Vulnerabilities of network OS and mitigation with state-based permission system
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Noh, Jiseong | ko |
| dc.contributor.author | Lee, Seunghyeon | ko |
| dc.contributor.author | Park, Jaehyun | ko |
| dc.contributor.author | Shin, Seungwon | ko |
| dc.contributor.author | Kang, Brent Byunghoon | ko |
| dc.date.accessioned | 2016-10-04T07:00:49Z | - |
| dc.date.available | 2016-10-04T07:00:49Z | - |
| dc.date.created | 2015-12-24 | - |
| dc.date.created | 2015-12-24 | - |
| dc.date.issued | 2016-09 | - |
| dc.identifier.citation | SECURITY AND COMMUNICATION NETWORKS, v.9, no.13, pp.1971 - 1982 | - |
| dc.identifier.issn | 1939-0114 | - |
| dc.identifier.uri | http://hdl.handle.net/10203/213023 | - |
| dc.description.abstract | The advancement of software defined networking (SDN) is redefining traditional computer networking architecture. The role of the control plane of SDN is of such importance that SDNs are referred to as network operating systems (OSs). However, the robustness and security of the network OS has been overlooked. In this paper, we report three main issues pertaining to network OSs. First, we identified vulnerabilities that could be exploited by malicious or buggy applications running on network OSs. We also identified four major attack vectors that could undermine network OS operations: denial of service, global data manipulation, control plane poisoning, and system shell execution. Further, it was demonstrated that real-world attacks can be launched on commonly used network OSs without significant effort. Second, we present a method to address the attacks by analyzing network applications running on network OSs to identify their behavioral features, which enabled the extraction of a permission set for each network application. Based on this work, a permission-based malicious network application detector was introduced, which examines the permission set of each application and prevents it from executing without permission. Our system shows almost no performance overhead. Copyright (c) 2015 John Wiley Sons, Ltd. | - |
| dc.language | English | - |
| dc.publisher | WILEY-BLACKWELL | - |
| dc.title | Vulnerabilities of network OS and mitigation with state-based permission system | - |
| dc.type | Article | - |
| dc.identifier.wosid | 000380728100008 | - |
| dc.identifier.scopusid | 2-s2.0-84949515126 | - |
| dc.type.rims | ART | - |
| dc.citation.volume | 9 | - |
| dc.citation.issue | 13 | - |
| dc.citation.beginningpage | 1971 | - |
| dc.citation.endingpage | 1982 | - |
| dc.citation.publicationname | SECURITY AND COMMUNICATION NETWORKS | - |
| dc.identifier.doi | 10.1002/sec.1369 | - |
| dc.contributor.localauthor | Shin, Seungwon | - |
| dc.contributor.localauthor | Kang, Brent Byunghoon | - |
| dc.type.journalArticle | Article | - |
| dc.subject.keywordAuthor | network security | - |
| dc.subject.keywordAuthor | software defined networking | - |
| dc.subject.keywordAuthor | network operating system | - |
- Appears in Collection
- EE-Journal Papers(저널논문)CS-Journal Papers(저널논문)
- Files in This Item
- There are no files associated with this item.
This item is cited by other documents in WoS
| ⊙ Detail Information in WoSⓡ | Click to see |  |
| ⊙ Cited 9 items in WoS | Click to see citing articles in |  |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.