Security vulnerabilities arising from packet-level sensitive data leakage in P4-programmable data planes remain unaddressed. Method: This paper proposes the first information-flow control (IFC) method for P4 packet fields, integrating a security-typed system with interval analysis to model and verify data flows at the field granularity. It innovatively defines security policies directly on packet fields—not program variables—and formally proves that the type system satisfies noninterference. We implement Tap4s, the first static analysis prototype enabling end-to-end IFC verification for P4 programs. Contribution/Results: Evaluated on multiple real-world P4 use cases, Tap4s accurately detects covert information-leakage vulnerabilities, provides provable noninterference guarantees, achieves a false positive rate below 3%, and incurs manageable analysis overhead.

Software-Defined Networking (SDN) has transformed network architectures by decoupling the control and data-planes, enabling fine-grained control over packet processing and forwarding. P4, a language designed for programming data-plane devices, allows developers to define custom packet processing behaviors directly on programmable network devices. This provides greater control over packet forwarding, inspection, and modification. However, the increased flexibility provided by P4 also brings significant security challenges, particularly in managing sensitive data and preventing information leakage within the data-plane. This paper presents a novel security type system for analyzing information flow in P4 programs that combines security types with interval analysis. The proposed type system allows the specification of security policies in terms of input and output packet bit fields rather than program variables. We formalize this type system and prove it sound, guaranteeing that well-typed programs satisfy noninterference. Our prototype implementation, Tap4s, is evaluated on several use cases, demonstrating its effectiveness in detecting security violations and information leakages.