Programmable Data Planes for Network Security
By: Gursimran Singh, H. B. Acharya, Minseok Kwon
Potential Business Impact:
Makes network devices smarter and safer.
The emergence of programmable data planes, and particularly switches supporting the P4 language, has transformed network security by enabling customized, line-rate packet processing. These switches, originally intended for flexible forwarding, now play a broader role: detecting and mitigating attacks such as DDoS and spoofing, enforcing next-generation firewall policies, and even supporting in-network cryptography and machine learning. These capabilities are made possible by techniques such as recirculate-and-truncate and lookup-table precomputation, which work around architectural constraints like limited memory and restricted instruction sets. In this paper, we systematize recent advances in security applications built on programmable switches, with an emphasis on the capabilities, challenges, and architectural workarounds. We highlight the non-obvious design techniques that make complex in-network security functions feasible despite the constraints of the hardware platform, and also comment on remaining issues and emerging research directions.
Similar Papers
Some optimization possibilities in data plane programming
Networking and Internet Architecture
Makes computer networks faster and smarter.
Securing P4 Programs by Information Flow Control
Cryptography and Security
Keeps secret data safe in computer networks.
Real-Time In-Network Machine Learning on P4-Programmable FPGA SmartNICs with Fixed-Point Arithmetic and Taylor
Distributed, Parallel, and Cluster Computing
Lets computers learn from network traffic instantly.