Adversarial Exploitation of P4 Data Planes

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Programmable data planes can support flexible and feature-rich networks. However, the network operator must have confidence that the network data plane correctly implements the specified policies. To address this, data plane testing and verification mechanisms have been proposed, which, in general, trust the data plane devices to behave faithfully. A few current solutions recognise that one or more of the network devices maybe under the control of a malicious adversary but do not address either the enhanced capabilities or motivations of an attacker in a modern P4-programmable data plane. Furthermore, the ability of an attacker to utilise these enhanced capabilities in an exploit has not been investigated. In this paper, we address this knowledge gap by means of a case study in which we assume the role of an attacker in an open-source implementation of a P4-programmable software switch and attempt a range of methods to exploit the program running on that switch. We find that attacks that exploit both the programmability and statefulness of the P4 switch are indeed possible, and discuss the impact of our findings with proposals for future adversarial data plane verification mechanisms to address this new threat model.
Original languageEnglish
Title of host publicationIFIP/IEEE International Symposium on Integrated Network Management (IM 2021): Proceedings
Number of pages7
Publication statusAccepted - 11 Dec 2020
EventIEEE/IFIP International Symposium on Integrated Network Management - Bordeaux, France
Duration: 17 May 2021 → …

Publication series

NameIFIP/IEEE International Symposium on Integrated Network Management: Proceedings
PublisherIEEE
ISSN (Print)1573-0077

Conference

ConferenceIEEE/IFIP International Symposium on Integrated Network Management
CountryFrance
CityBordeaux
Period17/05/2021 → …

Fingerprint Dive into the research topics of 'Adversarial Exploitation of P4 Data Planes'. Together they form a unique fingerprint.

Cite this