Position paper

November 2022:Programmability of network hardware can also be abused to undermine the security of hardware and that of its unwitting users. Remote Attestation (RA) is a class of techniques to provide integrity assurance to remote users of resources such as hardware, OSs and applications. This position paper considers how RA can be used to enable dynamic assessments of network security characteristics through automated generation, collection, and evaluation of rigorous evidence of trustworthiness.

Presented at HotNets 2022:
Paper

Early prototype of an Attestation-capable Switch

April 2023: Alexander Wolosewicz developed a novel prototype based on the ideas in the HotNets paper. Along the way, he encountered the interesting kind of technical problems that show up when implementing a new idea, and came up with solutions for this prototype. This prototype is based on a fork of the open-source BMv2 reference software switch, and it run can any P4 program that the original BMv2 switch can.

Developed during an Independent Study (CS597) project at Illinois Tech:
Repo

Testbed Evaluation of an Attestation-capable Switch

November 2023:This work evaluates Alexander's attestation-capable switch in two testbeds: (1) a local university testbed, and (2) the FABRIC testbed. This evaluation was carried out to check the correctness of the behavior of the switch, and to measure the throughput that the switch can handle. In addition to evaluating the switch, this work served to demo the switch and our evaluation setup.

Presented at INDIS 2023 (Best Demo Award):
Abstract Slides Video

SmartNIC-based Remote Attestation

November 2023: Hyunsuk Bang developed a novel prototype for network-based remote attestation that treats a network switch as a black box. It uses smart NICs in the network to provide and check evidence based on polling the switch's configuration. This approach to adapting RA for the network is intended to explore how to adapt third-party, existing switch hardware and software to use remote attestation without a forklift upgrade. During this project, Hyunsuk was co-mentored by Chris Neely from AMD-Xilinx.

Developed during the Applications of Programmable Networking course and subsequently during an Independent Study (CS597) project at Illinois Tech:
Repo

March 2024: Demo + poster prepared for FABRIC KNIT8 (Runner-up Best Poster):
Poster Video

Applying Network-based Remote Attestation to 5G

March 2024: Alexander continued improving his switch prototype and applied it to a 5G scenario that recreates the "Athens Affair", to study how in-network attestation could detect unexpected configurations early in a modern telecom environment. Alexander gave an early talk about this work at the ACM student society at IIT, and used the FABRIC testbed to test and demo this scenario. For the 5G component, Alexander was co-mentored by Ashok Sunder Rajan from Intel.

Demo + poster prepared for FABRIC KNIT8:
Poster Video

In-Network Remote Attestation for Science DMZ

November 2024: The Science DMZ network design pattern removes friction from large transfers but this creates a tension with network security policies. This work applies the in-network remote attestation idea to Science DMZs, to improve their security and compliance. This involves in-band control signaling of transfer authorization information across two research institutions. Based on a prototype he developed, Hyunsuk presented an NRE (Network Research Experiment) demo at SC24. This work was co-mentored by Chris Neely at AMD/Xilinx.

Slides Video

Hyunsuk also prepared a short reflection on his experience of using Alveo FPGA cards on the FABRIC testbed: Video