Component-based error detection of P4 programs

P4 is a domain-specific language to develop the packet processing of network devices. These programs can easily hide errors, therefore we give a solution to analyze them and detect predefined errors in them. This paper shows the idea, which works with the P4 code as a set of components and processes them one by one, while calculating their pre- and postconditions. This method does not only detect errors between the components and their connections, but it is capable to reveal errors, which are hidden in the middle of a component. The paper introduces the method and shows its calculation in an example

Defining C Preprocessor Macro Libraries with Functional Programs

The preprocessor of the C language provides a standard way to generate code at compile time. However, writing and understanding these macros is difficult. Lack of typing, statelessness and uncommon syntax are the main reasons of this difficulty. Haskell is a high-level purely functional language with expressive type system, algebraic data types and many useful language extensions. These suggest that Haskell code can be written and maintained easier than preprocessor macros. Functional languages have certain similarities to macro languages. By using these similarities this paper describes a transformation that translates lambda expressions into preprocessor macros. Existing compilers for functional languages generate lambda expressions from the source code as an intermediate representation. As a result it is possible to write Haskell code that will be translated into preprocessor macros that manipulate source code. This may result in faster development and maintenance of complex macro metaprograms

In-network DDoS detection and mitigation using INT data for IoT ecosystem

Due to the limited capabilities and diversity of Internet of Things (IoT) devices, it is challenging to implement robust and unified security standards for these devices. Additionally, the fact that vulnerable IoT devices are beyond the network’s control makes them susceptible to being compromised and used as bots or part of botnets, leading to a surge in attacks involving these devices in recent times. We proposed a real-time IoT anomaly detection and mitigation solution at the programmable data plane in a Software-Defined Networking (SDN) environment using Inband Network telemetry (INT) data to address this issue. As far as we know, it is the first experiment in which INT data is used to detect IoT attacks in the programmable data plane. Based on our performance evaluation, the detection delay of our proposed approach is much lower than the results of previous Distributed Denial-of-Service (DDoS) research, and the detection accuracy is similarly high

Axiom-based property verification for P4 programs

We produce an axiom-based program properties verification method for P4 programs. P4 is a special, domain specific, declarative programming language to develop network packet forwarding. P4 is quite new, and different from general-purpose programming languages so it is an important idea to understand its behavior and to verify it. The operational semantics of P4 is reachable in K framework, so there is an opportunity to do its verification based on its operational semantics, but it is a low level solution, therefore the proof of complex properties can be too difficult and costly. So we would like to verify the program in a higher abstraction level, in which we would introduce axioms, which are correct in the operational semantics. Using these axioms we can create easier and more transparent proof

Keeping P4 switches fast and fault-free through automatic verification

The networking dataplane is going through a paradigm shift as softwarization of switches sees an increased pull from the market. Yet, software tooling to support development with these new technologies is still in its infancy. In this work, we introduce a framework for verifying performance requirement conformance of data plane protocols defined in the P4 language . We present a framework that transforms a P4 program in a versatile symbolic formula which can be utilized to answer various performance queries. We represented the system using denotational semantics and it can be easily extended with low-level target-dependent information. We demonstrate the operation of this system on a toy specification

Keeping P4 switches fast and fault-free through automatic verification

The SDN dataplane is going through a paradigm shift, as softwarization of switches sees an increased pull from the market. Yet, software tooling to support development with these new technologies is still in its infancy. In this work, we introduce a framework for verifying data plane protocols defined in the P4 language. Using symbolic execution, the framework checks crash-freedom and bounded execution properties of P4 protocols, and verifies performance requirements by estimating lower and upper bounds of packet processing time. This paper explains related terminology, and briefly describes the methodologies used to reach this goal

P4Query: Static analyser framework for P4

There are many important tasks in a conventional software development process which can be supported by different analysis techniques. P4 is a high level domain-specific language for describing the data plane layer of packet processing algorithms. It has several uncommon language elements and concepts that often make the analysis of P4 programs a laborious task. The paper presents P4Query, an analysis framework for the P4 language that enables the specification of different P4-related analysis methods in a generic and data-centric way. The framework uses an internal graph representation which contains the results of applied analysis methods too. In this way, the framework supports the rapid implementation of new analysis methods in a way where the results will be also easily reusable by other methods