AudiSDN: Automated Detection of Network Policy Inconsistencies in Software-Defined Networks
作者: Seungsoo Lee , Seungwon Woo , Jinwoo Kim , Vinod Yegneswaran , Phillip Porras
DOI: 10.1109/INFOCOM41043.2020.9155378
关键词: Software-defined networking 、 Flow network 、 Computer security 、 Protocol (object-oriented programming) 、 Computer science 、 Test case 、 Network security policy 、 OpenFlow 、 Network security
摘要: At the foundation of every network security architecture lies premise that formulated flow policies are reliably deployed and enforced by infrastructure. However, software-defined networks (SDNs) add a particular challenge to satisfying this premise, as for SDNs pol-icy implementation spans multiple applications abstraction layers across SDN stack. In paper, we focus on question how automatically identify cases in which stack fails prevent policy inconsistencies from arising among these components. This is rather essential, when such arise implications reliability devastating. We present AudiSDN, an automated fuzz-testing framework designed formulate test can OpenFlow networks, most prevalent protocol used today. also results applying AudiSDN two widely controllers, Floodlight ONOS. fact, our have led filing 3 separate CVE reports. believe approach presented paper applicable breadth platforms today, its broader usage will help address serious but yet understudied pragmatic concern.
etri.re.kr参考文章(29)
Douglas Brent West, Introduction to Graph Theory ,(1995)
Ahme Khurshid, Xuan Zou, Wenxuan Zhou, Matthew Caesar, P. Brighten Godfrey, VeriFlow: verifying network-wide invariants in real time networked systems design and implementation. pp. 15- 28 ,(2013)
Xin Jin, Jennifer Gossels, Jennifer Rexford, David Walker, None, CoVisor: a compositional hypervisor for software-defined networks networked systems design and implementation. pp. 87- 101 ,(2015)
Nick McKeown, George Varghese, Peyman Kazemian, Header space analysis: static checking for networks networked systems design and implementation. pp. 9- 9 ,(2012)
Naga Katta, Haoyu Zhang, Michael Freedman, Jennifer Rexford, Ravana: controller fault-tolerance in software-defined networking acm special interest group on data communication. pp. 4- ,(2015) , 10.1145/2774993.2774996
Sungmin Hong, Lei Xu, Haopei Wang, Guofei Gu, None, Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures. network and distributed system security symposium. ,(2015) , 10.14722/NDSS.2015.23283
Seungwon Shin, Guofei Gu, Attacking software-defined networks: a first feasibility study acm special interest group on data communication. pp. 165- 166 ,(2013) , 10.1145/2491185.2491220
Phillip Porras, Steven Cheung, Martin Fong, Keith Skinner, Vinod Yegneswaran, Securing the Software Defined Network Control Layer. network and distributed system security symposium. ,(2015) , 10.14722/NDSS.2015.23222
Diego Kreutz, Fernando M. V. Ramos, Paulo Esteves Verissimo, Christian Esteve Rothenberg, Siamak Azodolmolky, Steve Uhlig, Software-Defined Networking: A Comprehensive Survey Proceedings of the IEEE. ,vol. 103, pp. 14- 76 ,(2015) , 10.1109/JPROC.2014.2371999
Diego Kreutz, Fernando M.V. Ramos, Paulo Verissimo, Towards secure and dependable software-defined networks acm special interest group on data communication. pp. 55- 60 ,(2013) , 10.1145/2491185.2491199