Know Your Enemy: Stealth Configuration-Information Gathering in SDN

Software Defined Networking (SDN) is a widely-adopted network architecture that provides high flexibility through the separation of the network logic from the forwarding functions. Researchers thoroughly analyzed SDN vulnerabilities and improved its security. However, we believe important security aspects of SDN are still left uninvestigated.

[1]  Vitaly Shmatikov,et al.  dFence: Transparent Network-based Denial of Service Mitigation , 2007, NSDI.

[2]  Amin Vahdat,et al.  Hedera: Dynamic Flow Scheduling for Data Center Networks , 2010, NSDI.

[3]  Tuomas Aura,et al.  Spook in Your Network: Attacking an SDN with a Compromised OpenFlow Switch , 2014, NordSec.

[4]  Fernando M. V. Ramos,et al.  Towards secure and dependable software-defined networks , 2013, HotSDN '13.

[5]  Giovanni Felici,et al.  Hacking smart machines with smarter ones: How to extract meaningful data from machine learning classifiers , 2013, Int. J. Secur. Networks.

[6]  Rob Sherwood,et al.  Can the Production Network Be the Testbed? , 2010, OSDI.

[7]  Yong Wang,et al.  Towards a Security-Enhanced Firewall Application for OpenFlow Networks , 2013, CSS.

[8]  Matthew M. Williamson,et al.  Implementing and Testing a Virus Throttle , 2003, USENIX Security Symposium.

[9]  Sujata Banerjee,et al.  DevoFlow: scaling flow management for high-performance networks , 2011, SIGCOMM.

[10]  Guofei Gu,et al.  CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?) , 2012, 2012 20th IEEE International Conference on Network Protocols (ICNP).

[11]  Mauro Conti,et al.  LineSwitch: Efficiently Managing Switch Flow in Software-Defined Networking while Effectively Tackling DoS Attacks , 2015, AsiaCCS.

[12]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[13]  Paul Smith,et al.  OpenFlow: A security analysis , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[14]  Carol J. Fung,et al.  FlowMon: Detecting Malicious Switches in Software-Defined Networks , 2015, SafeConfig@CCS.

[15]  A. Murat Tekalp,et al.  Scalable video streaming over OpenFlow networks: An optimization framework for QoS routing , 2011, 2011 18th IEEE International Conference on Image Processing.

[16]  Andrei V. Gurtov,et al.  Security in Software Defined Networks: A Survey , 2015, IEEE Communications Surveys & Tutorials.

[17]  Ghassan O. Karame,et al.  On the Fingerprinting of Software-Defined Networks , 2016, IEEE Transactions on Information Forensics and Security.

[18]  Ehab Al-Shaer,et al.  Efficient Random Route Mutation considering flow and network constraints , 2013, 2013 IEEE Conference on Communications and Network Security (CNS).

[19]  Mauro Conti,et al.  LineSwitch: Tackling Control Plane Saturation Attacks in Software-Defined Networking , 2017, IEEE/ACM Transactions on Networking.

[20]  Dijiang Huang,et al.  NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems , 2013, IEEE Transactions on Dependable and Secure Computing.

[21]  Kim-Kwang Raymond Choo,et al.  Security, Privacy, and Anonymity in Computation, Communication, and Storage , 2017, Lecture Notes in Computer Science.

[22]  A. Murat Tekalp,et al.  OpenQoS: An OpenFlow controller design for multimedia delivery with end-to-end Quality of Service over Software-Defined Networks , 2012, Proceedings of The 2012 Asia Pacific Signal and Information Processing Association Annual Summit and Conference.

[23]  Rodrigo Braga,et al.  Lightweight DDoS flooding attack detection using NOX/OpenFlow , 2010, IEEE Local Computer Network Conference.

[24]  Ehab Al-Shaer,et al.  Modeling and Management of Firewall Policies , 2004, IEEE Transactions on Network and Service Management.

[25]  Vijay Mann,et al.  SPHINX: Detecting Security Attacks in Software-Defined Networks , 2015, NDSS.

[26]  Jennifer Rexford,et al.  Scalable Network Virtualization in Software-Defined Networks , 2013, IEEE Internet Computing.

[27]  Sunhee Yang,et al.  Building firewall over the software-defined network controller , 2014, 16th International Conference on Advanced Communication Technology.

[28]  Joe Grand,et al.  A hardware-based memory acquisition procedure for digital investigations , 2004, Digit. Investig..

[29]  Sakir Sezer,et al.  A Survey of Security in Software Defined Networks , 2016, IEEE Communications Surveys & Tutorials.

[30]  Guofei Gu,et al.  Attacking software-defined networks: a first feasibility study , 2013, HotSDN '13.

[31]  Kevin Benton,et al.  OpenFlow vulnerability assessment , 2013, HotSDN '13.

[32]  Basil S. Maglaris,et al.  Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments , 2014, Comput. Networks.

[33]  Mabry Tyson,et al.  FRESCO: Modular Composable Security Services for Software-Defined Networks , 2013, NDSS.

[34]  Vinod Yegneswaran,et al.  AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks , 2013, CCS.

[35]  Syed Ali Khayam,et al.  Revisiting Traffic Anomaly Detection Using Software Defined Networking , 2011, RAID.

[36]  Stuart E. Schechter,et al.  Fast Detection of Scanning Worm Infections , 2004, RAID.

[37]  Syed Ali Khayam,et al.  A Comparative Evaluation of Anomaly Detectors under Portscan Attacks , 2008, RAID.

[38]  Adam J. Aviv,et al.  Timing-based reconnaissance and defense in software-defined networks , 2016, ACSAC.

[39]  Gail-Joon Ahn,et al.  FLOWGUARD: building robust firewalls for software-defined networks , 2014, HotSDN.

[40]  Min Zhu,et al.  B4: experience with a globally-deployed software defined wan , 2013, SIGCOMM.