A master thesis from Aalborg University
P4Fuzz: A Compiler Fuzzer for Securing P4 Programmable Dataplanes
Author(s)
Term
4. term
Education
Publication year
2018
Submitted on
2018-06-08
Pages
115 pages
Abstract
The evolution of networking from a traditional approach towards a more flexible one shown an improvement in the quality of services offered. However, the changes required in this sense have to consider as well the security risks that are implied. Motivated by previous research and lack of security tools for newly developed technologies, we chose to cover an unexplored part of the attack surface and pursue a different approach. Our objective is to secure the programmable dataplanes by uncovering bugs in P4 compilers. We implement P4Fuzz - a smart, blackbox and generation-based fuzzer - inspired by Csmith, that incorporates taming techniques and complements related work. Our tool is able to generate up to 80 P4 programs per minute, and test the validity for up to 21 programs per minute. P4Fuzz is designed such that it can support multiple architectures: i.e: BMv2, eBPF, while others can be added in the future. We discovered and reported four bugs, out of which two of them have been fixed on the official repository of P4C, the standard compiler for P4. A case study which shows how compiler bugs can introduce security issues was also conducted, and we consider that P4Fuzz manages to fill a gap in the literature.
Documents
Colophon: This page is part of the AAU Student Projects portal, which is run by Aalborg University. Here, you can find and download publicly available bachelor's theses and master's projects from across the university dating from 2008 onwards. Student projects from before 2008 are available in printed form at Aalborg University Library.
If you have any questions about AAU Student Projects or the research registration, dissemination and analysis at Aalborg University, please feel free to contact the VBN team. You can also find more information in the AAU Student Projects FAQs.