Validating and Securing P4-based Programmable Data Plane Systems

# 83






Abstract

Recent advancements in Software-Defined Networking (SDN), programmable data planes, and domain-specific network languages (e.g., P4, NPL) have opened up a wide range of opportunities to solve network problems considered difficult and complex in traditional closed and fixed ASIC-based data planes. Such high programmability enabled faster development (days to weeks, instead of years) and implementation of novel network protocols, new network functions (e.g., DDoS detection), and acceleration of applications (e.g., key-value lookup). However the programmability also increases (1) potential sources of bugs and (b) attack surface, thus ensuring correctness of the packet-processing behavior is crucial. In this talk, I will present our recent work, DBVal, a system to validate the packet-processing behavior of P4 data planes at runtime. Next, I will walk through a few possible attacks on P4-based data plane systems and explain why standard cryptography-based security mechanisms are not feasible to realize on resource-constrained high-speed programmable data planes. Finally, I will present our ongoing work to detect and defend such attacks with minimal-to-no impact on packet-processing throughput.

Praveen Tammana, IIT Hyderabad

Praveen Tammana is currently an Assistant Professor in the Computer Science Department, IIT-Hyderabad. His research interests are at the intersection of Systems, Networks, and Security. His current focus is on designing and building networked systems that make networks easy to manage, secure, and robust, by using exciting emerging technologies such as Software-Defined Networking (SDN)and P4-based programmable data planes. Prior, he was a postdoctoral researcher at Princeton University, USA. Praveen has received his Ph.D. from The University of Edinburgh, UK.