skip to main content
10.1145/3373360.3380836acmconferencesArticle/Chapter ViewAbstractPublication PagescommConference Proceedingsconference-collections
research-article

Can we exploit buggy P4 programs?

Published: 04 March 2020 Publication History

Abstract

Recent verification works have found numerous bugs in P4 programs. While it is obvious bugs are undesirable, it is currently not known what effects these bugs have in practice? In this paper we take a first look at the potential of exploitation for such bugs: we first examine how three different targets behave when unspecified behaviours are triggered, finding a range of potentially exploitable behaviours; we use these to attack two concrete programs. We find that the security impact of such exploits can be high, but that the severity of the attack depends on the target.

References

[1]
P. Bosshart, D. Daly, G. Gibb, M. Izzard, N. McKeown, J. Rexford, C. Schlesinger, D. Talayco, A. Vahdat, G. Varghese, and D. Walker, "P4: Programming protocol-independent packet processors," SIGCOMM Comput. Commun. Rev., vol. 44, no. 3, Jul. 2014.
[2]
Broadcom, NPL: Open, High-Level language for developing feature-rich solutions for programmable networking platforms, 2019. [Online]. Available: https://nplang.org/.
[3]
J. Liu, W. Hallahan, C. Schlesinger, M. Sharif, J. Lee, R. Soule, H. Wang, C. Cascaval, N. McKeown, and N. Foster, "P4v: Practical verification for programmable data planes," in Proceedings of ACM SIGCOMM 2018.
[4]
R. Stoenescu, D. Dumitrescu, M. Popovici, L. Negreanu, and C. Raiciu, "Debugging p4 programs with vera," in Proceedings of the 2018 Conference of the ACM Special Interest Group on Data Communication, ser. SIGCOMM '18, Budapest, Hungary: ACM, 2018, pp. 518--532, isbn: 978-1-4503-5567-4. [Online]. Available: http://doi.acm. org/10.1145/3230543.3230548.
[5]
A. Nötzli, J. Khan, A. Fingerhut, C. Barrett, and P. Athanas, "P4pktgen: Automated test case generation for p4 programs," in Proceedings of the Symposium on SDN Research, ser. SOSR '18, Los Angeles, CA, USA: ACM, 2018, 5:1--5:7, isbn: 978-1-4503-5664-0. [Online]. Available: http://doi.acm.org/10.1145/3185467.3185497.
[6]
M. Neves, L. Freire, A. Schaeffer-Filho, and M. Barcellos, "Verification of p4 programs in feasible time using assertions," in Proceedings of the 14th International Conference on Emerging Networking EXperiments and Technologies, ser. CoNEXT '18, Heraklion, Greece: ACM, 2018, pp. 73--85, isbn: 978-1-4503-6080-7. [Online]. Available: http://doi.acm.org/10.1145/3281411.3281421.
[7]
P. language consortium, Designing your own switch target with bmv2, 2019. [Online]. Available: https://github.com/p4lang/behavioral-model.
[8]
V. Olteanu, A. Agache, A. Voinescu, and C. Raiciu, "Stateless datacenter load-balancing with beamer," in 15th USENIX Symposium on Networked Systems Design and Implementation (NSDI 18), Renton, WA: USENIX Association, 2018. [Online]. Available: https://www.usenix.org/conference/nsdi18/presentation/olteanu.
[9]
S. Ibanez, G. Brebner, N. McKeown, and N. Zilberman, "The p4netfpga workflow for line-rate packet processing," in Proceedings of the 2019 ACM/SIGDA International Symposium on Field-Programmable Gate Arrays, ser. FPGA '19, Seaside, CA, USA: ACM, 2019, pp. 1--9, isbn: 978-1-4503-6137-8. [Online]. Available: http://doi.acm.org/10.1145/3289602.3293924.
[10]
N. Zilberman, Y. Audzevich, G. A. Covington, and A. W. Moore, "Netfpga sume: Toward 100 gbps as research commodity," IEEE Micro, vol. 34, no. 5, pp. 32--41, Sep. 2014, issn: 1937-4143.
[11]
R. Roemer, E. Buchanan, H. Shacham, andS. Savage, "Return-oriented programming: Systems, languages, and applications," ACM Transactions on Information and System Security (TISSEC), vol. 15, no. 1, p. 2, 2012.
[12]
A. Bittau, A. Belay, A. Mashtizadeh, D. Mazieres, and D. Boneh, "Hacking blind," in Proceedings of the 2014 IEEE Symposium on Security and Privacy, ser. SP '14, Washington, DC, USA: IEEE Computer Society, 2014, pp. 227--242, isbn: 978-1-4799-4686-0. [Online]. Available: https://doi.org/10.1109/SP.2014.22.
[13]
M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti, "Control-flow integrity," in Proceedings of the 12th ACM Conference on Computer and Communications Security, ser. CCS '05, Alexandria, VA, USA: ACM, 2005, pp. 340--353, isbn: 1-59593-226-7. [Online]. Available: http://doi.acm.org/10.1145/1102120.1102165.
[14]
M. Castro, M. Costa, and T. Harris, "Securing software by enforcing data-flow integrity," in Proceedings of the 7th Symposium on Operating Systems Design and Implementation, ser. OSDI '06, Seattle, Washington: USENIX Association, 2006, pp. 147--160, isbn: 1-931971-47-1. [Online]. Available: http://dl.acm.org/citation.cfm?id=1298455.1298470.
[15]
S. Hernan, S. Lambert, T. Ostwald, and A. Shostack, "Threat modeling-uncover security design flaws using the stride approach," MSDN Magazine-Louisville, pp. 68--75, 2006.
[16]
A.-A. Agape, M. C. Danceanu, R. R. Hansen, and S. Schmid, "Charting the security landscape of programmable dataplanes," CoRR, vol. abs/1807.00128, 2018. arXiv: 1807.00128. [Online]. Available: http://arxiv.org/abs/1807.00128.
[17]
Q. Kang, J. Xing, and A. Chen, "Automated attack discovery in data plane systems," in Workshop on Cyber Security Experimentation and Test, 2019.

Cited By

View all
  • (2024)Scaver: A Scalable Verification System for Programmable NetworkProceedings of the 2024 SIGCOMM Workshop on Formal Methods Aided Network Operation10.1145/3672199.3673887(14-19)Online publication date: 4-Aug-2024
  • (2023)RETRACTED: Express Data Processing on FPGA: Network Interface Cards for Streamlined Software Inspection for Packet ProcessingApplied System Innovation10.3390/asi60100096:1(9)Online publication date: 9-Jan-2023
  • (2023)PTA: Finding Hard-to-Find Data Plane BugsIEEE/ACM Transactions on Networking10.1109/TNET.2022.321406231:3(1324-1337)Online publication date: Jun-2023
  • Show More Cited By

Index Terms

  1. Can we exploit buggy P4 programs?

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    SOSR '20: Proceedings of the Symposium on SDN Research
    March 2020
    151 pages
    ISBN:9781450371018
    DOI:10.1145/3373360
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 04 March 2020

    Permissions

    Request permissions for this article.

    Check for updates

    Qualifiers

    • Research-article
    • Research
    • Refereed limited

    Funding Sources

    Conference

    SOSR '20
    Sponsor:
    SOSR '20: Symposium on SDN Research
    March 3, 2020
    CA, San Jose, USA

    Acceptance Rates

    Overall Acceptance Rate 7 of 43 submissions, 16%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)44
    • Downloads (Last 6 weeks)2
    Reflects downloads up to 14 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)Scaver: A Scalable Verification System for Programmable NetworkProceedings of the 2024 SIGCOMM Workshop on Formal Methods Aided Network Operation10.1145/3672199.3673887(14-19)Online publication date: 4-Aug-2024
    • (2023)RETRACTED: Express Data Processing on FPGA: Network Interface Cards for Streamlined Software Inspection for Packet ProcessingApplied System Innovation10.3390/asi60100096:1(9)Online publication date: 9-Jan-2023
    • (2023)PTA: Finding Hard-to-Find Data Plane BugsIEEE/ACM Transactions on Networking10.1109/TNET.2022.321406231:3(1324-1337)Online publication date: Jun-2023
    • (2022)A case for remote attestation in programmable dataplanesProceedings of the 21st ACM Workshop on Hot Topics in Networks10.1145/3563766.3564100(122-129)Online publication date: 14-Nov-2022
    • (2022)hXDPCommunications of the ACM10.1145/354366865:8(92-100)Online publication date: 21-Jul-2022
    • (2022)A survey on security applications of P4 programmable switches and a STRIDE-based vulnerability assessmentComputer Networks10.1016/j.comnet.2022.108800207(108800)Online publication date: Apr-2022
    • (2021)AquilaProceedings of the 2021 ACM SIGCOMM 2021 Conference10.1145/3452296.3472937(17-32)Online publication date: 9-Aug-2021
    • (2021)A Survey on the Verification of Adversarial Data Planes in Software-Defined NetworksProceedings of the 2021 ACM International Workshop on Software Defined Networks & Network Function Virtualization Security10.1145/3445968.3452092(3-10)Online publication date: 28-Apr-2021
    • (2021)SRCV: A Source Routing based Consistency Verification Mechanism in SDN2021 3rd International Conference on Advances in Computer Technology, Information Science and Communication (CTISC)10.1109/CTISC52352.2021.00022(77-81)Online publication date: Apr-2021
    • (2021)An Exhaustive Survey on P4 Programmable Data Plane Switches: Taxonomy, Applications, Challenges, and Future TrendsIEEE Access10.1109/ACCESS.2021.30867049(87094-87155)Online publication date: 2021
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media