Our first step is to transform a programmable switch into a defense platform that runs a wide range of “defense apps”. The key challenge lies in the limited programming model and resources in a network switch. Our key solution is to leverage software/hardware codesign, which divides a defense app into a hardware component that needs to be invoked per packet, a software component that only needs to be involved per batch, and an interface that permits bi-directional communications.
Poise, or Programmable In-network Security, aims to rethink how to make our future networks fundamentally more secure. Our observation is that many network-based attacks should be mitigated inside the network (instead of at endpoints), but traditional networks can only support simple defenses because they lack programmability. With progra mmable switches, we can now develop attack detection algorithms in hardware to process every single packet at high speed. Upon detecting an attack, the defense can direct ly take actions at the switch without involving a software controller. Our vision for Poise is to transform the network into a "programmable defense infrastructure" that can support security as routing.
Concretely, a Poise switch not only forwards traffic, but also applies to it a wide range of defenses; a Poise network not only routes traffic end-to-end, but also swaps defenses along the paths in and out as needed to mitigate attacks. Attacks with mixed vectors would trigger concurrent defenses, and attacks that rapidly change would be met with equally fast defense swapping. In its full force, Poise would toggle a wide array of defenses rapidly on and off as traffic flows through, mitigating attacks in real time.
We're taking three steps to realize this Poise vision, as detailed below.
Our next step aims to transform a programmable network into a defense fleet, by architecting the individual defenses developed in the first step into the network paths, and synchronizing them for network-wide attack detection and mitigation. The key challenge we need to tackle is decentralization: the defenses need to synchronize their local views and decisions with each other without going through a central controller.
Last but not least, Poise seeks to ensure that the individual defenses, as well as their composition, are themselves secure against attacks. We are developing program analysis techniques to understand potential risks in the defenses and mitigate them.