Research units A-Z

Programmable Network Architectures for OT Digital Resilience

The most recent fully programmable data plane technology – eBPF – has enabled, among other use cases, highly scalable network softwarisation architectures. Previous approaches, such as software-defined networking (SDN) and P4, offered some degree of programmability, but required specialised target devices, largely tailored for high-performance data center environments. With eBPF, more complex network functions can be supported even on smaller form-factor and lower-capacity devices, making it a suitable network softwarisation framework for Operation Technology (OT) networks.

This research theme explores how such architectures can accelerate resilience functions in-network, transparently to industrial end devices. These functions include asset discovery, network segmentation, (D)DoS mitigation, and in-network protocol encryption. Our experiments show that these functions can meet strict real-time latency requirements and in-line performance constraints, and can be centraly orchestrated and deployed in a zero-touch fashion.

 

                                          Figure: eBPF-based programmable network architecture for OT digital resilience

Publications

• F. Holik, S. Jouet and D. Pezaros, "An eBPF-Based Programmable Network Architecture for OT Digital Resilience Use-Cases," 2025 IEEE Symposium on Computers and Communications (ISCC), Bologna, Italy, 2025
• F. Holik, K. Mcilwraith, A. A. Shah and D. P. Pezaros, "In-Network GOOSE Encryption with eBPF-based Programmable Network Architecture," 2025 IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids (SmartGridComm), North York, ON, Canada, 2025
• F. Holik, M. M. Cook and D. Pezaros, "Resilient Network Architecture with eBPF-based Programmability and Centralised Orchestration," IEEE INFOCOM 2025 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), London, United Kingdom, 2025
• F. Holik, M. M. Cook, B. S. Deol, A. A. Shah and D. P. Pezaros, "Dashboard Orchestration of eBPF-based Programmable OT Networks," IEEE INFOCOM 2025 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), London, United Kingdom, 2025
• F. Holik, M. M. Cook, A. A. Shah and D. Pezaros, "Network-Wide Service Deployment Using Centrally Orchestrated, eBPF-Based Programmable Dataplanes," 2025 Joint European Conference on Networks and Communications & 6G Summit (EuCNC/6G Summit), Poznan, Poland, 2025
• F. Holik, M. M. Cook, X. Li, A. A. Shah and D. Pezaros, "Programmable Data Planes for Increased Digital Resilience in OT Networks," in IEEE Communications Magazine, 2025