Human operators are an important aspect of any computing infrastructure; however, human errors in configuring systems pose reliability and security risks, which are increasingly serious as such systems grow more complex. Numerous studies have shown that errors by human administrators have contributed significantly to misconfigurations of networks. The research community has reacted with development of solutions that largely directed at detecting and correcting misconfigurations statically, after they have been introduced into the configuration files. This is done either by checking against known good configuration practices or by data mining configuration files. Though to some extent such approaches are useful, they are in fact “treatments” rather than “preventions”. Automated tools that abstract complex sets of network administration tasks have also been seen as a potential solution. On the other hand, such tools simply remove the possibility of human error one step, to the development of the workflow, and can have the effect of magnifying the risk of such mistakes due to their speed of operation. There is a need for a proactive solution that examine consequences of a proposed configuration before it is implemented.
In this paper, we describe the research design towards developing a proactive solution for misconfiguration problem. Then present the design and implementation for SanityChecker-an SDN-based solution for intercepting incoming configurations and inspecting them for human errors before committing to the devices. SanityChecker was tested by real-world network administrators and the results show that it can successfully improve network operations by overseen incoming configuration for human errors.