High-speed programmable switches have emerged as a promising building block for developing performant data-plane applications. In this paper, we argue that the resource constraints and programming model of hardware switches have led to developers adopting problematic design patterns, whose security implications are not widely understood. We bridge the gap by identifying the major challenges and common design pitfalls in switch-based applications in adversarial settings. Examining five recently-proposed switch-based security applications, we find that adversaries can exploit these design pitfalls to completely bypass the protection these applications were designed to provide, or disrupt system operations by introducing collateral damage.

高速可编程开关已成为开发高性能数据平面应用的有前途的构建块。在本文中，我们认为硬件交换机的资源限制和编程模型导致开发人员采用有问题的设计模式，其安全含义并未得到广泛理解。我们通过识别对抗环境中基于交换机的应用程序中的主要挑战和常见设计缺陷来弥合差距。检查最近提出的五个基于交换机的安全应用程序，我们发现攻击者可以利用这些设计缺陷完全绕过这些应用程序旨在提供的保护，或通过引入附带损害来破坏系统操作。