Flow Table Security in SDN: Adversarial Reconnaissance and Intelligent Attacks
| Title | Flow Table Security in SDN: Adversarial Reconnaissance and Intelligent Attacks |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Yu, M., He, T., McDaniel, P., Burke, Q. K. |
| Conference Name | IEEE INFOCOM 2020 - IEEE Conference on Computer Communications |
| Date Published | July 2020 |
| Publisher | IEEE |
| ISBN Number | 978-1-7281-6412-0 |
| Keywords | adversarial reconnaissance, attack parameters, cache inference, cache storage, caching flow rules, communication bottleneck, computer network security, computer networks, control systems, data privacy, denial of service attack, distributed processing, easy target, flow table security, Government, intelligent attacks, Interference, IP networks, Network reconnaissance, performance-driven design, power consumption, Probes, pubcrawl, Reconnaissance, resilience, Resiliency, Scalability, SDN architectures, security of data, security vulnerabilities, simplistic attack models, software defined networking, specific cache-like behaviors, Switches, target flow table, telecommunication security, underlying storage medium |
| Abstract | The performance-driven design of SDN architectures leaves many security vulnerabilities, a notable one being the communication bottleneck between the controller and the switches. Functioning as a cache between the controller and the switches, the flow table mitigates this bottleneck by caching flow rules received from the controller at each switch, but is very limited in size due to the high cost and power consumption of the underlying storage medium. It thus presents an easy target for attacks. Observing that many existing defenses are based on simplistic attack models, we develop a model of intelligent attacks that exploit specific cache-like behaviors of the flow table to infer its internal configuration and state, and then design attack parameters accordingly. Our evaluations show that such attacks can accurately expose the internal parameters of the target flow table and cause measurable damage with the minimum effort. |
| URL | https://ieeexplore.ieee.org/document/9155538 |
| DOI | 10.1109/INFOCOM41043.2020.9155538 |
| Citation Key | yu_flow_2020 |
- security of data
- performance-driven design
- power consumption
- Probes
- pubcrawl
- Reconnaissance
- resilience
- Resiliency
- Scalability
- SDN architectures
- Network reconnaissance
- security vulnerabilities
- simplistic attack models
- software defined networking
- specific cache-like behaviors
- Switches
- target flow table
- telecommunication security
- underlying storage medium
- data privacy
- attack parameters
- cache inference
- cache storage
- caching flow rules
- communication bottleneck
- computer network security
- computer networks
- control systems
- adversarial reconnaissance
- denial of service attack
- distributed processing
- easy target
- flow table security
- Government
- intelligent attacks
- Interference
- IP networks