Programmable In-network Security

Abstract: In this talk, we argue that network attacks arise from a power imbalance between the adversary and the defender. Adversaries have a “programmable attack infrastructure”—the compromised machines distributed across the network—so they can launch a wide spectrum of attacks from varying locations and attack vectors. However, the traditional network is hardwired for packet forwarding, and it doesn’t offer security support. We advocate for transforming future networks into a “programmable defense infrastructure,” a powerful match against the adversary. The emergence of programmable network hardware offers new opportunities to rethink architectural support for network security. Leveraging these hardware advances, our work rearchitects a variety of defenses into the network and dynamically swaps them in and out as traffic flows through, elevating security as a first-class objective.

Bio: Ang Chen is an assistant professor in Computer Science at Rice University. He is interested in building secure, efficient, and reliable computer systems, drawing from diverse techniques as needed. His work has received an NSF CAREER award (2020), FAST best paper (2021), VMWare Early Faculty award (2022), and he leads an academia/industry effort in an NSF Large grant (2022) developing resource-fungible datacenters. He received his PhD from the University of Pennsylvania (2017).