论文信息 - The Smaller, the Shrewder: A Simple Malicious Application Can Kill an Entire SDN Environment

The Smaller, the Shrewder: A Simple Malicious Application Can Kill an Entire SDN Environment

Security vulnerability assessment is an important process that must be conducted against any system before the deployment, and emerging technologies are no exceptions. Software-Defined Networking (SDN) has aggressively evolved in the past few years and is now almost at the early adoption stage. At this stage, the attack surface of SDN should be thoroughly investigated and assessed in order to mitigate possible security breaches against SDN. Inspired by the necessity, we reveal three attack scenarios that leverage SDN application to attack SDNs, and test the attack scenarios against three of the most popular SDN controllers available today. In addition, we discuss the possible defense mechanisms against such application-originated attacks.

[1] Thorsten Holz,et al. SDN Rootkits: Subverting Network Operating Systems of Software-Defined Networks , 2015, RAID.

[2] Brent Byunghoon Kang,et al. Rosemary: A Robust, Secure, and High-performance Network Operating System , 2014, CCS.

[3] Lei Xu,et al. Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures , 2015, NDSS.

[4] Ondrej Lhoták,et al. The Soot framework for Java program analysis: a retrospective , 2011 .

[5] Vinod Yegneswaran,et al. Securing the Software Defined Network Control Layer , 2015, NDSS.

[6] Brent Byunghoon Kang,et al. Vulnerabilities of network OS and mitigation with state-based permission system , 2016, Secur. Commun. Networks.

[7] Kevin Benton,et al. OpenFlow vulnerability assessment , 2013, HotSDN '13.

[8] Guofei Gu,et al. Attacking software-defined networks: a first feasibility study , 2013, HotSDN '13.

[9] Theophilus Benson,et al. Tolerating SDN Application Failures with LegoSDN , 2014, HotNets.

[10] Mabry Tyson,et al. A security enforcement kernel for OpenFlow networks , 2012, HotSDN '12.

[11] Fernando M. V. Ramos,et al. Software-Defined Networking: A Comprehensive Survey , 2014, Proceedings of the IEEE.

[12] Fernando M. V. Ramos,et al. Towards secure and dependable software-defined networks , 2013, HotSDN '13.