Abstract
Emerging software-defined networks and programmable dataplanes promise to render communication networks more dependable, overcoming today's manual and error-prone approach to operate networks. Indeed, programmable dataplanes such as P4 provide great opportunities for improving network performance and developing innovative security features, by allowing programmers to reconfigure and tailor switches towards their needs. However, extending programmability to the dataplane also introduces new threat models. In this paper, using a systematic security analysis, we identify a particularly worrisome vulnerability: the automated program compilers which lie at the core of programmable dataplanes. The dataplane compilers introduce a risk of persistent threats which are covert and hard to detect, and may be exploited for large-scale attacks, affecting many devices. Our main contribution is P4Fuzz, a compiler fuzzer to find bugs and vulnerabilities in P4 compilers, in an efficient and automated manner. We discuss the challenges involved in designing such a compiler fuzzer for P4, present our fuzzing and taming algorithms, and report on experiments with our prototype implementation, considering the standard compilers of BMv2, eBPF, and NetFPGA. Our experiments confirm that P4Fuzz is able to generate and test the validity of dozens of P4 programs per minute. Using P4Fuzz, we also successfully found several bugs which have been acknowledged and fixed by the community.
Originalsprog | Engelsk |
---|---|
Titel | ICDCN 2021 - Proceedings of the 2021 International Conference on Distributed Computing and Networking |
Antal sider | 10 |
Forlag | Association for Computing Machinery |
Publikationsdato | 5 jan. 2021 |
Sider | 16-25 |
ISBN (Elektronisk) | 978-1-4503-8933-4 |
DOI | |
Status | Udgivet - 5 jan. 2021 |
Begivenhed | 22nd International Conference on Distributed Computing and Networking, ICDCN 2021 - Virtual, Online, Japan Varighed: 5 jan. 2021 → 8 jan. 2021 |
Konference
Konference | 22nd International Conference on Distributed Computing and Networking, ICDCN 2021 |
---|---|
Land/Område | Japan |
By | Virtual, Online |
Periode | 05/01/2021 → 08/01/2021 |
Bibliografisk note
Funding Information:Research supported by the Vienna Science and Technology Fund (WWTF) project ICT19-045.
Publisher Copyright:
© 2021 ACM.