A case for remote attestation in programmable dataplanes

Proceedings of the 21st ACM Workshop on Hot Topics in Networks Pub Date : 2022-11-14 DOI:10.1145/3563766.3564100

Nik Sultana, D. Shands, V. Yegneswaran

{"title":"A case for remote attestation in programmable dataplanes","authors":"Nik Sultana, D. Shands, V. Yegneswaran","doi":"10.1145/3563766.3564100","DOIUrl":null,"url":null,"abstract":"Programmability is a double-edged sword. It can better tailor solutions to problems, optimize resource use, and inexpensively patch deployed equipment. But programmability can also be abused to undermine the security of hardware and that of its unwitting users. Remote Attestation (RA) is a class of techniques to provide integrity assurance to remote users of resources such as hardware, OSs and applications. It is used to establish well-defined trust relationships among mutually distrustful principals who provide, use or delegate remote resources. RA could benefit, for example, tenants of a data-center or users of IoT equipment such as health monitors. This position paper considers how RA can be used to enable dynamic assessments of network security characteristics through automated generation, collection, and evaluation of rigorous evidence of trustworthiness. We introduce a set of use cases, sketch how the Copland and NetKAT languages can be combined and extended to make network-aware attestation policies, and propose an extension of P4-programmable hardware to enforce this mechanism in the network.","PeriodicalId":339381,"journal":{"name":"Proceedings of the 21st ACM Workshop on Hot Topics in Networks","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-11-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 21st ACM Workshop on Hot Topics in Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3563766.3564100","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Programmability is a double-edged sword. It can better tailor solutions to problems, optimize resource use, and inexpensively patch deployed equipment. But programmability can also be abused to undermine the security of hardware and that of its unwitting users. Remote Attestation (RA) is a class of techniques to provide integrity assurance to remote users of resources such as hardware, OSs and applications. It is used to establish well-defined trust relationships among mutually distrustful principals who provide, use or delegate remote resources. RA could benefit, for example, tenants of a data-center or users of IoT equipment such as health monitors. This position paper considers how RA can be used to enable dynamic assessments of network security characteristics through automated generation, collection, and evaluation of rigorous evidence of trustworthiness. We introduce a set of use cases, sketch how the Copland and NetKAT languages can be combined and extended to make network-aware attestation policies, and propose an extension of P4-programmable hardware to enforce this mechanism in the network.

查看原文本刊更多论文

可编程数据平面中的远程认证案例

可编程性是一把双刃剑。它可以更好地针对问题定制解决方案，优化资源使用，并以低成本修补已部署的设备。但是，可编程性也可能被滥用来破坏硬件及其不知情用户的安全性。远程认证(Remote authentication, RA)是一种为硬件、操作系统和应用程序等资源的远程用户提供完整性保证的技术。它用于在提供、使用或委托远程资源的相互不信任的主体之间建立定义良好的信任关系。例如，RA可以使数据中心的租户或健康监视器等物联网设备的用户受益。本立场文件考虑了如何使用RA通过自动生成、收集和评估严格的可信度证据来实现对网络安全特征的动态评估。我们介绍了一组用例，概述了如何将Copland和NetKAT语言组合和扩展以制定网络感知认证策略，并提出了p4可编程硬件的扩展以在网络中执行该机制。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 21st ACM Workshop on Hot Topics in Networks

自引率

0.00%

发文量