Programmable data planes for network security

Roland Meier

nsg.ee.ethz.ch

HotSec 2019

2

if (packet_is_evil):

packet.ipv4.evil_bit = 1

else:

packet.ipv4.evil_bit = 0

Version Type of service Total length

Identifier Flags Fragment offset

Time to live Protocol Header checksum

Source address

Destination address

…

Header length

Evil DF MF

3

if (packet_is_evil):

packet.ipv4.evil_bit = 1

else:

packet.ipv4.evil_bit = 0

60 milliseconds

hours

50 GB

There has always been hardware to process packets.

What has changed?

4

This hardware is programmable

It is now possible to write programs for the control plane and the data plane of a network

5

vendor-specific software

slow but versatile

Control plane

fixed-function hardware

fast but restricted

Data plane

It is now possible to write programs for the control plane and the data plane of a network

6

vendor-specific software

slow but versatile

Control plane

fixed-function hardware

fast but restricted

Data plane

programmable custom

Programmable data planes are heavily used in the networking community

7

Programmable data planes are heavily used in the networking community

8

Programmable data planes are heavily used in the networking community

9

NSDI

SIGCOMM

23 papers

20

Programmable data planes are barely used in the security community

10

NSDI

SIGCOMM

S&P

USENIX Sec

CCS

NDSS

23 papers

20

1

1

0

3

Programmable data planes are barely used in the security community

11

NSDI

SIGCOMM

S&P

CCS

NDSS

23 papers

20

1

0

3

NetHide: Secure and Practical Network Topology Obfuscation

Roland Meier(1), Petar Tsankov(1), Vincent Lenders(2), Laurent Vanbever(1), Martin Vechev(1)

nethide.ethz.ch

USENIX Security 2018

(2)(1)

USENIX Sec 1

Programmable data planes are barely used in the security community

12

NSDI

SIGCOMM

CCS

NDSS

23 papers

20

0

3

USENIX Sec 1

S&P 1

Programmable data planes are barely used in the security community

13

NSDI

SIGCOMM

CCS

23 papers

20

0

USENIX Sec 1

S&P 1

NDSS 3

Why?

Programmable data planes are barely used in the security community

15

no sampling no impact on performance

Programmable data planes allow processing all packets at line rate

P4 is a domain-specific programming language

16[Andy Fingerhut: P4 in 500 words]

C

loops

recursive callspointersmallocfree

parserstablesarchitectures

Possibilities and limitations of programmable data planes

17

simple operations on all packets

extract information from packets

custom headers and protocols

complex operations

maintain (large) state

modify the payload

Let’s discuss these 2 topics (and more)

18

Roland Meiermeierrol@ethz.chnsg.ee.ethz.ch

Which network security applications can benefit from programmable data planes and how?

Which dangers does this new technology impose?e.g. related to attacks against data-plane programs