P4BID: Information Flow Control in P4 (PLDI 2022 - PLDI Research Papers) - PLDI 2022

Mon 13 - Fri 17 June 2022 San Diego, California, United States

Who

Karuna Grewal, Loris D'Antoni, Justin Hsu

Track

Time Zone

The program is currently displayed in (GMT-07:00) Pacific Time (US & Canada).

Use conference time zone: (GMT-07:00) Pacific Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

When

Wed 15 Jun 2022 10:40 - 11:00 at Kon-Tiki - Security Chair(s): Yu Feng
Wed 15 Jun 2022 22:40 - 23:00 at Kon-Tiki - Security

Abstract

Modern programmable network switches let developers write complex packet processing pipelines that can run at speeds of 6.5Tbps, and the programming language P4 provides high-level constructs that make programming such switches fairly simple. The increase in speed and programmability has started a new era of network programming where many complex functionalities, e.g., key-value stores and load balancers, are being moved to these fast switches. We show that this increased programmability enables a new family of security bugs, that is, information leaks that can lead to broken confidentiality, integrity, and isolation in the network. We then present a new information-flow control type system for dataplane programming in P4 that can detect this family of security bugs. Our type system contains rules that are completely specific to the P4 language and can therefore handle complex constructs such as P4 tables. We implement our type system in a tool, P4bid, which extends the type checker in the p4c compiler, the reference compiler for P4_16, the latest version of P4. We present a number of case studies and show that P4bid can successfully detect information flow violations in all of them, while correctly type-checking corrected versions of these programs where the information leaks are removed.

DOI

https://doi.org/10.1145/3519939.3523717

Karuna Grewal

Loris D'Antoni

University of Wisconsin-Madison, USA

Justin Hsu

Cornell University

United States

Time Zone

The program is currently displayed in (GMT-07:00) Pacific Time (US & Canada).

Use conference time zone: (GMT-07:00) Pacific Time (US & Canada)Select other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Session Program

Wed 15 Jun
Displayed time zone: Pacific Time (US & Canada) change

	10:40 - 12:00	SecurityPLDI at Kon-Tiki +12h Chair(s): Yu Feng University of California, Santa Barbara

	10:40 20m Talk		P4BID: Information Flow Control in P4 PLDI Karuna Grewal , Loris D'Antoni University of Wisconsin-Madison, USA, Justin Hsu Cornell University DOI
	11:00 20m Talk		ANOSY: Approximated Knowledge Synthesis with Refinement Types for Declassification PLDI Sankha Narayan Guria University of Maryland, College Park, Niki Vazou IMDEA Software Institute, Marco Guarnieri IMDEA Software Institute, James Parker Galois, Inc. DOI Pre-print
	11:20 20m Talk		Hardening Attack Surfaces with Formally Proven Binary Format Parsers PLDI Nikhil Swamy Microsoft Research, Tahina Ramananandro Microsoft Research, Aseem Rastogi Microsoft Research, Irina Spiridonova Microsoft Research, Haobin Ni Cornell University, Dmitry Malloy Microsoft, Juan Vazquez Microsoft, Michael Tang Microsoft, Omar Cardona Microsoft, Arti Gupta Microsoft DOI
	11:40 20m Talk		Modular Information Flow Through Ownership PLDI Will Crichton Stanford University, Marco Patrignani University of Trento, Maneesh Agrawala Stanford University, Pat Hanrahan Stanford University, USA DOI Pre-print

	22:40 - 00:00	SecurityPLDI at Kon-Tiki

	22:40 20m Talk		P4BID: Information Flow Control in P4 PLDI Karuna Grewal , Loris D'Antoni University of Wisconsin-Madison, USA, Justin Hsu Cornell University DOI
	23:00 20m Talk		ANOSY: Approximated Knowledge Synthesis with Refinement Types for Declassification PLDI Sankha Narayan Guria University of Maryland, College Park, Niki Vazou IMDEA Software Institute, Marco Guarnieri IMDEA Software Institute, James Parker Galois, Inc. DOI Pre-print
	23:20 20m Talk		Hardening Attack Surfaces with Formally Proven Binary Format Parsers PLDI Nikhil Swamy Microsoft Research, Tahina Ramananandro Microsoft Research, Aseem Rastogi Microsoft Research, Irina Spiridonova Microsoft Research, Haobin Ni Cornell University, Dmitry Malloy Microsoft, Juan Vazquez Microsoft, Michael Tang Microsoft, Omar Cardona Microsoft, Arti Gupta Microsoft DOI
	23:40 20m Talk		Modular Information Flow Through Ownership PLDI Will Crichton Stanford University, Marco Patrignani University of Trento, Maneesh Agrawala Stanford University, Pat Hanrahan Stanford University, USA DOI Pre-print