Flow Wars: Systemizing the Attack Surface and Defenses in Software-defined Networks

Cited 76 time in webofscience Cited 0 time in scopus
  • Hit : 686
  • Download : 0
DC FieldValueLanguage
dc.contributor.authorYoon, Changhoonko
dc.contributor.authorLee, Seungsooko
dc.contributor.authorKang, Heedoko
dc.contributor.authorPark, Taejuneko
dc.contributor.authorShin, Seungwonko
dc.contributor.authorYegneswaran, Vinodko
dc.contributor.authorPhillip, Porrasko
dc.contributor.authorGu, Guofeiko
dc.date.accessioned2018-01-30T04:19:45Z-
dc.date.available2018-01-30T04:19:45Z-
dc.date.created2017-11-27-
dc.date.created2017-11-27-
dc.date.issued2017-12-
dc.identifier.citationIEEE/ACM Transaction on Networking, v.25, no.6, pp.3514 - 3530-
dc.identifier.issn1063-6692-
dc.identifier.urihttp://hdl.handle.net/10203/238816-
dc.description.abstractEmerging software defined network (SDN) stacks have introduced an entirely new attack surface that is exploitable from a wide range of launch points. Through an analysis of the various attack strategies reported in prior work, and through our own efforts to enumerate new and variant attack strategies, we have gained two insights. First, we observe that different SDN controller implementations, developed independently by different groups, seem to manifest common sets of pitfalls and design weakness that enable the extensive set of attacks compiled in this paper. Second, through a principled exploration of the underlying design and implementation weaknesses that enables these attacks, we introduce a taxonomy to offer insight into the common pitfalls that enable SDN stacks to be broken or destabilized when fielded within hostile computing environments. This paper first captures our understanding of the SDN attack surface through a comprehensive survey of existing SDN attack studies, which we extend by enumerating 12 new vectors for SDN abuse. We then organize these vulnerabilities within the well-known confidentiality, integrity, and availability model, assess the severity of these attacks by replicating them in a physical SDN testbed, and evaluate them against three popular SDN controllers. We also evaluate the impact of these attacks against published SDN defense solutions. Finally, we abstract our findings to offer the research and development communities with a deeper understanding of the common design and implementation pitfalls that are enabling the abuse of SDN networks.-
dc.languageEnglish-
dc.publisherIEEE-
dc.titleFlow Wars: Systemizing the Attack Surface and Defenses in Software-defined Networks-
dc.typeArticle-
dc.identifier.wosid000418581900020-
dc.identifier.scopusid2-s2.0-85030678416-
dc.type.rimsART-
dc.citation.volume25-
dc.citation.issue6-
dc.citation.beginningpage3514-
dc.citation.endingpage3530-
dc.citation.publicationnameIEEE/ACM Transaction on Networking-
dc.identifier.doi10.1109/TNET.2017.2748159-
dc.contributor.localauthorShin, Seungwon-
dc.contributor.nonIdAuthorYegneswaran, Vinod-
dc.contributor.nonIdAuthorPhillip, Porras-
dc.contributor.nonIdAuthorGu, Guofei-
dc.description.isOpenAccessN-
dc.type.journalArticleArticle-
dc.subject.keywordAuthorSoftware defined network security-
dc.subject.keywordAuthorSDN security-
dc.subject.keywordAuthornetwork security-
Appears in Collection
EE-Journal Papers(저널논문)
Files in This Item
There are no files associated with this item.
This item is cited by other documents in WoS
⊙ Detail Information in WoSⓡ Click to see webofscience_button
⊙ Cited 76 items in WoS Click to see citing articles in records_button

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0