Rosemary

Shin, Seungwon; Song, Yongchul; Lee, Taekyung; Lee, Sang-Ho; Chung, Jae‐Young; Porras, Phillip; Yegneswaran, Vinod; Noh, Jiseong; Kang, Brent Byunghoon

doi:10.1145/2660267.2660353

Cited by 170 publications

(54 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several controller frameworks exist, such as Floodlight [20], Ryu [71], Open Network Operating System (ONOS) [61], and OpenDaylight (ODL) [64]. Special-purpose controllers for secure environments include SE-Floodlight [68], Rosemary [75], and Security-Mode ONOS [89]. The controller maintains data stores that collectively serve as a "network information base" for abstractions of the network's topology, flow entries, and end hosts, among others.…”

Section: Sdn Architecturementioning

confidence: 99%

“…3.3.1 Lack of well-defined application isolation and enforcement as applied to shared control plane state. Some controllers, such as Rosemary [75], sandbox each app's resources (e.g., memory and CPU usage) and use RBAC to allow apps or prevent them from accessing parts of the SDN control plane state, in a manner analogous to resource sharing and file permissions in operating systems, respectively. However, RBAC is limiting in practice because it does not enforce certain usage of data after authorization [72].…”

Section: Sdn Control Plane Information Flow Challengesmentioning

confidence: 99%

“…Security-Mode ONOS [89] extends the ONOS controller to include API method-level RBAC enforcement. Rosemary [75] isolates applications by running each application as an individual process. SE-Floodlight [68] hardens the control plane by enforcing hierarchical RBAC policies and logging events through an auditing subsystem.…”

Section: Related Workmentioning

confidence: 99%

“…To date, defenses that limit the SDN attack surface have included app sandboxing [75], TLS-enabled APIs [61,64,68], API abuse prevention [65,78], and role-based access control (RBAC) for apps [68,89], among others. Although these mechanisms improve control plane security, we posit that they are not sufficient for mitigating information flow attacks within the control plane.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Cross-App Poisoning in Software-Defined Networking

Ujcich

Jero

Edmundson

et al. 2018

Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

Software-defined networking (SDN) continues to grow in popularity because of its programmable and extensible control plane realized through network applications (apps). However, apps introduce significant security challenges that can systemically disrupt network operations, since apps must access or modify data in a shared control plane state. If our understanding of how such data propagate within the control plane is inadequate, apps can co-opt other apps, causing them to poison the control plane's integrity. We present a class of SDN control plane integrity attacks that we call cross-app poisoning (CAP), in which an unprivileged app manipulates the shared control plane state to trick a privileged app into taking actions on its behalf. We demonstrate how role-based access control (RBAC) schemes are insufficient for preventing such attacks because they neither track information flow nor enforce information flow control (IFC). We also present a defense, ProvSDN, that uses data provenance to track information flow and serves as an online reference monitor to prevent CAP attacks. We implement ProvSDN on the ONOS SDN controller and demonstrate that information flow can be tracked with low-latency overheads. CCS CONCEPTS • Security and privacy → Access control; Information flow control; Information accountability and usage control; • Networks → Programmable networks; KEYWORDS software-defined networking; data provenance; information flow control; network operating system * DISTRIBUTION STATEMENT A. Approved for public release: distribution unlimited.

show abstract

Section: Sdn Architecturementioning

confidence: 99%

Section: Sdn Control Plane Information Flow Challengesmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Cross-App Poisoning in Software-Defined Networking

Ujcich

Jero

Edmundson

et al. 2018

Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

show abstract

“…Additionally, a software extension to NOX was proposed in FortNoX [9], which offers rolebased authorization and security constraint enforcement for the NOX controller. Both SE-Floodlight [10] and Rosemary [11] proposed a security enforcement kernel to improve the robustness of SDN controller. In addition, some recent works [12]- [14] have noted that the SDN controller is vulnerable to DoS attacks.…”

Section: Related Workmentioning

confidence: 99%

MinDoS: A Priority-Based SDN Safe-Guard Architecture for DoS Attacks

Tao

Chen

2018

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

Software-defined networking (SDN) has rapidly emerged as a promising new technology for future networks and gained considerable attention from both academia and industry. However, due to the separation between the control plane and the data plane, the SDN controller can easily become the target of denial-of service (DoS) attacks. To mitigate DoS attacks in OpenFlow networks, our solution, MinDoS, contains two key techniques/modules: the simplified DoS detection module and the priority manager. The proposed architecture sends requests into multiple buffer queues with different priorities and then schedules the processing of these flow requests to ensure better controller protection. The results show that MinDoS is effective and adds only minor overhead to the entire SDN/OpenFlow infrastructure.

show abstract