Vulnerabilities of network OS and mitigation with state-based permission system

Cited 4 time in webofscience Cited 0 time in scopus
  • Hit : 664
  • Download : 0
The advancement of software defined networking (SDN) is redefining traditional computer networking architecture. The role of the control plane of SDN is of such importance that SDNs are referred to as network operating systems (OSs). However, the robustness and security of the network OS has been overlooked. In this paper, we report three main issues pertaining to network OSs. First, we identified vulnerabilities that could be exploited by malicious or buggy applications running on network OSs. We also identified four major attack vectors that could undermine network OS operations: denial of service, global data manipulation, control plane poisoning, and system shell execution. Further, it was demonstrated that real-world attacks can be launched on commonly used network OSs without significant effort. Second, we present a method to address the attacks by analyzing network applications running on network OSs to identify their behavioral features, which enabled the extraction of a permission set for each network application. Based on this work, a permission-based malicious network application detector was introduced, which examines the permission set of each application and prevents it from executing without permission. Our system shows almost no performance overhead. Copyright (c) 2015 John Wiley Sons, Ltd.
Publisher
WILEY-BLACKWELL
Issue Date
2016-09
Language
English
Article Type
Article
Citation

SECURITY AND COMMUNICATION NETWORKS, v.9, no.13, pp.1971 - 1982

ISSN
1939-0114
DOI
10.1002/sec.1369
URI
http://hdl.handle.net/10203/213023
Appears in Collection
EE-Journal Papers(저널논문)CS-Journal Papers(저널논문)
Files in This Item
There are no files associated with this item.
This item is cited by other documents in WoS
⊙ Detail Information in WoSⓡ Click to see webofscience_button
⊙ Cited 4 items in WoS Click to see citing articles in records_button

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0