Abstract

The performance-driven design of SDN architectures leaves many security vulnerabilities, a notable one being the communication bottleneck between the controller and the switches. Functioning as a cache between the controller and the switches, the flow table mitigates this bottleneck by caching flow rules received from the controller at each switch, but is very limited in size due to the high cost and power consumption of the underlying storage medium. It thus presents an easy target for attacks. Observing that many existing defenses are based on simplistic attack models, we develop a model of intelligent attacks that exploit specific cache-like behaviors of the flow table to infer its internal configuration and state, and then design attack parameters accordingly. Our evaluations show that such attacks can accurately expose the internal parameters of the target flow table and cause measurable damage with the minimum effort.

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Flow Table Security in SDN: Adversarial Reconnaissance and Intelligent Attacks
Mingli Yu ... Patrick Mcdaniel
-
Mingli Yu, et. al.Mingli Yu ... Patrick Mcdaniel
01 Jul 2020
Rule Caching in SDN-Enabled Base Stations Supporting Massive IoT Devices With Bursty Traffic
Seyed Hamed Rastegar ... Aliazam Abbasfar
IEEE Internet of Things Journal | VOL. 7
Seyed Hamed Rastegar, et. al.Seyed Hamed Rastegar ... Aliazam Abbasfar
01 Jul 2020
Decision Tree‐Based Entries Reduction scheme using multi‐match attributes to prevent flow table overflow in SDN environment
Priyanka Nallusamy ... Murugan Krishnan
International Journal of Network Management | VOL. 31
Priyanka Nallusamy, et. al.Priyanka Nallusamy ... Murugan Krishnan
28 Oct 2020
Heterogeneous Flow Table Integration for Capacity Enhancement in Software-Defined Networks
Chi-Hsiang Hung ... Li-Chun Wang
-
Chi-Hsiang Hung, et. al.Chi-Hsiang Hung ... Li-Chun Wang
01 Mar 2018
View more papers

More From: IEEE/ACM transactions on networking : a joint publication of the IEEE Communications Society, the IEEE Computer Society, and the ACM with its Special Interest Group on Data Communication

Paper Title
Journal
Date
Author
PACC: A Proactive CNP Generation Scheme for Datacenter Networks
Jiao Zhang ... Mingxuan Yu
IEEE/ACM transactions on networking : a joint publication of the IEEE Communications Society, the IEEE Computer Society, and the ACM with its Special Interest Group on Data Communication | VOL. 32
Jiao Zhang, et. al.Jiao Zhang ... Mingxuan Yu
01 Jun 2024
RL-Based Energy-Efficient Data Transmission Over Hybrid BLE/LTE/Wi-Fi/LoRa UAV-Assisted Wireless Network
Wilson Ayyanthole Nelson ... Ajit Jha
IEEE/ACM transactions on networking : a joint publication of the IEEE Communications Society, the IEEE Computer Society, and the ACM with its Special Interest Group on Data Communication | VOL. 32
Wilson Ayyanthole Nelson, et. al.Wilson Ayyanthole Nelson ... Ajit Jha
01 Jun 2024
Incentivizing Massive Unknown Workers for Budget-Limited Crowdsensing: From Off-Line and On-Line Perspectives
Feng Li ... Pengfei Hu
IEEE/ACM transactions on networking : a joint publication of the IEEE Communications Society, the IEEE Computer Society, and the ACM with its Special Interest Group on Data Communication | VOL. 32
Feng Li, et. al.Feng Li ... Pengfei Hu
01 Jun 2024
Enabling Cross-Technology Communication From WiFi to LoRa With IEEE 802.11ax
Xiaolong Zheng ... Liang Liu
IEEE/ACM transactions on networking : a joint publication of the IEEE Communications Society, the IEEE Computer Society, and the ACM with its Special Interest Group on Data Communication | VOL. 32
Xiaolong Zheng, et. al.Xiaolong Zheng ... Liang Liu
01 Jun 2024
View more papers