English

Data-Plane Security Applications in Adversarial Settings

Cryptography and Security 2021-11-04 v1 Networking and Internet Architecture

Abstract

High-speed programmable switches have emerged as a promising building block for developing performant data-plane applications. In this paper, we argue that the resource constraints and programming model in hardware switches has led to developers adopting problematic design patterns, whose security implications are not widely understood. We bridge the gap by identifying the major challenges and common design pitfalls in switch-based applications in adversarial settings. Examining six recently-proposed switch-based security applications, we find that adversaries can exploit these design pitfalls to completely bypass the protection these applications were designed to provide, or disrupt system operations by introducing collateral damage.

Keywords

Cite

@article{arxiv.2111.02268,
  title  = {Data-Plane Security Applications in Adversarial Settings},
  author = {Liang Wang and Prateek Mittal and Jennifer Rexford},
  journal= {arXiv preprint arXiv:2111.02268},
  year   = {2021}
}

Comments

Under submission

R2 v1 2026-06-24T07:24:33.496Z