Automated Discovery of Cross-Plane Event-Based Vulnerabilities in Software-Defined Networking

Ujcich, Benjamin E.; Jero, Samuel; Skowyra, Richard; Gomez, Steven R.; Bates, Adam; Sanders, William H.; Okhravi, Hamed

doi:10.14722/ndss.2020.24080

Cited by 9 publications

(6 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…4) Program Analysis: This method examines program behavior to find flaws that abuse security-sensitive APIs or violate network policies (invariant). Prior studies have utilized diverse program analysis techniques, such as static analysis looking into control flows [69], [70] or dynamic instrumentation investigating execution traces [48], [71].…”

Section: Defense Typementioning

confidence: 99%

“…Under the shadow of the For example, an attacker can abuse a host-to-application event chain, denoting a case when events generated from hosts affect an application's behavior. EventScope [70] presents a cross-plane attack that focuses on "unparsed" events by applications. They show that an attacker can trigger a malformed HOST ADDED event containing an invalid IP address (e.g., 10.0.0.256).…”

Section: Sdn Attack Classificationmentioning

confidence: 99%

“…Dynamic Instrumentation [45], [71], [84]- [86], [94] Provenance Graph Analysis [12], [48], [95], [96] §V-A3 Control/Data Flow Analysis [12], [48], [69], [70]…”

Section: A Application Layer 1) Application Authentication and Author...mentioning

confidence: 99%

“…By conducting clustering analysis, it is shown that malicious API chains can be detected with high accuracy. EventScope [70] extends the CFG into an event flow graph to catch how events are propagated over code blocks within an application. Its purpose is to detect "unhandled" data-plane events by the application, which makes a hole that an attacker can bypass security logic.…”

Section: §V-a4mentioning

confidence: 99%

See 3 more Smart Citations

Systematizing Attacks and Defenses in Software-Defined Networking: A Survey

Kim¹,

Seo²,

Lee³

et al. 2023

Preprint

View full text Add to dashboard Cite

<p>Software-Defined Networking (SDN) has manifested both its bright and dark sides so far. On the one hand, it has been advocated by research communities and industry for its open nature and programmability. Every stakeholder, such as researcher, practitioner, and developer, can design an innovative networking service with a rich set of APIs and a global network view by escaping from the vendor-dependent control plane. On the other hand, its new architecture has introduced many security challenges that did not exist in the legacy environment. However, while new attacks and vulnerabilities within SDN have been steadily discovered, fewer efforts have been made to systematize the vulnerabilities from security aspects. In this paper, we aim to scrutinize prior literature that disclosed attack cases in SDN from an architectural perspective through identifying their root causes, penetration routes, and outcomes. Then, we conduct an in-depth yet comprehensive discussion of their underlying problems and introduce countermeasures proposed by researchers to mitigate those attacks. We believe that this study can contribute to revisiting various security problems around the current SDN architecture and envisioning a guideline for security research for SDN in the future.</p>

show abstract

Section: Defense Typementioning

confidence: 99%

Section: Sdn Attack Classificationmentioning

confidence: 99%

“…Dynamic Instrumentation [45], [71], [84]- [86], [94] Provenance Graph Analysis [12], [48], [95], [96] §V-A3 Control/Data Flow Analysis [12], [48], [69], [70]…”

Section: A Application Layer 1) Application Authentication and Author...mentioning

confidence: 99%

Section: §V-a4mentioning

confidence: 99%

See 2 more Smart Citations

Systematizing Attacks and Defenses in Software-Defined Networking: A Survey

Kim¹,

Seo²,

Lee³

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…In this case, the host tracking application indirectly obtains permission to modify the flow rules through the routing application [50]. Besides, on the data plane, the hosts can utilize inappropriate responsibility assigning of the applications to bypass access control [51].…”

Section: Elevation Of Privilegementioning

confidence: 99%

A Systematic Treat Model for Software-Defined Networking

2021

KSII TIIS

View full text Add to dashboard Cite

Software-Defined Networking (SDN) has three key features: separation of control and forwarding, centralized control, and network programmability. While improving network management flexibility, SDN has many security issues. This paper systemizes the security threats of SDN using spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege (STRIDE) model to understand the current security status of SDN. First, we introduce the network architecture and data flow of SDN. Second, we analyze security threats of the six types given in the STRIDE model, aiming to reveal the vulnerability mechanisms and assess the attack surface. Then, we briefly describe the corresponding defense technologies. Finally, we summarize the work of this paper and discuss the trends of SDN security research.

show abstract