Abstract

Software Defined Networking (SDN) introduces a logically centralized control plane to run diverse management applications. In practice, a logically centralized control plane is realized using multiple controllers for scalability, reliability, and availability reasons. In fact, for various current and future networks of interest, it is practically infeasible to attempt a physically centralized SDN system. As SDN gains popularity, it is important to secure the SDN infrastructure to be resilient to potential attacks. In SDN, controllers can become high-value and attractive targets for an adversary for the following reasons. First, controllers are sinks of information collected from different switches. This includes network topology and flow-counter values. Such information can be privacy sensitive. For example, an organization may wish to protect its internal network topology or hide what type of traffic is being routed through its network. In addition, privacy policies may prohibit information from flowing between one part of the organizational network to another. Second, controllers run full-fledged software stacks including an operating system and management applications. Therefore, they may expose a much larger attack surface than switches. Moreover, threats may arise from multiple sources. In addition to software vulnerabilities that may exist in the controller software stack, malicious insiders who have privileged access to the controllers may leak sensitive information or sabotage network operations. For example, the network operator wants to make sure that traffic flow counters in the controllers stay untouched by an adversary. Manipulation of these counters could allow DDoS

Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.