SaTC: CORE: Medium: SPIPS: Security and Privacy in Programmable Switches

SaTC：核心：中：SPIPS：可编程交换机的安全性和隐私

• 批准号: 2023222
• 负责人: Justin Hsu
• 金额: $ 120万
• 依托单位: University of Wisconsin-Madison
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-10-01 至 2021-10-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2023222&HistoricalAwards=false
• 关键词: SaTC; CORE; Medium; SPIPS; Security

Networking hardware has undergone dramatic changes in recent years. Traditionally, network switches leveraged a fixed set of rules describingpac ket-forwarding behavior, tailored to a small number of standard and widely-used protocols. Today's state-of-the-art switches can run custom programs, enabling new applications. Rather than being baked into the hardware, this behavior can be changed and updated on-the-fly---networks are becoming increasingly programmable. At the same time, programmable networks pose new challenges for security and privacy. When switches were largely limited to static behavior, switch behavior was designed and implemented by hardwarevendors. As devices become programmable, network programmers will produce networking software more frequently and in greater quantity. These programs can be highly intricate, potentially leading to more security vulnerabilities and privacy violations.This project has two main technical goals: (1) Evaluate security and privacy threats to programmable networks before they become widespread, and (2) Designactionable mechanisms for detecting, mitigating, and defending against such threats. The project consists of three main research thrusts. The first thrust focuses on implementing secure and privacy-preserving algorithms, including constructions from cryptography and differential privacy, on programmable switches. The second thrust will develop static analyses and dynamic enforcement mechanisms to guarantee information-flow properties for a single programmable switch. Finally, the third thrust considers security and privacy issues in distributed applications, which are implemented across multiple programmable switches.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

近年来，网络硬件发生了巨大的变化。传统上，网络交换机利用一组固定的规则来描述数据包转发行为，这些规则是针对少数标准和广泛使用的协议量身定制的。当今最先进的交换机可以运行自定义程序，从而支持新的应用程序。这种行为可以即时更改和更新，而不是嵌入到硬件中——网络变得越来越可编程。与此同时，可编程网络给安全和隐私带来了新的挑战。当交换机很大程度上局限于静态行为时，交换机行为是由硬件供应商设计和实现的。随着设备变得可编程，网络程序员将更频繁、更大量地生产网络软件。这些程序可能非常复杂，可能会导致更多的安全漏洞和隐私侵犯。该项目有两个主要技术目标：（1）在可编程网络的安全和隐私威胁广泛传播之前对其进行评估，以及（2）设计可操作的机制来检测、减轻和防御此类威胁。该项目包括三个主要研究方向。第一个重点是在可编程交换机上实现安全和隐私保护算法，包括密码学和差分隐私的结构。第二个重点将开发静态分析和动态执行机制，以保证单个可编程交换机的信息流属性。最后，第三个重点考虑了分布式应用程序中的安全和隐私问题，这些应用程序是在多个可编程交换机上实现的。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力优点和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Learning Differentially Private Mechanisms

• DOI: 10.1109/sp40001.2021.00060
• 发表时间: 2021-01
• 期刊: 2021 IEEE Symposium on Security and Privacy (SP)
• 作者: Subhajit Roy;Justin Hsu;Aws Albarghouthi

A Bunched Logic for Conditional Independence

条件独立的捆绑逻辑

• DOI: 10.1109/lics52264.2021.9470712
• 发表时间: 2021
• 期刊: 2021 36th Annual ACM/IEEE Symposium on Logic in Computer Science (LICS
• 作者: Bao, Jialu;Docherty, Simon;Hsu, Justin;Silva, Alexandra
• 通讯作者: Silva, Alexandra

A pre-expectation calculus for probabilistic sensitivity

• DOI: 10.1145/3434333
• 发表时间: 2020-08
• 期刊: Proceedings of the ACM on Programming Languages
• 作者: Alejandro Aguirre;G. Barthe;Justin Hsu;Benjamin Lucien Kaminski;J. Katoen;Christoph Matheja

A Quantum Interpretation of Bunched Logic & Quantum Separation Logic

• DOI: 10.1109/lics52264.2021.9470673
• 发表时间: 2021-01
• 期刊: 2021 36th Annual ACM/IEEE Symposium on Logic in Computer Science (LICS)
• 作者: Li Zhou;G. Barthe;Justin Hsu;M. Ying;Nengkun Yu