The effect of a corrupt program on virtualized P4 programs in HyperVDP

Abstract

After software defined networking (SDN) separated the control-plane from the dataplane, P4 was proposed as a solution to be able to program the data-plane. The programmable data plane (PDP) is very useful to alter the behaviour of programmable network devices. The drawback, however, is that without virtualization only one single P4 program can run at a time on the PDP. Compiler based and hypervisor based approaches can be used to virtualize the P4 data-plane to let P4 programs run alongside each other. This increases the flexibility when compared to P4, but can potentially come with added risks. Hypervisor based approaches share resources, while compiler based approaches try to minimize the sharing of resources. This opens up hypervisor based approaches, like HyperVDP and Hyper4, to attacks from a corrupt P4 program. Because of the resource sharing, when one of the virtualized P4 programs in HyperVDP is corrupted, there potentially is a risk that the other virtualized programs also get influenced. This paper will attempt to answer the question; can a malicious P4 program corrupt behaviour of another P4 program while running alongside each other. This will be done by laying out a method to answer this question using HyperVDP. A repository containing the updated source code of HyperVDP will also be created and provided to allow for a stable framework.