Abstract:
This paper presents a study and demonstration of some of the commonly seen internal security attacks and related countermeasures using P4, a dataplane programming languag...Show MoreMetadata
Abstract:
This paper presents a study and demonstration of some of the commonly seen internal security attacks and related countermeasures using P4, a dataplane programming language. The idea is that the vulnerabilities arising in programmable data planes are sufficiently mitigated with this P4 implementation. This also provides users with the flexibility to add or drop security features in the deployed switches, better visibility into the defense system owing to its open source nature and the portability of these P4 programs across many different vendors and devices. We evaluate our P4 code on software and hardware switches to detect IP-address spoofing attacks. The results show that attack packets are always detected and dropped, while the throughput remains unaffected and nearly constant across varying fractions of malicious packets injected in the network.
Published in: 2019 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS)
Date of Conference: 16-19 December 2019
Date Added to IEEE Xplore: 16 June 2020
ISBN Information: