Automated Attack Discovery in Data Plane Systems

Authors: 

Qiao Kang, Jiarong Xing, and Ang Chen, Rice University

Abstract: 

Recently, researchers have developed a wide range of distributed systems that rely on programmable data planes in emerging switch hardware. Unlike traditional SDN switches, these new switches can be reconfigured to support user-defined protocols, customized packet processing, and sophisticated state. However, despite their popularity, one aspect that has received very little attention is their security implications.

This paper describes our ongoing investigation on a new class of attacks to these systems, which we call sensitivity attacks. We found that an attacker can generate malicious traffic patterns to ``flip'' the expected behaviors of a data plane system. We propose an approach to discovering attack vectors in a given data plane system and generating patches, both in an automated manner, and we present a set of preliminary experiments to demonstrate the feasibility of this approach.