SDN Rootkits: Subverting Network Operating Systems of Software-Defined Networks

The new paradigm of Software-Defined Networking SDN enables exciting new functionality for building networks. Its core component is the so called SDN controller also termed network operating system. An SDN controller is logically centralized and crucially important, thus, exploiting it can significantly harm SDN-based networks. As recent work considers only flaws and rudimentary malicious logic inside SDN applications, we focus on rootkit techniques which enable attackers to subvert network operating systems. We present two prototype implementations: a SDN rootkit for the industry's leading open source controller OpenDaylight as well as a version with basic rootkit functions for the commercial and non-OpenDaylight-based HP controller. Our SDN rootkit is capable of actively hiding itself and malicious network programming as well as providing remote access. Since OpenDaylight intends to establish a reference framework for network operating systems both open source and commercial, our work demonstrates potential threats for a wide range of network operating systems.

[1]  Fernando M. V. Ramos,et al.  Software-Defined Networking: A Comprehensive Survey , 2014, Proceedings of the IEEE.

[2]  Yi Wang,et al.  Towards a secure controller platform for openflow applications , 2013, HotSDN '13.

[3]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[4]  George Varghese,et al.  Usenix Association 10th Usenix Symposium on Networked Systems Design and Implementation (nsdi '13) 99 Real Time Network Policy Checking Using Header Space Analysis , 2022 .

[5]  Fernando M. V. Ramos,et al.  Towards secure and dependable software-defined networks , 2013, HotSDN '13.

[6]  Sanjay Jha,et al.  A Survey of Securing Networks Using Software Defined Networking , 2015, IEEE Transactions on Reliability.

[7]  Thierry Turletti,et al.  A Survey of Software-Defined Networking: Past, Present, and Future of Programmable Networks , 2014, IEEE Communications Surveys & Tutorials.

[8]  Marco Canini,et al.  A NICE Way to Test OpenFlow Applications , 2012, NSDI.

[9]  Claudia Eckert,et al.  Dynamic Hooks: Hiding Control Flow Changes within Non-Control Data , 2014, USENIX Security Symposium.

[10]  Vijay Mann,et al.  SPHINX: Detecting Security Attacks in Software-Defined Networks , 2015, NDSS.

[11]  Martín Casado,et al.  NOX: towards an operating system for networks , 2008, CCRV.

[12]  Brent Byunghoon Kang,et al.  Rosemary: A Robust, Secure, and High-performance Network Operating System , 2014, CCS.

[13]  Lei Xu,et al.  Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures , 2015, NDSS.

[14]  Vinod Yegneswaran,et al.  Securing the Software Defined Network Control Layer , 2015, NDSS.

[15]  Mabry Tyson,et al.  FRESCO: Modular Composable Security Services for Software-Defined Networks , 2013, NDSS.

[16]  Vinod Yegneswaran,et al.  AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks , 2013, CCS.

[17]  Thorsten Holz,et al.  Retaining control over SDN network services , 2015, 2015 International Conference and Workshops on Networked Systems (NetSys).

[18]  Nick McKeown,et al.  A network in a laptop: rapid prototyping for software-defined networks , 2010, Hotnets-IX.

[19]  Mira Mezini,et al.  Taming reflection: Aiding static analysis in the presence of reflection and custom class loaders , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[20]  Brighten Godfrey,et al.  VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[21]  Mabry Tyson,et al.  A security enforcement kernel for OpenFlow networks , 2012, HotSDN '12.

[22]  Benjamin Livshits,et al.  Reflection Analysis for Java , 2005, APLAS.