定时SDN控制平面来推断网络配置

Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization Pub Date : 2016-03-11 DOI:10.1145/2876019.2876030

J. Sonchack, Adam J. Aviv, Eric Keller

{"title":"定时SDN控制平面来推断网络配置","authors":"J. Sonchack, Adam J. Aviv, Eric Keller","doi":"10.1145/2876019.2876030","DOIUrl":null,"url":null,"abstract":"In this paper, we study information leakage by control planes of Software Defined Networks. We find that the response time of an OpenFlow control plane depends on its workload, and we develop an inference attack that an adversary with control of a single host could use to learn about network configurations without needing to compromise any network infrastructure (i.e. switches or controller servers). We also demonstrate that our inference attack works on real OpenFlow hardware. To our knowledge, no previous work has evaluated OpenFlow inference attacks outside of simulation.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"46 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"26","resultStr":"{\"title\":\"Timing SDN Control Planes to Infer Network Configurations\",\"authors\":\"J. Sonchack, Adam J. Aviv, Eric Keller\",\"doi\":\"10.1145/2876019.2876030\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, we study information leakage by control planes of Software Defined Networks. We find that the response time of an OpenFlow control plane depends on its workload, and we develop an inference attack that an adversary with control of a single host could use to learn about network configurations without needing to compromise any network infrastructure (i.e. switches or controller servers). We also demonstrate that our inference attack works on real OpenFlow hardware. To our knowledge, no previous work has evaluated OpenFlow inference attacks outside of simulation.\",\"PeriodicalId\":107409,\"journal\":{\"name\":\"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization\",\"volume\":\"46 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-03-11\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"26\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2876019.2876030\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2876019.2876030","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 26

摘要

本文研究了软件定义网络控制平面的信息泄漏问题。我们发现OpenFlow控制平面的响应时间取决于其工作负载，并且我们开发了一种推理攻击，具有单个主机控制的对手可以使用该攻击来了解网络配置，而无需损害任何网络基础设施(即交换机或控制器服务器)。我们还证明了我们的推理攻击可以在真实的OpenFlow硬件上工作。据我们所知，之前没有工作评估过模拟之外的OpenFlow推理攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Timing SDN Control Planes to Infer Network Configurations

In this paper, we study information leakage by control planes of Software Defined Networks. We find that the response time of an OpenFlow control plane depends on its workload, and we develop an inference attack that an adversary with control of a single host could use to learn about network configurations without needing to compromise any network infrastructure (i.e. switches or controller servers). We also demonstrate that our inference attack works on real OpenFlow hardware. To our knowledge, no previous work has evaluated OpenFlow inference attacks outside of simulation.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization

自引率

0.00%

发文量