Synaptic: A formal checker for SDN-based security policies

Schnepf, Nicolas; Badonnel, Rémi; Lahmadi, Abdelkader; Merz, Stephan

doi:10.1109/noms.2018.8406122

Cited by 5 publications

(2 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Schnepf et al presented a demo for the authors' provided tool named Synaptic, which is an SDN‐based framework, planned for the formal verification of security policies. Also, the proposed tool is intended for automatically producing the policies using automata learning approaches that are used for NetFlow records of applications gathered from the devices.…”

Section: Formal Verification Methods In the Sdnmentioning

confidence: 99%

A systematic literature review on formal verification of software‐defined networks

Souri

Norouzi

Asghari

et al. 2019

Trans Emerging Tel Tech

View full text Add to dashboard Cite

By raising evolutionary network connections, a software‐defined network (SDN) offers a well‐managed and flexible novel network topology. The SDN efforts are provided to abstract the original network configuration for business applications and web services. Additionally, the SDN modifies the network management policies such as topology policies, deployment policies, the applicability, and infrastructure maintenance. One of the important features of the SDN is standardizing the network interfaces with the precise functional semantics in application and control flow layers. In another hand, specification and evaluation of the existing network interfaces is a main and significant challenge to prove the correctness of the configurable scenarios in the SDN approach. Recently, formal verification presents a high potential platform to evaluate the main‐layer scenarios of the SDN as the novel perspective in this area. Up to now, there is no survey and state‐of‐the‐art review on the formal verification methods in the SDN. This paper provides a systematic literature review (SLR) for the formal verification methods in the SDN in form of the SDN plans to recognize the state of the art of the open challenges. The presented SLR is classified into three main fields: application plan, data plan, and control plan approaches. The verification mechanisms are compared with each other according to the important factors such as structural properties, quality‐of‐service metrics, applied algorithms, and measurement tools.

show abstract

Section: Formal Verification Methods In the Sdnmentioning

confidence: 99%

A systematic literature review on formal verification of software‐defined networks

Souri

Norouzi

Asghari

et al. 2019

Trans Emerging Tel Tech

View full text Add to dashboard Cite

show abstract

“…Nicolas et al [15] recently developed SYNAP-TIC, an automated system designed to verify security chains in SDN. This approach was subsequently employed to develop a security policy validation solution for SDN-based networks [16]. Several researchers have proposed SDN-based security architectures for networks with 5G and 6G connectivities [10].…”

Section: Related Workmentioning

confidence: 99%

Mitigating Timing Side-Channel Attacks in Software-Defined Networks: Detection and Response

Shoaib,

Chow,

Vlahu-Gjorgievska

et al. 2023

Telecom

View full text Add to dashboard Cite

Software-defined networking (SDN) is an innovative technology that has the potential to enhance the scalability, flexibility, and security of telecommunications networks. The emergence and development of SDNs have introduced new opportunities and challenges in the telecommunications industry. One of the major challenges encountered by SDNs is the timing side-channel attacks. These attacks exploit timing information to expose sensitive data, including flow tables, routes, controller types, and ports, which pose a significant threat to communication networks. Existing techniques for mitigating timing side-channel attacks primarily focus on limiting them via network architectural changes. This significantly increases the overhead of SDNs and makes it difficult to identify the origin of the attack. To secure resilient integration of SDN in telecommunications networks, it is necessary to conduct comprehensive research that not only identifies the attack activity, but also formulates an adequate response. In this paper, we propose a detection and response solution for timing side-channel attacks in SDN. We used a machine learning-based approach to detect the probing activity and identify the source. To address the identified timing side-channel attack queries, we propose a response mechanism. This entails devising a feedback-oriented response to counter the identified source, such as blocking or diverting it, while minimising any adverse effects on legitimate network traffic. This methodology is characterised by an automated data-driven approach that enables prompt and effective responses. The architecture of this security solution ensures that it has a minimal impact on network traffic and resource usage as it is designed to be used in conjunction with SDN. The overall design findings show that our detection approach is 94% precise in identifying timing side-channel attacks in SDN when compared with traditional mitigation strategies. Additionally, the response mechanism employed by this approach yielded highly customised and precise responses, resulting in an impressive accuracy score of 97.6%.

show abstract