Visible to the public Adversarial Network Forensics in Software Defined Networking: Demo

TitleAdversarial Network Forensics in Software Defined Networking: Demo
Publication TypeConference Paper
Year of Publication2017
AuthorsAchleitner, Stefan, La Porta, Thomas, Jaeger, Trent, McDaniel, Patrick
Conference NameProceedings of the Symposium on SDN Research
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4947-5
Keywordspubcrawl, Resiliency, Scalability, SDN security
AbstractThe essential part of an SDN-based network are flow rules that enable network elements to steer and control the traffic and deploy policy enforcement points with a fine granularity at any entry-point in a network. Such applications, implemented with the usage of OpenFlow rules, are already integral components of widely used SDN controllers such as Floodlight or OpenDayLight. The implementation details of network policies are reflected in the composition of flow rules and leakage of such information provides adversaries with a significant attack advantage such as bypassing Access Control Lists (ACL), reconstructing the resource distribution of Load Balancers or revealing of Moving Target Defense techniques. In this demo [4, 5] we present our open-source scanner SDNMap and demonstrate the findings discussed in the paper "Adversarial Network Forensics in Software Defined Networking" [6]. On two real world examples, Floodlight's Access Control Lists (ACL) and Floodlight's Load Balancer (LBaaS), we show that severe security issues arise with the ability to reconstruct the details of OpenFlow rules on the data-plane.
URLhttp://doi.acm.org/10.1145/3050220.3060599
DOI10.1145/3050220.3060599
Citation Keyachleitner_adversarial_2017