P4BID: Information Flow Control in P4

by   Karuna Grewal, et al.

Modern programmable network switches can implement custom applications using efficient packet processing hardware, and the programming language P4 provides high-level constructs to program such switches. The increase in speed and programmability has inspired research in dataplane programming, where many complex functionalities, e.g., key-value stores and load balancers, can be implemented entirely in network switches. However, dataplane programs may suffer from novel security errors that are not traditionally found in network switches. To address this issue, we present a new information-flow control type system for P4. We formalize our type system in a recently-proposed core version of P4, and we prove a soundness theorem: well-typed programs satisfy non-interference. We also implement our type system in a tool, P4bid, which extends the type checker in the p4c compiler, the reference compiler for the latest version of P4. We present several case studies showing that natural security, integrity, and isolation properties in networks can be captured by non-interference, and our type system can detect violations of these properties while certifying correct programs.



page 1

page 2

page 3

page 4


Secure Information Flow Typing in LUSTRE

Synchronous reactive data flow is a paradigm that provides a high-level ...

Type Stability in Julia: Avoiding Performance Pathologies in JIT Compilation (Extended Version)

As a scientific programming language, Julia strives for performance but ...

Nonmalleable Information Flow: Technical Report

Noninterference is a popular semantic security condition because it offe...

Disjunctive Delimited Control

Delimited control is a powerful mechanism for programming language exten...

Efficient and Expressive Bytecode-Level Instrumentation for Java Programs

We present an efficient and expressive tool for the instrumentation of J...

Secure Serverless Computing Using Dynamic Information Flow Control

The rise of serverless computing provides an opportunity to rethink clou...

IFCIL: An Information Flow Configuration Language for SELinux (Extended Version)

Security Enhanced Linux (SELinux) is a security architecture for Linux i...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.