Data-Plane Security Applications in Adversarial Settings
Liang Wang, Prateek Mittal, Jennifer Rexford
TL;DR
This paper analyzes security challenges in high-speed programmable switches, highlighting design pitfalls that adversaries can exploit to bypass protections or cause system disruption in data-plane applications.
Contribution
It identifies major challenges and common design pitfalls in switch-based security applications and demonstrates how adversaries can exploit them.
Findings
Adversaries can bypass security protections in switch-based applications.
Design pitfalls can lead to system disruption and collateral damage.
Many existing applications are vulnerable due to these pitfalls.
Abstract
High-speed programmable switches have emerged as a promising building block for developing performant data-plane applications. In this paper, we argue that the resource constraints and programming model in hardware switches has led to developers adopting problematic design patterns, whose security implications are not widely understood. We bridge the gap by identifying the major challenges and common design pitfalls in switch-based applications in adversarial settings. Examining six recently-proposed switch-based security applications, we find that adversaries can exploit these design pitfalls to completely bypass the protection these applications were designed to provide, or disrupt system operations by introducing collateral damage.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsPhysical Unclonable Functions (PUFs) and Hardware Security · Security and Verification in Computing · Advanced Malware Detection Techniques