P4Control: Line-Rate Cross-Host Attack Prevention via In-Network Information Flow Control Enabled by Programmable Switches and eBPF
Osama Bajaber, Bo Ji, Peng Gao
IEEE Symposium on Security and Privacy 2024 · Day 3 · Continental Ballroom 5
In an era of sophisticated cyber threats, **lateral movement** has emerged as a pervasive technique allowing attackers to navigate compromised networks, escalating privileges and accessing sensitive data. The talk "P4Control: Line-Rate Cross-Host Attack Prevention via In-Network Information Flow Control Enabled by Programmable Switches and eBPF" introduces a novel defense mechanism designed to combat these multi-stage attacks in real-time. Presented by Osama Bajaber from Virginia Tech, this work, a collaboration with advisors Dr. Bo Ji and Dr. Peng Gao, addresses the critical gap in current security solutions: the lack of end-to-end visibility across both host and network layers.
AI review
P4Control delivers a genuinely novel and technically deep solution for real-time cross-host attack prevention. By extending Decentralized Information Flow Control into the network fabric via programmable switches and eBPF, it offers unprecedented line-rate enforcement against lateral movement, directly addressing a critical gap in Zero Trust architectures. This is the kind of foundational work that actually shifts the defensive paradigm.