P4Fuzz: A Compiler Fuzzer for Securing P4 Programmable Dataplanes

Studenteropgave: Speciale (inkl. HD afgangsprojekt)

  • Andrei-Alexandru Agape
  • Madalin Claudiu Danceanu
4. semester, Datalogi (it), Kandidat (Kandidatuddannelse)
The evolution of networking from a traditional approach towards a more flexible one shown an improvement in the quality of services offered. However, the changes required in this sense have to consider as well the security risks that are implied. Motivated by previous research and lack of security tools for newly developed technologies, we chose to cover an unexplored part of the attack surface and pursue a different approach. Our objective is to secure the programmable dataplanes by uncovering bugs in P4 compilers. We implement P4Fuzz - a smart, blackbox and generation-based fuzzer - inspired by Csmith, that incorporates taming techniques and complements related work. Our tool is able to generate up to 80 P4 programs per minute, and test the validity for up to 21 programs per minute. P4Fuzz is designed such that it can support multiple architectures: i.e: BMv2, eBPF, while others can be added in the future. We discovered and reported four bugs, out of which two of them have been fixed on the official repository of P4C, the standard compiler for P4. A case study which shows how compiler bugs can introduce security issues was also conducted, and we consider that P4Fuzz manages to fill a gap in the literature.
Udgivelsesdato8 jun. 2018
Antal sider115
ID: 280604140