基于网络配置协议和链路层发现协议的软件定义网络安全拓扑检测

2020 International Symposium on Industrial Electronics and Applications (INDEL) Pub Date : 2020-11-04 DOI:10.1109/INDEL50386.2020.9266137

S. Popic, Maksim Vuleta, Petar Cvjetkovic, B. Todorović

{"title":"基于网络配置协议和链路层发现协议的软件定义网络安全拓扑检测","authors":"S. Popic, Maksim Vuleta, Petar Cvjetkovic, B. Todorović","doi":"10.1109/INDEL50386.2020.9266137","DOIUrl":null,"url":null,"abstract":"The security concerns are a very important aspect of the Software-Defined Networking (SDN) concept since the security is not a built-in feature in the architecture. The decoupling of the data plane from the control plane has created completely new loopholes specific to the SDN. Using Link Layer Discovery Protocol (LLDP) for topology detection in SDN brings some of these new specific vulnerabilities, such as link discovery attack in the southbound interface. The problem concerns every implementation that uses the LLDP-like packets for link discovery. Network Configuration Protocol (NETCONF) together with YANG (yet another new generation) modeling language, used as a southbound interface (SBI) in the SDN can help to defend off this attack. This paper proposes the specific usage of NETCONF protocol and modeling abilities of the YANG language. The given enhancement will enable the network controller to recognize the link discovery attack threats.","PeriodicalId":369921,"journal":{"name":"2020 International Symposium on Industrial Electronics and Applications (INDEL)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Secure Topology Detection in Software-Defined Networking with Network Configuration Protocol and Link Layer Discovery Protocol\",\"authors\":\"S. Popic, Maksim Vuleta, Petar Cvjetkovic, B. Todorović\",\"doi\":\"10.1109/INDEL50386.2020.9266137\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The security concerns are a very important aspect of the Software-Defined Networking (SDN) concept since the security is not a built-in feature in the architecture. The decoupling of the data plane from the control plane has created completely new loopholes specific to the SDN. Using Link Layer Discovery Protocol (LLDP) for topology detection in SDN brings some of these new specific vulnerabilities, such as link discovery attack in the southbound interface. The problem concerns every implementation that uses the LLDP-like packets for link discovery. Network Configuration Protocol (NETCONF) together with YANG (yet another new generation) modeling language, used as a southbound interface (SBI) in the SDN can help to defend off this attack. This paper proposes the specific usage of NETCONF protocol and modeling abilities of the YANG language. The given enhancement will enable the network controller to recognize the link discovery attack threats.\",\"PeriodicalId\":369921,\"journal\":{\"name\":\"2020 International Symposium on Industrial Electronics and Applications (INDEL)\",\"volume\":\"25 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-11-04\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 International Symposium on Industrial Electronics and Applications (INDEL)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/INDEL50386.2020.9266137\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 International Symposium on Industrial Electronics and Applications (INDEL)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INDEL50386.2020.9266137","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

摘要

安全问题是软件定义网络(SDN)概念的一个非常重要的方面，因为安全性不是体系结构中的内置特性。数据平面与控制平面的分离造成了SDN特有的全新漏洞。在SDN中使用链路层发现协议(LLDP)进行拓扑检测会带来一些新的特定漏洞，例如南向接口的链路发现攻击。这个问题涉及到使用lldp类数据包进行链路发现的每个实现。网络配置协议(NETCONF)和YANG(另一种新一代)建模语言，作为SDN中的南向接口(SBI)，可以帮助防御这种攻击。本文提出了NETCONF协议的具体用法和YANG语言的建模能力。所述增强将使网络控制器能够识别链路发现攻击威胁。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Secure Topology Detection in Software-Defined Networking with Network Configuration Protocol and Link Layer Discovery Protocol

The security concerns are a very important aspect of the Software-Defined Networking (SDN) concept since the security is not a built-in feature in the architecture. The decoupling of the data plane from the control plane has created completely new loopholes specific to the SDN. Using Link Layer Discovery Protocol (LLDP) for topology detection in SDN brings some of these new specific vulnerabilities, such as link discovery attack in the southbound interface. The problem concerns every implementation that uses the LLDP-like packets for link discovery. Network Configuration Protocol (NETCONF) together with YANG (yet another new generation) modeling language, used as a southbound interface (SBI) in the SDN can help to defend off this attack. This paper proposes the specific usage of NETCONF protocol and modeling abilities of the YANG language. The given enhancement will enable the network controller to recognize the link discovery attack threats.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2020 International Symposium on Industrial Electronics and Applications (INDEL)

自引率

0.00%

发文量