论文信息 - OpenFlow vulnerability assessment

OpenFlow vulnerability assessment

We provide a brief overview of the vulnerabilities present in the OpenFlow protocol as it is currently deployed by hardware and software vendors. We identify a widespread failure to adopt TLS for the OpenFlow control channel by both controller and switch vendors, leaving OpenFlow vulnerable to man-in-the-middle attacks. We also highlight the classes of vulnerabilities that emerge from the separation and centralization of the control plane in OpenFlow network designs. Finally, we offer suggestions for future work to address these vulnerabilities in a systematic fashion.

[1] Mabry Tyson,et al. A security enforcement kernel for OpenFlow networks , 2012, HotSDN '12.

[2] Nick McKeown,et al. OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[3] Dijiang Huang,et al. NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems , 2013, IEEE Transactions on Dependable and Secure Computing.

[4] Martín Casado,et al. Onix: A Distributed Control Platform for Large-scale Production Networks , 2010, OSDI.

[5] Ehab Al-Shaer,et al. Openflow random host mutation: transparent moving target defense using software defined networking , 2012, HotSDN '12.

[6] Mabry Tyson,et al. FRESCO: Modular Composable Security Services for Software-Defined Networks , 2013, NDSS.

[7] Rob Sherwood,et al. FlowVisor: A Network Virtualization Layer , 2009 .