NetCo: Reliable Routing With Unreliable Routers

Feldmann, Anja; Heyder, Philipp; Kreutzer, Michael; Schmid, Stefan; Seifert, Jean-Pierre; Shulman, Haya; Thimmaraju, Kashyap; Waidner, Michael; Sieberg, Jens

doi:10.1109/dsn-w.2016.38

Cited by 13 publications

(12 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Operation Aurora [5]), manipulation and modification (insertion of HTML code on webpages) and cover tunneling. A compromised routing system may be also used to bypass firewalls and intrusion prevention systems [39], violating isolation requirements in multi-tenant data centers [53], infiltrate VPNs [63] and more.…”

Section: Why It Matters?mentioning

confidence: 99%

Software-Defined Network (SDN) Data Plane Security: Issues, Solutions, and Future Directions

Shaghaghi

Kâafar

Buyya

et al. 2020

Handbook of Computer Networks and Cyber Security

View full text Add to dashboard Cite

Software-Defined Network (SDN) radically changes the network architecture by decoupling the network logic from the underlying forwarding devices. This architectural change rejuvenates the network-layer granting centralized management and re-programmability of the networks. From a security perspective, SDN separates security concerns into control and data plane, and this architectural recomposition brings up exciting opportunities and challenges. The overall perception is that SDN capabilities will ultimately result in improved security. However, in its raw form, SDN could potentially make networks more vulnerable to attacks and harder to protect. In this paper, we focus on identifying challenges faced in securing the data plane of SDN -one of the least explored but most critical components of this technology. We formalize this problem space, identify potential attack scenarios while highlighting possible vulnerabilities and establish a set of requirements and challenges to protect the data plane of SDNs. Moreover, we undertake a survey of existing solutions with respect to the identified threats, identifying their limitations and offer future research directions.

show abstract

Section: Why It Matters?mentioning

confidence: 99%

Software-Defined Network (SDN) Data Plane Security: Issues, Solutions, and Future Directions

Shaghaghi

Kâafar

Buyya

et al. 2020

Handbook of Computer Networks and Cyber Security

View full text Add to dashboard Cite

show abstract

“…The related work presented in the previous section did not take into account environments in which there are heterogeneous switches. Many organizations often build their network by combining switches with various specifications because of budget constraints and differences on the time of purchase [12]. Moreover, the processing time is also different in these switches, causing large delays when there is a heavy traffic on low-processing time switches.…”

Section: Target Problemmentioning

confidence: 99%

A Proposal of Control Method Considering the Path Switching Time of SDN and Its Evaluation

Gotani¹,

Takahira²,

Hata³

et al. 2019

Adv. sci. technol. eng. syst. j.

View full text Add to dashboard Cite

Recently, communication demands often change because of the various network services in companies and individuals. Software Defined Networking (SDN) has emerged as a viable control paradigm that allows flexible communication, using OpenFlow as its default standard and enabler. However, when changes happen frequently in SDN networks due to unforeseen reasons -such as a network failure or topology changes-it takes a long time to perform all the operations. For instance, to change a routing path, first new paths must be calculated, then the controller must transmit the commands to the network elements, which has to process those commands. This process can cause a delay, or even disruption, in the communication service. Therefore, this paper proposes a network control method to reduce the time to change a path using OpenFlow.

show abstract

“…Motivated by a strong adversary, Gonzales et al [22], and Karmakar et al [40] accounted for virtual switches, and the data plane. Similarly Yu et al [97], Thimmaraju et al [90] and Feldmann et al [24] assumed a strong adversarial model, with an emphasis on hardware switches, and the defender having sufficiently large resources.…”

Section: Attacker Models For Virtual Switchesmentioning

confidence: 99%

“…Thus, implementing a firewall and/or IDS that intercepts and cleans all control communication appears feasible. Depending on the threat model, one may even opt to chain multiple IDS/firewalls or use physical appliances for such firewalling [24].…”

Section: Design Countermeasuresmentioning

confidence: 99%

Taking Control of SDN-based Cloud Systems via the Data Plane

Thimmaraju

Shastry

Fiebig

et al. 2018

Proceedings of the Symposium on SDN Research

Self Cite

View full text Add to dashboard Cite

Virtual switches are a crucial component of SDN-based cloud systems, enabling the interconnection of virtual machines in a flexible and "software-defined" manner. This paper raises the alarm on the security implications of virtual switches. In particular, we show that virtual switches not only increase the attack surface of the cloud, but virtual switch vulnerabilities can also lead to attacks of much higher impact compared to traditional switches. We present a systematic security analysis and identify four design decisions which introduce vulnerabilities. Our findings motivate us to revisit existing threat models for SDNbased cloud setups, and introduce a new attacker model for SDN-based cloud systems using virtual switches.

show abstract

NetCo: Reliable Routing With Unreliable Routers

Cited by 13 publications

References 10 publications

Software-Defined Network (SDN) Data Plane Security: Issues, Solutions, and Future Directions

Software-Defined Network (SDN) Data Plane Security: Issues, Solutions, and Future Directions

A Proposal of Control Method Considering the Path Switching Time of SDN and Its Evaluation

Taking Control of SDN-based Cloud Systems via the Data Plane

Contact Info

Product

Resources

About