Protecting Virtual Programmable Switches from Cross-App Poisoning (CAP) Attacks

Lamb, Ivan Peter; Saquetti, Mateus; Oliveira, Guilherme Bueno de; Azambuja, Jose Rodrigo; Cordeiro, Weverton

doi:10.1109/noms54207.2022.9789775

Cited by 1 publication

(2 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Various studies have proposed solutions to address this issue, such as access control policies, 31 role-based access control, 32 and the use of a secure communication channel between the controller and applications. 33,34 However, despite these efforts, the challenge of ensuring secure access to SDN controller resources remains a significant concern in SDN network security.…”

Section: Related Workmentioning

confidence: 99%

“…A prevalent threat in this context is that SDN controller resources may be accessed by applications to either update or retrieve information from controller‐stored data: untrustworthy applications might utilize this to conduct malicious activities in the SDN network. Various studies have proposed solutions to address this issue, such as access control policies, 31 role‐based access control, 32 and the use of a secure communication channel between the controller and applications 33,34 . However, despite these efforts, the challenge of ensuring secure access to SDN controller resources remains a significant concern in SDN network security.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

DMoiSDN: A defensive mechanism of object integrity for SDN

Alsalamh,

Al‐Mutairi,

Humayed

et al. 2023

Concurrency and Computation

View full text Add to dashboard Cite

SummarySoftware‐defined network (SDN) technology is widely used for computer networks, especially in enterprise data centers and virtualized networking. However, SDN networks encounter severe challenges to security. One such challenge comes from third‐party applications that contain malicious logic and security vulnerabilities, resulting in controller integrity attacks. In this paper, we propose a defensive mechanism of object integrity for SDN (DMoiSDN) to mitigate the issue known as Cross‐App Poisoning (CAP). Our results contribute to increasing the integrity level of the controller's resources by conducting a potential risk analysis, which showed a decrease of 57% in the risk factor for potential attacks. We further examined the results of comparing DMoiSDN's performance with related work that uses information flow control (IFC) policies. The best results among the three conducted scenarios were as follows: we found that decreased latency in our system ranged from 12% to 90%, with an average of 59%, when encountering an increase in requests. It ranged from 78% to 49%, with an average of 63%, when receiving a variable number of total permissions for each application. DMoiSDN is expected to show a perceptible but reasonable latency and, to some extent, be able to avoid a critical impact on performance.

show abstract