Towards Zero Trust Network Security via Programmable Data Planes

Abstract

Traditional enterprise security relies on network perimeters to define and enforce network security policies while granting ambient trust to entities within these perimeters. Zero Trust architecture eliminates this ambient trust and requires consistent verification of every access request with the least privileges granted. However, existing network-level and host-level defenses operate in isolation, limiting their ability to correlate inter-host and intra-host activities and thereby detect or contain sophisticated, cross-host attacks. In this dissertation, we present a unified approach for enforcing end-to-end security decisions across hosts and the network by leveraging programmable data planes to realize in-network Zero Trust security. Our approach transforms the existing network infrastructure into an active protection backbone capable of preventing sophisticated attacks in real time without requiring significant changes to existing infrastructures. To achieve our goal, we first design P4Control, an in-network information flow control mechanism that prevents cross-host attacks at line rate. P4Control leverages programmable switches and eBPF to correlate intra-host and inter-host activities to detect attackers that aim to laterally move in the network to evade existing defenses. Second, we leverage such hardware-software co-design to enable in-network fine-grained continuous authentication to grant network access to authorized processes. For this, we design NetCap, a novel continuous authentication scheme to validate every network access request and prevent attackers from stealing access tokens to gain unauthorized access to protected resources. Third, we present an identity-aware, fine-grained microsegmentation defense, called NetZone, that enforces least-privilege access on a per-user, process-level basis. The defense creates a custom access scope for each user, restricting their visibility to only resources authorized by their identity policies. These access scopes are bound to user processes and persist across hosts with user movement, ensuring consistent enforcement regardless of network location. Our dissertation paves the way for enforcing end-to-end security across hosts and networks, realizing the core principles of Zero Trust through programmable data planes to prevent various sophisticated attacks at line-rate network performance.