P4Fuzz: Compiler Fuzzer forDependable Programmable Dataplanes

Emerging software-defined networks and programmable dataplanes promise to render communication networks more dependable, overcoming today’s manual and error-prone approach to operate networks. Indeed, programmable dataplanes such as P4 provide great opportunities for improving network performance and developing innovative security features, by allowing programmers to reconfigure and tailor switches towards their needs. However, extending programmability to the dataplane also introduces new threat models. In this paper, using a systematic security analysis, we identify a particularly worrisome vulnerability: the automated program compilers which lie at the core of programmable dataplanes. The dataplane compilers introduce a risk of persistent threats which are covert and hard to detect, and may be exploited for large-scale attacks, affecting many devices. Our main contribution is P4Fuzz, a compiler fuzzer to find bugs and vulnerabilities in P4 compilers, in an efficient and automated manner. We discuss the challenges involved in designing such a compiler fuzzer for P4, present our fuzzing and taming algorithms, and report on experiments with our prototype implementation, considering the standard compilers of BMv2, eBPF, and NetFPGA. Our experiments confirm that P4Fuzz is able to generate and test the validity of dozens of P4 programs per minute. Using P4Fuzz, we also successfully found several bugs which have been acknowledged and fixed by the community.

[1]  Mabry Tyson,et al.  FRESCO: Modular Composable Security Services for Software-Defined Networks , 2013, NDSS.

[2]  Marco Canini,et al.  A NICE Way to Test OpenFlow Applications , 2012, NSDI.

[3]  Nate Foster,et al.  NetKAT: semantic foundations for networks , 2014, POPL.

[4]  Vijay Mann,et al.  SPHINX: Detecting Security Attacks in Software-Defined Networks , 2015, NDSS.

[5]  Alex Groce,et al.  Taming compiler fuzzers , 2013, ACM-SIGPLAN Symposium on Programming Language Design and Implementation.

[6]  Paul Smith,et al.  OpenFlow: A security analysis , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[7]  Lei Xu,et al.  Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures , 2015, NDSS.

[8]  Anja Feldmann,et al.  Taking Control of SDN-based Cloud Systems via the Data Plane , 2018, SOSR.

[9]  Diana Andreea Popescu,et al.  Enabling Fast Hierarchical Heavy Hitter Detection using Programmable Data Planes , 2017, SOSR.

[10]  Peter M. Athanas,et al.  p4pktgen: Automated Test Case Generation for P4 Programs , 2018, SOSR.

[11]  George Varghese,et al.  P4: programming protocol-independent packet processors , 2013, CCRV.

[12]  Tao Wang,et al.  Gauntlet: Finding Bugs in Compilers for Programmable Packet Processing , 2020, OSDI.

[13]  Fernando M. V. Ramos,et al.  Towards secure and dependable software-defined networks , 2013, HotSDN '13.

[14]  Ken Thompson,et al.  Reflections on trusting trust , 1984, CACM.

[15]  Sakir Sezer,et al.  Sdn Security: A Survey , 2013, 2013 IEEE SDN for Future Networks and Services (SDN4FNS).

[16]  Anirudh Sivaraman,et al.  In-band Network Telemetry via Programmable Dataplanes , 2015 .

[17]  Kirill Levchenko,et al.  Uncovering Bugs in P4 Programs with Assertion-based Verification , 2018, SOSR.

[18]  Anja Feldmann,et al.  Static Program Analysis as a Fuzzing Aid , 2017, RAID.

[19]  Xuejun Yang,et al.  Finding and understanding bugs in C compilers , 2011, PLDI '11.

[20]  Stefan Schmid,et al.  Outsmarting Network Security with SDN Teleportation , 2016, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[21]  Pedram Amini,et al.  Fuzzing: Brute Force Vulnerability Discovery , 2007 .

[22]  Tooska Dargahi,et al.  A Survey on the Security of Stateful SDN Data Planes , 2017, IEEE Communications Surveys & Tutorials.