Software Defined Networking has put the accent on the implementation of effective, sophisticated algorithms for the control plane, running on centralized devices. Pure centralization, however, also introduces inefficiencies and limitations in many scenarios, often negatively affecting security. Network applications could benefit from data plane programmability, e.g. implementing the increasingly popular P4 language. In this paper, we show that P4-enabled switches can run simple yet significant tasks that enhance the cooperation with the control plane, improving traffic analysis functionalities of practical relevance for security monitoring purposes. We also show how this P4- based solutions can be integrated into an SDN architecture acting as an Intrusion Detection System.
Amir Al Sadi, D.B. (2021). A Security Monitoring Architecture based on Data Plane Programmability. IEEE [10.1109/EuCNC/6GSummit51104.2021.9482549].
A Security Monitoring Architecture based on Data Plane Programmability
Amir Al SadiMembro del Collaboration Group
;Davide BerardiMembro del Collaboration Group
;Franco CallegatiConceptualization
;Andrea Melis
Membro del Collaboration Group
;Marco PrandiniConceptualization
2021
Abstract
Software Defined Networking has put the accent on the implementation of effective, sophisticated algorithms for the control plane, running on centralized devices. Pure centralization, however, also introduces inefficiencies and limitations in many scenarios, often negatively affecting security. Network applications could benefit from data plane programmability, e.g. implementing the increasingly popular P4 language. In this paper, we show that P4-enabled switches can run simple yet significant tasks that enhance the cooperation with the control plane, improving traffic analysis functionalities of practical relevance for security monitoring purposes. We also show how this P4- based solutions can be integrated into an SDN architecture acting as an Intrusion Detection System.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
