Adversarial exploitation of P4 data planes

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Citations (Scopus)
209 Downloads (Pure)

Abstract

Programmable data planes can support flexible and feature-rich networks. However, the network operator must have confidence that the network data plane correctly implements the specified policies. To address this, data plane testing and verification mechanisms have been proposed, which, in general, trust the data plane devices to behave faithfully. A few current solutions recognise that one or more of the network devices maybe under the control of a malicious adversary but do not address either the enhanced capabilities or motivations of an attacker in a modern P4-programmable data plane. Furthermore, the ability of an attacker to utilise these enhanced capabilities in an exploit has not been investigated. In this paper, we address this knowledge gap by means of a case study in which we assume the role of an attacker in an open-source implementation of a P4-programmable software switch and attempt a range of methods to exploit the program running on that switch. We find that attacks that exploit both the programmability and statefulness of the P4 switch are indeed possible, and discuss the impact of our findings with proposals for future adversarial data plane verification mechanisms to address this new threat model.

Original languageEnglish
Title of host publicationProceedings of the IFIP/IEEE International Symposium on Integrated Network Management
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages7
ISBN (Electronic)9783903176324
ISBN (Print)9781728190419
Publication statusPublished - 30 Jun 2021
EventIEEE/IFIP International Symposium on Integrated Network Management 2021 - Bordeaux, France
Duration: 17 May 202121 May 2021

Conference

ConferenceIEEE/IFIP International Symposium on Integrated Network Management 2021
Country/TerritoryFrance
CityBordeaux
Period17/05/202121/05/2021

Fingerprint

Dive into the research topics of 'Adversarial exploitation of P4 data planes'. Together they form a unique fingerprint.

Cite this