{"title":"处理软件定义网络中的恶意交换机","authors":"R. Ghannam, Anthony Chung","doi":"10.1109/NOMS.2016.7502995","DOIUrl":null,"url":null,"abstract":"Traffic flowing through a software defined network is vulnerable to disruptions caused by malicious switches. The malicious behaviors are diverse such as dropping traffic, adding traffic or modifying it. A switch could be malicious or otherwise dysfunctional or misconfigured. A lot of work in SDN has addressed the problem by securing the control plane and having it validate network wide properties and policy compliance, e.g., loop-freedom, reachability and resolution of conflicting rules. In this paper, we argue that it is imperative as well to ensure the correctness of traffic forwarding itself. Therefore we define a threat model for the security and correctness of forwarding in an SDN switch. We describe several malicious behaviors that could be encountered at an SDN switch and propose possible solutions to each fault type. The capabilities of the SDN paradigm to detect and deter such attacks are analyzed.","PeriodicalId":344879,"journal":{"name":"NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium","volume":"37 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-04-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"16","resultStr":"{\"title\":\"Handling malicious switches in software defined networks\",\"authors\":\"R. Ghannam, Anthony Chung\",\"doi\":\"10.1109/NOMS.2016.7502995\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Traffic flowing through a software defined network is vulnerable to disruptions caused by malicious switches. The malicious behaviors are diverse such as dropping traffic, adding traffic or modifying it. A switch could be malicious or otherwise dysfunctional or misconfigured. A lot of work in SDN has addressed the problem by securing the control plane and having it validate network wide properties and policy compliance, e.g., loop-freedom, reachability and resolution of conflicting rules. In this paper, we argue that it is imperative as well to ensure the correctness of traffic forwarding itself. Therefore we define a threat model for the security and correctness of forwarding in an SDN switch. We describe several malicious behaviors that could be encountered at an SDN switch and propose possible solutions to each fault type. The capabilities of the SDN paradigm to detect and deter such attacks are analyzed.\",\"PeriodicalId\":344879,\"journal\":{\"name\":\"NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium\",\"volume\":\"37 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-04-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"16\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NOMS.2016.7502995\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NOMS.2016.7502995","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Handling malicious switches in software defined networks
Traffic flowing through a software defined network is vulnerable to disruptions caused by malicious switches. The malicious behaviors are diverse such as dropping traffic, adding traffic or modifying it. A switch could be malicious or otherwise dysfunctional or misconfigured. A lot of work in SDN has addressed the problem by securing the control plane and having it validate network wide properties and policy compliance, e.g., loop-freedom, reachability and resolution of conflicting rules. In this paper, we argue that it is imperative as well to ensure the correctness of traffic forwarding itself. Therefore we define a threat model for the security and correctness of forwarding in an SDN switch. We describe several malicious behaviors that could be encountered at an SDN switch and propose possible solutions to each fault type. The capabilities of the SDN paradigm to detect and deter such attacks are analyzed.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
