Software defined networking (SDN) has emerged as a topic of exploration for addressing the growing challenges in complex traffic and topology management in environments such as large-scale data centers, private wide-area networks (WANs), and virtual hosting environments. Unfortunately, little is understood regarding the security challenges that SDN-enabled WANs introduce. The need for modeling the spectrum of adversarial challenges early in the design stage of this next generation of networking is critical for avoiding an explosion of new exploitable vulnerabilities that will likely plague SDN WANs and hinder their adoption. This project facilitates a leap in our understanding of the security challenges that arise across SDN-enabled WAN topologies. It focuses on the creation of a multi-site (and reproducible) distributed security testing infrastructure for several SDN-WAN topologies, as well as the development of adversarial models against each topology. The testbed incorporates strong perimeter isolation and environment recovery services. It instantiates a range of SDN WAN topologies, and facilitates the integration and evaluation of security extensions to the SDN infrastructure itself. The project will also produce a pluggable software-testing framework of exploit methods across the attack surface of the various SDN-WAN topologies instantiated within this testbed. The project will result in an early assessment of concrete security threats and potential solutions that can inform and influence SDN standards, enhance commercial solutions, drive deeper threat assessments of these emerging networks, and stimulate the networking and Information Security (INFOSEC) research communities.
EAGER: ACI: A Software-Defined Network (SDN) WAN Security Testbed