Towards rule enforcement verification for software defined networks

Software defined networks (SDNs) reshape the ossified network architectures, by introducing centralized and programmable network control. Despite the huge benefits, SDNs also open doors to what we call rule modification attack, an attack largely overlooked by the community. In such an attack, the adversary can modify rules by exploiting implementation vulnerabilities of switch OSes and control channels. As a result, packets may deviate from their original paths, thereby violating network policies. To defend against rule modification attack, this paper introduces a new security primitive named rule enforcement verification (REV). REV allows a controller to check whether switches have enforced the rules installed by it, using message authentication code (MAC). Since using standard MACs will incur heavy switch-to-controller traffic, this paper proposes a new compressive MAC, which allows switches to compress MACs before reporting to the controller. Experiments show that REV based on compressive MAC can achieve a 97% reduction in switch-to-controller traffic, and a Sx increase in verification throughput.

[1]  Dan Boneh,et al.  Homomorphic MACs: MAC-Based Integrity for Network Coding , 2009, ACNS.

[2]  George Varghese,et al.  Automatic Test Packet Generation , 2012, IEEE/ACM Transactions on Networking.

[3]  George Varghese,et al.  Header Space Analysis: Static Checking for Networks , 2012, NSDI.

[4]  Xuemin Shen,et al.  Padding for orthogonality: Efficient subspace authentication for network coding , 2011, 2011 Proceedings IEEE INFOCOM.

[5]  Tuomas Aura,et al.  Spook in Your Network: Attacking an SDN with a Compromised OpenFlow Switch , 2014, NordSec.

[6]  Dejan Kostic,et al.  Monocle: dynamic, fine-grained data plane monitoring , 2015, CoNEXT.

[7]  Hao Li,et al.  Mind the Gap: Monitoring the Control-Data Plane Consistency in Software Defined Networks , 2016, CoNEXT.

[8]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[9]  Larry Carter,et al.  Universal Classes of Hash Functions , 1979, J. Comput. Syst. Sci..

[10]  Chin-Laung Lei,et al.  How to detect a compromised SDN switch , 2015, Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft).

[11]  Samuel T. King,et al.  Debugging the data plane with anteater , 2011, SIGCOMM 2011.

[12]  Michael Walfish,et al.  Verifying and enforcing network paths with icing , 2011, CoNEXT '11.

[13]  Brighten Godfrey,et al.  VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[14]  Jonathan Katz,et al.  Aggregate Message Authentication Codes , 1995 .

[15]  Kevin Benton,et al.  OpenFlow vulnerability assessment , 2013, HotSDN '13.

[16]  Yih-Chun Hu,et al.  Lightweight source authentication and path validation , 2015, SIGCOMM 2015.

[17]  Zhang Peng,et al.  Stick to the script: Monitoring the policy compliance of SDN data plane , 2016 .