A Case for Remote Attestation in Programmable Dataplanes

pdf

ABSTRACT

Programmability is a double-edged sword. It can better tailor solutions to problems, optimize resource use, and inexpensively patch deployed equipment. But programmability can also be abused to undermine the security of hardware and that of its unwitting users. Remote Attestation (RA) is a class of techniques to provide integrity assurance to remote users of resources such as hardware, OSs and applications. It is used to establish well-defined trust relationships among mutually distrustful principals who provide, use or delegate remote resources. RA could benefit, for example, tenants of a datacenter or users of IoT equipment such as health monitors. This position paper considers how RA can be used to enable

dynamic assessments of network security characteristics through automated generation, collection, and evaluation of rigorous evidence of trustworthiness. We introduce a set of use cases, sketch how the Copland and NetKAT languages can be combined and extended to make network-aware attestation policies, and propose an extension of P4-program.

BIO

Nik Sultana is an assistant professor of Computer Science at Illinois Tech in Chicago. His research focuses on distributed system techniques that leverage programming theory, formal logic, and practical systems engineering. He completed his PhD at Cambridge University's Automated Reasoning Group, where I worked on a compiler-based approach to proof translation. Before joining Illinois Tech he postdoc'd at the UPenn Distributed Systems Lab and at the Cambridge Systems Research Group.

Tags:
License: CC-2.5
Submitted by Deborah Shands on