Defeating data plane attacks with program obfuscation

Research output: Contribution to journalArticlepeer-review

131 Downloads (Pure)

Abstract

Data plane switches in software-defined networks are increasingly recognised as potential targets for attack, with recent exploits showing their vulnerability to full compromise. The serious consequences of such a breach have prompted the design of compromise detection mechanisms, which monitor switch forwarding behaviour at runtime to ensure that it has not been altered by an attack. However, such defences cannot achieve full coverage in stateful, programmable data planes, creating an opportunity for an attacker to evade detection by carefully editing a switch's forwarding program to mishandle a small subset of packets. To exploit this opportunity and avoid detection, an attacker must analyse and edit the program's behaviour within a narrow time window, which is possible when the data plane is defined by a uBPF program compiled from P4, due to the predictable compilation process. In this work, we aim to invalidate this analysis-guided attack technique with targeted obfuscation of P4-uBPF programs that increases the analysis complexity. We find that, by inserting additional program paths and syntactic dependencies between variables, we can force an attacker to analyse a higher proportion of program instructions and carry out time-consuming SMT solving to find valid program paths, rendering the previous attack technique infeasible. Furthermore, by applying our identified program optimisations, program performance can often be maintained after obfuscation. In evaluating our work, we identify the potential to improve our solution by tailoring obfuscations to individual program paths.

Original languageEnglish
Number of pages13
JournalIEEE Transactions on Dependable and Secure Computing
Early online date19 May 2023
DOIs
Publication statusEarly online date - 19 May 2023

Keywords

  • Data plane security
  • Obfuscation
  • P4
  • SDN
  • SMT
  • Static Analysis
  • uBPF

ASJC Scopus subject areas

  • General Computer Science
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Defeating data plane attacks with program obfuscation'. Together they form a unique fingerprint.

Cite this