Studying on a penetration testing framework for software-defined networks = 안전한 소프트웨어 정의 네트워크 환경을 구축하기 위한 보안 침투 도구 연구

Developing a systematic understanding of the attack surface of emergent networks, such as software defined networks (SDNs), is necessary and arguably the starting point toward making it more secure. Prior studies have largely relied on ad-hoc empirical methods to evaluate the security of various SDN elements from different perspectives. However, they have stopped short of converging on a systematic methodology or developing automated systems to rigorously test for security flaws in SDNs. Thus conducting security assessment of new SDN software remains a non-replicable and unregimented process. This paper makes the case for automating and standardizing the vulnerability identification process in SDNs. As a first step, we develop a penetration testing tool, POSEIDON, that reinstantiates published SDN attacks in diverse test environments. Furthermore, we enhance our tool with a fuzzing module to potentially detect other unknown vulnerabilities. In our evaluation, POSEIDON successfully reproduced 20 known attack scenarios, across diverse SDN controller environments, and also discovered 7 novel SDN application mislead attacks.
Advisors
Shin, Seung Wonresearcher신승원researcher
Publisher
한국과학기술원
Issue Date
2016
Identifier
325007
Language
eng
Description

학위논문(석사) - 한국과학기술원 : 정보보호대학원, 2016.2 ,[v, 42 p. :]

Keywords

Software-defined networks; security; networking; penetration tool; fuzzing; 소프트웨어 정의 네트워크; 보안; 네트워킹; 침투도구; 퍼징

URI
http://hdl.handle.net/10203/221950
Link
http://library.kaist.ac.kr/search/detail/view.do?bibCtrlNo=649706&flag=t
Appears in Collection
IS-Theses_Master(석사논문)
Files in This Item
There are no files associated with this item.
  • Hit : 201
  • Download : 0
  • Cited 0 times in thomson ci

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0