Investigating the vulnerability of programmable data planes to static analysis-guided attacks

Conor Black*, Sandra Scott-Hayward

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

110 Downloads (Pure)

Abstract

Programmable network data planes are paving the way for networking innovations, with the ability to perform complex, stateful tasks defined in high-level languages such as P4. The enhanced capabilities of programmable data plane devices has made verification of their runtime behaviour, usingestablished methods such as probe packets, impossible to scale beyond probabilistic detection. This has created a potential opportunity for an attacker, with access to a compromised device, to subtly alter its forwarding program to mishandle only a small subset of packets, evading probabilistic detection. In practice, such subtle binary instrumentation attacks require extensiveknowledge of the forwarding program, yet it is unclear whether a static analysis of compiled P4 programs to obtain this knowledge can be fast and accurate enough for an on-device attack scenario. In this work, we investigate this possibility by implementing a static analysis of P4 programs compiled to BPF bytecode. This analysis gathers sufficient information for the attacker to identify appropriate (reliably correct) edits to the program. We found that, due to predictable compiler behaviours, our analysis remains accurate even when several program behaviours are abstracted away. Our evaluation of the analysis requirements shows that, from a defensive perspective, there is scope for selectively manipulating those instructions in P4-BPF programs that are critical to attack-focused analysis in order to increase its difficulty, without increasing the number of program instructions.

Original languageEnglish
Title of host publicationProceedings of the 8th IEEE International Conference on Network Softwarization, NetSoft 2022
Place of PublicationMilan
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781665406949
ISBN (Print)9781665406956
DOIs
Publication statusPublished - 03 Aug 2022
EventIEEE International Conference on Network Softwarization 2022 - Milan, Italy
Duration: 27 Jun 202201 Jul 2022
https://netsoft2022.ieee-netsoft.org/

Publication series

NameInternational Conference on Network Softwarization (NetSoft): Proceedings
PublisherIEEE
ISSN (Print)2693-9770
ISSN (Electronic)2693-9789

Conference

ConferenceIEEE International Conference on Network Softwarization 2022
Abbreviated titleNetSoft
Country/TerritoryItaly
CityMilan
Period27/06/202201/07/2022
Internet address

Fingerprint

Dive into the research topics of 'Investigating the vulnerability of programmable data planes to static analysis-guided attacks'. Together they form a unique fingerprint.

Cite this