Attacks and Defenses in the Data Plane of Networks

Security issues in computer networks have focused on attacks on end-systems and the control plane. An entirely new class of emerging network attacks aims at the data plane of the network. Data plane forwarding in network routers has traditionally been implemented with custom-logic hardware, but recent router designs increasingly use software-programmable network processors for packet forwarding. These general-purpose processing devices exhibit software vulnerabilities and are susceptible to attacks. The authors demonstrate - to their knowledge the first - practical attack that exploits a vulnerability in packet processing software to launch a devastating denial-of-service attack from within the network infrastructure.