High-speed programmable switches have emerged as a promising building block for developing performant data-plane applications. In this paper, we argue that the resource constraints and programming model of hardware switches have led to developers adopting problematic design patterns, whose security implications are not widely understood. We bridge the gap by identifying the major challenges and common design pitfalls in switch-based applications in adversarial settings. Examining five recently-proposed switch-based security applications, we find that adversaries can exploit these design pitfalls to completely bypass the protection these applications were designed to provide, or disrupt system operations by introducing collateral damage.

Original languageEnglish (US)
Pages (from-to)2-9
Number of pages8
JournalComputer Communication Review
Issue number2
StatePublished - Apr 2022

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications


  • P4
  • Programmable hardware
  • Security


Dive into the research topics of 'Data-plane security applications in adversarial settings'. Together they form a unique fingerprint.

Cite this