In-Network Security Applications with P4RROT

Computer networks have become a key infrastructure for many different business domains. Ensuring the security of such interoperable systems is essential in many areas. The emergence of in-network computing and data plane programmability has opened the door to novel security approaches. Although the logic behind most novel solutions is simple, their implementation in P4 is often complex for a non-domain expert or requires problem-specific languages and code generators. Existing in-network approaches only solve specific subproblems and are not general purpose. In this paper, we show how the open-source P4 code generator called P4RROT can simplify the implementation of various in-network security applications. To demonstrate its applicability, we reproduce three recent P4-based security methods. During the implementation, we extended P4RROT with new primitives needed for such applications and also added support for Intel Tofino ASICs. The complexity of the corresponding P4RROT codes is a magnitude lower than the investigated original P4 programs.