentation/pedrosa Google ScholarDigital Library
Erik Poll, Joeri de Ruiter, and Aleksy Schubert. 2015. Protocol State Machines and Session Languages: Specification, implementation, and Security Flaws. In 2015 IEEE Symposium on Security and Privacy Workshops, SPW 2015, San Jose, CA, USA, May 21-22, 2015. IEEE, 125--133. Google ScholarDigital Library
Abdullah Rasool, Greg Alpár, and Joeri de Ruiter. 2019. State machine inference of QUIC. CoRR abs/1903.04384 (2019). arXiv:1903.04384 http://arxiv.org/abs/1903.04384Google Scholar
Felix Rath, Daniel Schemmel, and Klaus Wehrle. 2018. Interoperability-Guided Testing of QUIC Implementations using Symbolic Execution. In Workshop on the Evolution, Performance, and Interoperability of QUIC (EPIQ 2018). ACM, 15--21. Google ScholarDigital Library
Ivan Ristic. 2014. POODLE Bites TLS. https://blog.qualys.com/ssllabs/2014/12/08/poodle-bites-tls.Google Scholar
Jan Rüth. 2018. How much of the Internet is using QUIC? https://blog.apnic.net/2018/05/15/how-much-of-the-internet-is-using-quic/.Google Scholar
Margus Veanes, Colin Campbell, Wolfgang Grieskamp, Wolfram Schulte, Nikolai Tillmann, and Lev Nachmanson. 2008. Model-Based Testing of Object-Oriented Reactive Systems with Spec Explorer. Lecture Notes in Computer Science, Vol. 4949. Springer Verlag, 39--76. Google ScholarDigital Library
Gregor von Bochmann. 1989. Protocol Specification for OSI. Computer Networks and ISDN Systems 18, 3 (1989), 167--184. Google ScholarDigital Library
QUIC working group. 2019. QUIC Working Group. https://quicwg.org/.Google Scholar
Pamela Zave. 2015. How to Make Chord Correct (Using a Stable Base). CoRR abs/1502.06461 (2015). http://arxiv.org/abs/1502.06461Google Scholar

Recommendations

Multipath QUIC: Design and Evaluation
CoNEXT '17: Proceedings of the 13th International Conference on emerging Networking EXperiments and Technologies

Quick UDP Internet Connection (QUIC) is a recent protocol initiated by Google that combines the functions of HTTP/2, TLS, and TCP directly over UDP, with the goal to reduce the latency of client-server communication. It can replace the traditional HTTP/...
Read More
Formal specification-based conformance testing

The paper discusses the use of formal specifications for conformance testing of OSI protocols and divides the discussion in two parts: test design and tester design. A draft standard formal specification of the Class 4 transport protocol in Estelle is ...
Read More
Formal specification-based conformance testing
SIGCOMM '86: Proceedings of the ACM SIGCOMM conference on Communications architectures & protocols

The paper discusses the use of formal specifications for conformance testing of OSI protocols and divides the discussion in two parts: test design and tester design. A draft standard formal specification of the Class 4 transport protocol in Estelle is ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SIGCOMM '19: Proceedings of the ACM Special Interest Group on Data Communication
August 2019
526 pages
ISBN:9781450359566
DOI:10.1145/3341302
General Chairs:
Jianping Wu
Tsinghua University, China
,
Wendy Hall
University of Southampton, UK
Copyright © 2019 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 19 August 2019
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate554of3,547submissions,16%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 28
  Total Citations
  View Citations
- 3,191
  Total Downloads
- Downloads (Last 12 months)527
- Downloads (Last 6 weeks)64
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.