5TH IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT)
Security for the Next Wave of Cyber and Social Networks
Co-located with IEEE/IFIP IM 2019
Washington D.C., USA
Keynote I (back to main page)
Weverton Cordeiro
Professor @ UFRGS, Brazil
Securing Networks in the Programmable Data Plane Era
April 8th, 9:30am - 10:30amAbstract: Recent advances in Software Defined Networking (SDN) have expanded our ability to program the network to its data plane. Through domain specific languages like P4, network operators can quickly deploy new protocols on forwarding devices, customize their functionality, and develop innovative services. This flexibility comes however with a cost: network-wide security and correctness properties (e.g., isolation, reachability, etc.) become much harder to ensure, because network behavior is now determined by a combination of the control plane-driven configuration and the data plane program that resides on devices (also called switches). Existing network verification tools, which rely on a fixed, invariant model of the data plane, are inadequate for programmable data planes. In this talk, we will cover techniques we have been developing in the context of the P4Sec project (funded by the National Science Foundation and the Bazilian Education and Research Network) to verify and enforce security properties in data plane networks. Those verification techniques extend existing verification tools by automatically generating a data plane model from a P4 program. We will also cover on verification tools that integrate with our dynamically-generated models to verify network configuration updates issued by an SDN controller. We will also cover research on novel approaches to ensure that network security properties are satisfied by a network configuration that is based on data plane enforcement. We work to develop an in-line monitor, implemented in the data plane itself, that enforces critical security properties, such as isolation and bandwidth limits, even in the presence of a faulty user data plane program or controller.
Biography: Weverton Cordeiro is an Assistant Professor (since 2017) at the Institute of Informatics (INF) of the Federal University of Rio Grande do Sul (UFRGS). He holds a Ph.D. degree from UFRGS (2014).His research is broadly focused in the field of networking. He is currently interested on the following topics: community networks (how to bridge the digital divide, and design low-end devices for networking in the Amazon region); blockchain (secure transaction verification); software defined networking (measurement and monitoring, security); programmable forwarding planes (programmable switch virtualization, data plane monitoring, verification of forwarding plane software); network function virtualization (placement and chaining of virtual functions). He recently began working with machine learning applied to public health (design of smartphone apps for tracking down mosquitoes) and e-commerce (unveiling users behind shared accounts).