发布求助
文献互助 智能选刊 最新文献

Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization最新文献

筛选
英文 中文
SHIELD: An Automated Framework for Static Analysis of SDN Applications SHIELD:用于SDN应用静态分析的自动化框架
Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization Pub Date : 2016-03-11 DOI: 10.1145/2876019.2876026
Chanhee Lee, Seungwon Shin
{"title":"SHIELD: An Automated Framework for Static Analysis of SDN Applications","authors":"Chanhee Lee, Seungwon Shin","doi":"10.1145/2876019.2876026","DOIUrl":"https://doi.org/10.1145/2876019.2876026","url":null,"abstract":"Software-Defined Network (SDN) is getting popular and increasingly deployed in both of academia and industry. As a result of which, its security issue is being magnified as a critical controversy, and some pioneering researchers have investigated the vulnerabilities of SDN to discover the feasibility of compromising SDN networks. Especially, they prove that a simple malicious/buggy SDN application running on an SDN controller can kill an SDN control plane because it usually has a right to access the resources of SDN controller. To address this issue, we focus on the malicious SDN application themselves (i.e., how to understand if an SDN application is malicious). In this context, we consider analyzing SDN applications before running in a static manner. We present SHIELD, a new automated framework for static analysis of SDN applications carefully considering SDN abilities. SHIELD provides the Control-Flow Graph (CFG) and critical flows of SDN applications. We evaluate the effectiveness of SHIELD with 33 real world applications (both benign and malicious applications), and from the results, we define 10 malicious behaviors of SDN applications.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127261699","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 22
Taking the Surprise out of Changes to a Bro Setup 从兄弟设置的变化中获得惊喜
Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization Pub Date : 2016-03-11 DOI: 10.1145/2876019.2876031
Matthew Monaco, Alex Tsankov, Eric Keller
{"title":"Taking the Surprise out of Changes to a Bro Setup","authors":"Matthew Monaco, Alex Tsankov, Eric Keller","doi":"10.1145/2876019.2876031","DOIUrl":"https://doi.org/10.1145/2876019.2876031","url":null,"abstract":"With network functions virtualization, an organization gains an ability to provide a much more agile security infrastructure. In this paper we focus on vulnerabilities and challenges created by this new flexibility itself. In particular, using Bro as a case study, we present i) a framework for testing Bro scripts using a packet traces, ii) a complementary framework for testing the performance impact of Bro scripts, iii) a continuous integration system for triggering automatic testing in response to code changes. With this system, security administrators are protected against logic errors in new and modified scripts as well as performance degradation.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130909552","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
vTC: Machine Learning Based Traffic Classification as a Virtual Network Function 基于机器学习的流量分类作为虚拟网络功能
Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization Pub Date : 2016-03-11 DOI: 10.1145/2876019.2876029
Lu He, Chen Xu, Yan Luo
{"title":"vTC: Machine Learning Based Traffic Classification as a Virtual Network Function","authors":"Lu He, Chen Xu, Yan Luo","doi":"10.1145/2876019.2876029","DOIUrl":"https://doi.org/10.1145/2876019.2876029","url":null,"abstract":"Network flow classification is fundamental to network management and network security. However, it is challenging to classify network flows at very high line rates while simultaneously preserving user privacy. Machine learning based classification techniques utilize only meta-information of a flow and have been shown to be effective in identifying network flows. We analyze a group of widely used machine learning classifiers, and observe that the effectiveness of different classification models depends highly upon the protocol types as well as the flow features collected from network data.We propose vTC, a design of virtual network functions to flexibly select and apply the best suitable machine learning classifiers at run time. The experimental results show that the proposed NFV for flow classification can improve the accuracy of classification by up to 13%.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123697218","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 30
The Smaller, the Shrewder: A Simple Malicious Application Can Kill an Entire SDN Environment 越小越精明:一个简单的恶意应用程序可以杀死整个SDN环境
Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization Pub Date : 2016-03-11 DOI: 10.1145/2876019.2876024
Seungsoo Lee, Changhoon Yoon, Seungwon Shin
{"title":"The Smaller, the Shrewder: A Simple Malicious Application Can Kill an Entire SDN Environment","authors":"Seungsoo Lee, Changhoon Yoon, Seungwon Shin","doi":"10.1145/2876019.2876024","DOIUrl":"https://doi.org/10.1145/2876019.2876024","url":null,"abstract":"Security vulnerability assessment is an important process that must be conducted against any system before the deployment, and emerging technologies are no exceptions. Software-Defined Networking (SDN) has aggressively evolved in the past few years and is now almost at the early adoption stage. At this stage, the attack surface of SDN should be thoroughly investigated and assessed in order to mitigate possible security breaches against SDN. Inspired by the necessity, we reveal three attack scenarios that leverage SDN application to attack SDNs, and test the attack scenarios against three of the most popular SDN controllers available today. In addition, we discuss the possible defense mechanisms against such application-originated attacks.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121789942","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 45
Leveraging SDN to Improve the Security of DHCP 利用SDN提高DHCP的安全性
Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization Pub Date : 2016-03-11 DOI: 10.1145/2876019.2876028
Jacob H. Cox, R. Clark, H. Owen
{"title":"Leveraging SDN to Improve the Security of DHCP","authors":"Jacob H. Cox, R. Clark, H. Owen","doi":"10.1145/2876019.2876028","DOIUrl":"https://doi.org/10.1145/2876019.2876028","url":null,"abstract":"Current State of the art technologies for detecting and neutralizing rogue DHCP servers are tediously complex and prone to error. Network operators can spend hours (even days) before realizing that a rogue server is affecting their network. Additionally, once network operators suspect that a rogue server is active on their network, even more hours can be spent finding the server's MAC address and preventing it from affecting other clients. Not only are such methods slow to eliminate rogue servers, they are also likely to affect other clients as network operators shutdown services while attempting to locate the server. In this paper, we present Network Flow Guard (NFG), a simple security application that utilizes the software defined networking (SDN) paradigm of programmable networks to detect and disable rogue servers before they are able to affect network clients. Consequently, the key contributions of NFG are its modular approach and its automated detection/prevention of rogue DHCP servers, which is accomplished with little impact to network architecture, protocols, and network operators.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"2013 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125674645","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
HoneyMix: Toward SDN-based Intelligent Honeynet HoneyMix:迈向基于sdn的智能蜜网
Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization Pub Date : 2016-03-11 DOI: 10.1145/2876019.2876022
Wonkyu Han, Ziming Zhao, Adam Doupé, Gail-Joon Ahn
{"title":"HoneyMix: Toward SDN-based Intelligent Honeynet","authors":"Wonkyu Han, Ziming Zhao, Adam Doupé, Gail-Joon Ahn","doi":"10.1145/2876019.2876022","DOIUrl":"https://doi.org/10.1145/2876019.2876022","url":null,"abstract":"Honeynet is a collection of honeypots that are set up to attract as many attackers as possible to learn about their patterns, tactics, and behaviors. However, existing honeypots suffer from a variety of fingerprinting techniques, and the current honeynet architecture does not fully utilize features of residing honeypots due to its coarse-grained data control mechanisms. To address these challenges, we propose an SDN-based intelligent honeynet called HoneyMix. HoneyMix leverages the rich programmability of SDN to circumvent attackers' detection mechanisms and enables fine-grained data control for honeynet. To do this, HoneyMix simultaneously establishes multiple connections with a set of honeypots and selects the most desirable connection to inspire attackers to remain connected. In this paper, we present the HoneyMix architecture and a description of its core components.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124305816","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 52
Timing SDN Control Planes to Infer Network Configurations 定时SDN控制平面来推断网络配置
Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization Pub Date : 2016-03-11 DOI: 10.1145/2876019.2876030
J. Sonchack, Adam J. Aviv, Eric Keller
{"title":"Timing SDN Control Planes to Infer Network Configurations","authors":"J. Sonchack, Adam J. Aviv, Eric Keller","doi":"10.1145/2876019.2876030","DOIUrl":"https://doi.org/10.1145/2876019.2876030","url":null,"abstract":"In this paper, we study information leakage by control planes of Software Defined Networks. We find that the response time of an OpenFlow control plane depends on its workload, and we develop an inference attack that an adversary with control of a single host could use to learn about network configurations without needing to compromise any network infrastructure (i.e. switches or controller servers). We also demonstrate that our inference attack works on real OpenFlow hardware. To our knowledge, no previous work has evaluated OpenFlow inference attacks outside of simulation.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126656677","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 26
S-NFV: Securing NFV states by using SGX S-NFV:通过使用SGX保护NFV状态
Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization Pub Date : 2016-03-11 DOI: 10.1145/2876019.2876032
Ming-Wei Shih, Mohan Kumar, Taesoo Kim, Ada Gavrilovska
{"title":"S-NFV: Securing NFV states by using SGX","authors":"Ming-Wei Shih, Mohan Kumar, Taesoo Kim, Ada Gavrilovska","doi":"10.1145/2876019.2876032","DOIUrl":"https://doi.org/10.1145/2876019.2876032","url":null,"abstract":"Network Function Virtualization (NFV) applications are stateful. For example, a Content Distribution Network (CDN) caches web contents from remote servers and serves them to clients. Similarly, an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS) have both per-flow and multi-flow (shared) states to properly react to intrusions. On today's NFV infrastructures, security vulnerabilities many allow attackers to steal and manipulate the internal states of NFV applications that share a physical resource. In this paper, we propose a new protection scheme, S-NFV that incorporates Intel Software Guard Extensions (Intel SGX) to securely isolate the states of NFV applications.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122014615","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 108
HogMap: Using SDNs to Incentivize Collaborative Security Monitoring HogMap:使用sdn激励协同安全监控
Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization Pub Date : 2016-03-11 DOI: 10.1145/2876019.2876023
Xiang Pan, V. Yegneswaran, Yan Chen, Phillip A. Porras, Seungwon Shin
{"title":"HogMap: Using SDNs to Incentivize Collaborative Security Monitoring","authors":"Xiang Pan, V. Yegneswaran, Yan Chen, Phillip A. Porras, Seungwon Shin","doi":"10.1145/2876019.2876023","DOIUrl":"https://doi.org/10.1145/2876019.2876023","url":null,"abstract":"Cyber Threat Intelligence (CTI) sharing facilitates a comprehensive understanding of adversary activity and enables enterprise networks to prioritize their cyber defense technologies. To that end, we introduce HogMap, a novel software-defined infrastructure that simplifies and incentivizes collaborative measurement and monitoring of cyber-threat activity. HogMap proposes to transform the cyber-threat monitoring landscape by integrating several novel SDN-enabled capabilities: (i) intelligent in-place filtering of malicious traffic, (ii) dynamic migration of interesting and extraordinary traffic and (iii) a software-defined marketplace where various parties can opportunistically subscribe to and publish cyber-threat intelligence services in a flexible manner. We present the architectural vision and summarize our preliminary experience in developing and operating an SDN-based HoneyGrid, which spans three enterprises and implements several of the enabling capabilities (e.g., traffic filtering, traffic forwarding and connection migration). We find that SDN technologies greatly simplify the design and deployment of such globally distributed and elastic HoneyGrids.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132920169","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
UNISAFE: A Union of Security Actions for Software Switches UNISAFE:软件交换机的安全行动联盟
Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization Pub Date : 2016-03-11 DOI: 10.1145/2876019.2876025
Taejune Park, Yeonkeun Kim, Seungwon Shin
{"title":"UNISAFE: A Union of Security Actions for Software Switches","authors":"Taejune Park, Yeonkeun Kim, Seungwon Shin","doi":"10.1145/2876019.2876025","DOIUrl":"https://doi.org/10.1145/2876019.2876025","url":null,"abstract":"As Software-defined architectures, such as Software-Defined Networking (SDN) and Network Function Virtualization (NFV), are getting popular, the necessity of software-based switch (a.k.a., software switch) is also increasing because it can adopt new functions/features without much difficulty compared with hardware-based switches. Nowadays we can easily observe that researchers devise new network functions and embed them into a software switch. However, most those proposals are highly biased at network communities, and thus it is hard to find some trials of leveraging the abilities of a software switch for security. In this paper, we consider that how we can enrich security functions/features in software-defined environments, and in this context we propose a new software switch architecture - with the name of UNISAFE - that can enable diverse security actions. Furthermore, UNISAFE provides action clustering which joins UNISAFE actions of multiple-flows together. It makes that UNISAFE can check flows synthetically, and thus a user can establish effective security policies and save system resources. In addition, we describe the design and implementation of UNISAFE and suggest some use-cases for how UNISAFE works.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131356046","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信