利用软件定义网络实现中的缺陷

2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security) Pub Date : 2016-06-13 DOI:10.1109/CyberSecPODS.2016.7502354

Dylan Smyth, V. Cionca, Seán McSweeney, Donna O’Shea

{"title":"利用软件定义网络实现中的缺陷","authors":"Dylan Smyth, V. Cionca, Seán McSweeney, Donna O’Shea","doi":"10.1109/CyberSecPODS.2016.7502354","DOIUrl":null,"url":null,"abstract":"The centralised control provided by Software- Defined Networking allows an increase in network security as all traffic can be vetted before leaving the attachment switch. Nevertheless, as in any complex system, there are implementation and policy compromises which lead to security vulnerabilities. This paper exploits such vulnerabilities to implement a suite of attacks, consisting of Address Resolution Protocol (ARP) cache poisoning, Man in the Middle, a firewall and access control bypassing port scan called a Phantom Host Scan, and a Distributed Denial of Service attack called a Phantom Storm which induces the participation of legitimate hosts. These attacks were successfully implemented in a Floodlight controlled network.","PeriodicalId":134449,"journal":{"name":"2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)","volume":"71 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"Exploiting pitfalls in software-defined networking implementation\",\"authors\":\"Dylan Smyth, V. Cionca, Seán McSweeney, Donna O’Shea\",\"doi\":\"10.1109/CyberSecPODS.2016.7502354\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The centralised control provided by Software- Defined Networking allows an increase in network security as all traffic can be vetted before leaving the attachment switch. Nevertheless, as in any complex system, there are implementation and policy compromises which lead to security vulnerabilities. This paper exploits such vulnerabilities to implement a suite of attacks, consisting of Address Resolution Protocol (ARP) cache poisoning, Man in the Middle, a firewall and access control bypassing port scan called a Phantom Host Scan, and a Distributed Denial of Service attack called a Phantom Storm which induces the participation of legitimate hosts. These attacks were successfully implemented in a Floodlight controlled network.\",\"PeriodicalId\":134449,\"journal\":{\"name\":\"2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)\",\"volume\":\"71 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-06-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CyberSecPODS.2016.7502354\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CyberSecPODS.2016.7502354","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 10

摘要

软件定义网络提供的集中控制允许增加网络安全性，因为所有流量都可以在离开附件开关之前进行审查。然而，正如在任何复杂的系统中一样，存在导致安全漏洞的实现和策略妥协。本文利用这些漏洞实现了一套攻击，包括地址解析协议(ARP)缓存中毒，中间人，防火墙和访问控制绕过端口扫描称为幽灵主机扫描，以及分布式拒绝服务攻击称为幽灵风暴，诱导合法主机的参与。这些攻击是在泛光灯控制的网络中成功实施的。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Exploiting pitfalls in software-defined networking implementation

The centralised control provided by Software- Defined Networking allows an increase in network security as all traffic can be vetted before leaving the attachment switch. Nevertheless, as in any complex system, there are implementation and policy compromises which lead to security vulnerabilities. This paper exploits such vulnerabilities to implement a suite of attacks, consisting of Address Resolution Protocol (ARP) cache poisoning, Man in the Middle, a firewall and access control bypassing port scan called a Phantom Host Scan, and a Distributed Denial of Service attack called a Phantom Storm which induces the participation of legitimate hosts. These attacks were successfully implemented in a Floodlight controlled network.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 International Conference On Cyber Security And Protection Of Digital Services (Cyber Security)

自引率

0.00%

发文量