Programmable Data Planes for Network Security
- URL: http://arxiv.org/abs/2507.22165v1
- Date: Tue, 29 Jul 2025 18:55:58 GMT
- Title: Programmable Data Planes for Network Security
- Authors: Gursimran Singh, H. B. Acharya, Minseok Kwon,
- Abstract summary: programmable data planes have transformed network security by enabling customized, line-rate packet processing.<n>We highlight the non-obvious design techniques that make complex in-network security functions feasible despite the constraints of the hardware platform.
- Score: 5.269440215944905
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: The emergence of programmable data planes, and particularly switches supporting the P4 language, has transformed network security by enabling customized, line-rate packet processing. These switches, originally intended for flexible forwarding, now play a broader role: detecting and mitigating attacks such as DDoS and spoofing, enforcing next-generation firewall policies, and even supporting in-network cryptography and machine learning. These capabilities are made possible by techniques such as recirculate-and-truncate and lookup-table precomputation, which work around architectural constraints like limited memory and restricted instruction sets. In this paper, we systematize recent advances in security applications built on programmable switches, with an emphasis on the capabilities, challenges, and architectural workarounds. We highlight the non-obvious design techniques that make complex in-network security functions feasible despite the constraints of the hardware platform, and also comment on remaining issues and emerging research directions.
Related papers
- Towards Safety and Security Testing of Cyberphysical Power Systems by Shape Validation [42.350737545269105]
complexity of cyberphysical power systems leads to larger attack surfaces to be exploited by malicious actors.<n>We propose to meet those risks with a declarative approach to describe cyber power systems and automatically evaluate security and safety controls.
arXiv Detail & Related papers (2025-06-14T12:07:44Z) - SPEAR: Security Posture Evaluation using AI Planner-Reasoning on Attack-Connectivity Hypergraphs [15.590901699441645]
SPEAR is a formal framework with tool support for security posture evaluation and analysis.<n>It uses the causal formalism of AI planning to model vulnerabilities and configurations in a networked system.<n>It identifies a set of diverse security hardening strategies that can be presented in a manner understandable to the domain expert.
arXiv Detail & Related papers (2025-06-02T00:38:47Z) - Transformers for Secure Hardware Systems: Applications, Challenges, and Outlook [2.9625426098772425]
Transformer models have gained traction in the security domain due to their ability to model complex dependencies.<n>This survey provides a review of recent advancements on the use of Transformers in hardware security.<n>It examines their application across key areas such as side-channel analysis, hardware Trojan detection, vulnerability classification, device fingerprinting, and firmware security.
arXiv Detail & Related papers (2025-05-28T17:22:14Z) - Modern DDoS Threats and Countermeasures: Insights into Emerging Attacks and Detection Strategies [49.57278643040602]
Distributed Denial of Service (DDoS) attacks persist as significant threats to online services and infrastructure.<n>This paper offers a comprehensive survey of emerging DDoS attacks and detection strategies over the past decade.
arXiv Detail & Related papers (2025-02-27T11:22:25Z) - Application of Machine Learning Techniques for Secure Traffic in NoC-based Manycores [44.99833362998488]
This document explores an IDS technique using machine learning and temporal series for detecting DoS attacks in NoC-based manycore systems.<n>It is necessary to extract traffic data from a manycore NoC and execute the learning techniques in the extracted data.<n>The developed platform will have its data validated with a low-level platform.
arXiv Detail & Related papers (2025-01-21T10:58:09Z) - Modern Hardware Security: A Review of Attacks and Countermeasures [1.7265013728931]
In this paper, we review the current state of vulnerabilities and mitigation strategies in contemporary computing systems.<n>We discuss cache side-channel attacks (including Spectre and Meltdown), power side-channel attacks (such as Simple Power Analysis), and advanced techniques like Voltage Glitching and Electromagnetic Analysis.<n>The paper concludes with an analysis of the RISC-V architecture's unique security challenges.
arXiv Detail & Related papers (2025-01-08T10:14:19Z) - Simulation of Multi-Stage Attack and Defense Mechanisms in Smart Grids [2.0766068042442174]
We introduce a simulation environment that replicates the power grid's infrastructure and communication dynamics.<n>The framework generates diverse, realistic attack data to train machine learning algorithms for detecting and mitigating cyber threats.<n>It also provides a controlled, flexible platform to evaluate emerging security technologies, including advanced decision support systems.
arXiv Detail & Related papers (2024-12-09T07:07:17Z) - Distributing Intelligence in 6G Programmable Data Planes for Effective In-Network Intrusion Prevention [2.563180814294141]
This research aims to propose a disruptive paradigm in which devices in a typical data plane of a future programmable network have anomaly detection capabilities and cooperate in a fully distributed fashion to act as an ML-enabled Intrusion Prevention System embedded" into the network.<n>The reported proof-of-concept experiments demonstrate that the proposed paradigm allows working effectively and with a good level of precision while occupying overall less CPU and RAM resources of the devices involved.
arXiv Detail & Related papers (2024-10-31T15:14:15Z) - The Security and Privacy of Mobile Edge Computing: An Artificial Intelligence Perspective [64.36680481458868]
Mobile Edge Computing (MEC) is a new computing paradigm that enables cloud computing and information technology (IT) services to be delivered at the network's edge.
This paper provides a survey of security and privacy in MEC from the perspective of Artificial Intelligence (AI)
We focus on new security and privacy issues, as well as potential solutions from the viewpoints of AI.
arXiv Detail & Related papers (2024-01-03T07:47:22Z) - Safe RAN control: A Symbolic Reinforcement Learning Approach [62.997667081978825]
We present a Symbolic Reinforcement Learning (SRL) based architecture for safety control of Radio Access Network (RAN) applications.
We provide a purely automated procedure in which a user can specify high-level logical safety specifications for a given cellular network topology.
We introduce a user interface (UI) developed to help a user set intent specifications to the system, and inspect the difference in agent proposed actions.
arXiv Detail & Related papers (2021-06-03T16:45:40Z) - Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance.
We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems.
We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
arXiv Detail & Related papers (2020-10-19T13:09:31Z) - A Privacy-Preserving Distributed Architecture for
Deep-Learning-as-a-Service [68.84245063902908]
This paper introduces a novel distributed architecture for deep-learning-as-a-service.
It is able to preserve the user sensitive data while providing Cloud-based machine and deep learning services.
arXiv Detail & Related papers (2020-03-30T15:12:03Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.