Mitigating TCP Protocol Misuse With Programmable Data Planes - Archive ouverte HAL Access content directly
Journal Articles IEEE Transactions on Network and Service Management Year : 2021

Mitigating TCP Protocol Misuse With Programmable Data Planes

(1) , (1) , (2) , (3, 1) , (2)
1
2
3

Abstract

This paper proposes a new approach for detecting and mitigating the impact of misbehaving TCP end-hosts, specifically the Optimistic ACK attack, and Explicit Congestion Notification (ECN) abuse. In contrast to the state-of-the-art, we show that it is possible to mitigate such misbehavior leveraging emerging programmable data planes while not requiring any end-host or protocol modifications. A key challenge in doing so is to implement expressive, complex and stateful functions in the data plane within its restricted programming model. In this regard, we propose a security monitoring function that uses Extended Finite State Machine (EFSM) abstraction for monitoring stateful protocols in the data plane. We also design a mechanism for mapping a protocol's EFSM to programmable data plane primitives. Our evaluation results demonstrate that our approach can fully or partially restore the throughput loss caused by misbehaving end-hosts that manipulate TCP congestion control through misinformation.
Fichier principal
Vignette du fichier
hal_Mitigating_TCP_Protocol_Misuse_With_Programmable_Data_Planes.pdf (11.96 Mo) Télécharger le fichier
Origin : Files produced by the author(s)

Dates and versions

hal-03480222 , version 1 (14-12-2021)

Identifiers

Cite

Abir Laraba, Jérôme François, Shihabur Rahman Chowdhury, Isabelle Chrisment, Raouf Boutaba. Mitigating TCP Protocol Misuse With Programmable Data Planes. IEEE Transactions on Network and Service Management, 2021, 18 (1), pp.760-774. ⟨10.1109/TNSM.2021.3054528⟩. ⟨hal-03480222⟩
87 View
58 Download

Altmetric

Share

Gmail Facebook Twitter LinkedIn More