Automated Attack Discovery in Data Plane Systems

Authors: 

Qiao Kang, Jiarong Xing, and Ang Chen, Rice University

Short Preliminary Work Paper

Abstract: 

Recently, researchers have developed a wide range of distributed systems that rely on programmable data planes in emerging switch hardware. Unlike traditional SDN switches, these new switches can be reconfigured to support user-defined protocols, customized packet processing, and sophisticated state. However, despite their popularity, one aspect that has received very little attention is their security implications.

This paper describes our ongoing investigation on a new class of attacks to these systems, which we call sensitivity attacks. We found that an attacker can generate malicious traffic patterns to "flip" the expected behaviors of a data plane system. We propose an approach to discovering attack vectors in a given data plane system and generating patches, both in an automated manner, and we present a set of preliminary experiments to demonstrate the feasibility of this approach.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {238248,
author = {Qiao Kang and Jiarong Xing and Ang Chen},
title = {Automated Attack Discovery in Data Plane Systems},
booktitle = {12th {USENIX} Workshop on Cyber Security Experimentation and Test ({CSET} 19)},
year = {2019},
address = {Santa Clara, CA},
url = {https://www.usenix.org/conference/cset19/presentation/kang},
publisher = {{USENIX} Association},
month = aug,
}