A survey on security applications of P4 programmable switches and a STRIDE-based vulnerability assessment

AlSabeh, Ali; Khoury, Joseph; Kfoury, Elie; Crichigno, Jorge; Bou‐Harb, Elias

doi:10.1016/j.comnet.2022.108800

Cited by 38 publications

(18 citation statements)

References 92 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Limitations of the 'vulnerability explosion' are known, meaning that the number of threats can grow quickly as the complexity of the system increases. Nevertheless, several modified versions of STRIDE have been proposed [19], [20]. PASTA [13] is defined by seven stages that start from objectives related to business through to the technical requirements.…”

Section: Related Workmentioning

confidence: 99%

Toward Attack Modeling Technique Addressing Resilience in Self-Driving Car

et al. 2023

View full text Add to dashboard Cite

Self-driving cars are going to be the main future mode of transportation. However, such systems like, any other cyber-physical system, are vulnerable to attack vectors and uncertainties. As a response, resilience-based approaches are being developed. However, the approaches lack a sound attack model that recognizes the attack vectors and vulnerabilities such a system would have and that does a proper severity analysis of such attacks. Moreover, the existing attack models are too generic. Currently, the domain lacks such specific work pertaining to self-driving cars. Given the technology and architecture of self-driving cars, the field requires a domain-specific attack model. This paper gives a review of the attack models and proposes a domain-specific attack model for self-driving cars. The proposed attack model, severity-based analytical attack model for resilience (SAAMR), provides attack analysis based on existing models. Also, a domainbased severity score for attacks is calculated. Further, the attacks are classified using the decision-tree method and predictions of the type of attacks are given using long short-term memory network. INDEX TERMSAttack-model, autonomous vehicles, cyber-attacks, resilience, security, self-driving car. NOMENCLATURE AT Adversarial attack tree. CAN Controller area network. CT Code modification/injection tree. CVE Common vulnerabilities and exposures. CVSS Common vulnerability scoring system. CWE Common weakness enumeration. DATMO Detection and tracking of moving objects. DDoS Distributed denial of service. DoS Denial of service. DT Decision tree. ECU Electronic controller unit. GPS Global positioning system. InV In-vehicle. ITS Intelligent transportation system. JT Jamming attack tree. LiDAR Light detection and ranging.

show abstract

Section: Related Workmentioning

confidence: 99%

Toward Attack Modeling Technique Addressing Resilience in Self-Driving Car

et al. 2023

View full text Add to dashboard Cite

show abstract

“…Other security schemes in P4 include mitigation against Distributed Denial of Service (DDoS) attacks [13], DNS amplification attacks, and policy-based firewalls [9]. However, none of the approaches perform DPI to extract DNS names.…”

Section: A Dns and Security Implementations In P4mentioning

confidence: 99%

“…Recent large-scale attacks, such as the Mirai botnet that affected millions of users and exceeded 600 Gigabits per second (Gbps) in volume [3], use the DNS as a main attack vector [2]. researchers as they are reluctant that it might overwhelm the switch and degrade the throughput in the network [9].…”

Section: Introductionmentioning

confidence: 99%

P4DDPI: Securing P4-Programmable Data Plane Networks via DNS Deep Packet Inspection

AlSabeh¹,

Kfoury²,

Crichigno³

et al. 2022

Proceedings 2022 Workshop on Measurements, Attacks, and Defenses for the Web

View full text Add to dashboard Cite

“…Limitations have been known of 'vulnerability explosion', that is, number of the threats can grow quickly as the complexity of the system increases. Nevertheless, several modified versions of STRIDE have been proposed [21], [22].…”

Section: Introductionmentioning

confidence: 99%