Automated Attack Discovery in Data Plane Systems.
CSET @ USENIX Security Symposium(2019)
摘要
Recently, researchers have developed a wide range of distributed systems that rely on programmable data planes in emerging switch hardware. Unlike traditional SDN switches, these new switches can be reconfigured to support userdefined protocols, customized packet processing, and sophisticated state. However, despite their popularity, one aspect that has received very little attention is their security implications. This paper describes our ongoing investigation on a new class of attacks to these systems, which we call sensitivity attacks . We found that an attacker can generate malicious traffic patterns to "flip" the expected behaviors of a data plane system.We propose an approach to discovering attack vectors in a given data plane system and generating patches, both in an automated manner, and we present a set of preliminary experiments to demonstrate the feasibility of this approach.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络