In Software-Defined Networks (SDN), so called SDN controllers
are responsible for managing the network devices
building such a network. Once such a core component of
the network has been infected with malicious software (e.g.,
by a malicious SDN application), an attacker typically has a
strong interest in remaining undetected while compromising
other devices in the network. Thus, hiding a malicious network
state and corresponding network manipulations are important
objectives for an adversary. To achieve this, rootkit
techniques can be applied in order to manipulate the SDN
controller’s view of a network. As a consequence, monitoring
capabilities of SDN controllers as well as SDN applications
with a security focus can be fooled by hiding adverse network
manipulations.
To tackle this problem, we propose a novel approach capable
of detecting and preventing hidden network manipulations
before they can attack a network. In particular,
our method is able to drop adverse network manipulations
before they are applied on a network. We achieve this by
comparing the actual network state, which includes both
malicious and benign configurations, with the network state
which is provided by a potentially compromised SDN controller.
In case of an attack, the result of this comparison
reveals network manipulations which are adversely removed
from an SDN controller’s view of a network. To demonstrate
the capabilities of this approach, we implement a prototype
and evaluate effectiveness as well as efficiency. The evaluation
results indicate scalability and high performance of our
system, while being able to protect major SDN controller
platforms.
%0 Journal Article
%1 noauthororeditor
%A Röpke, Christian
%A Holz, Thorsten
%B ACM SIGCOMM 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges (SecSoN 2018)
%D 2018
%K sendate sendate-planets
%T Preventing Malicious SDN Applications From Hiding Adverse Network Manipulations
%X In Software-Defined Networks (SDN), so called SDN controllers
are responsible for managing the network devices
building such a network. Once such a core component of
the network has been infected with malicious software (e.g.,
by a malicious SDN application), an attacker typically has a
strong interest in remaining undetected while compromising
other devices in the network. Thus, hiding a malicious network
state and corresponding network manipulations are important
objectives for an adversary. To achieve this, rootkit
techniques can be applied in order to manipulate the SDN
controller’s view of a network. As a consequence, monitoring
capabilities of SDN controllers as well as SDN applications
with a security focus can be fooled by hiding adverse network
manipulations.
To tackle this problem, we propose a novel approach capable
of detecting and preventing hidden network manipulations
before they can attack a network. In particular,
our method is able to drop adverse network manipulations
before they are applied on a network. We achieve this by
comparing the actual network state, which includes both
malicious and benign configurations, with the network state
which is provided by a potentially compromised SDN controller.
In case of an attack, the result of this comparison
reveals network manipulations which are adversely removed
from an SDN controller’s view of a network. To demonstrate
the capabilities of this approach, we implement a prototype
and evaluate effectiveness as well as efficiency. The evaluation
results indicate scalability and high performance of our
system, while being able to protect major SDN controller
platforms.
@article{noauthororeditor,
abstract = {In Software-Defined Networks (SDN), so called SDN controllers
are responsible for managing the network devices
building such a network. Once such a core component of
the network has been infected with malicious software (e.g.,
by a malicious SDN application), an attacker typically has a
strong interest in remaining undetected while compromising
other devices in the network. Thus, hiding a malicious network
state and corresponding network manipulations are important
objectives for an adversary. To achieve this, rootkit
techniques can be applied in order to manipulate the SDN
controller’s view of a network. As a consequence, monitoring
capabilities of SDN controllers as well as SDN applications
with a security focus can be fooled by hiding adverse network
manipulations.
To tackle this problem, we propose a novel approach capable
of detecting and preventing hidden network manipulations
before they can attack a network. In particular,
our method is able to drop adverse network manipulations
before they are applied on a network. We achieve this by
comparing the actual network state, which includes both
malicious and benign configurations, with the network state
which is provided by a potentially compromised SDN controller.
In case of an attack, the result of this comparison
reveals network manipulations which are adversely removed
from an SDN controller’s view of a network. To demonstrate
the capabilities of this approach, we implement a prototype
and evaluate effectiveness as well as efficiency. The evaluation
results indicate scalability and high performance of our
system, while being able to protect major SDN controller
platforms.},
added-at = {2019-02-11T17:53:42.000+0100},
author = {Röpke, Christian and Holz, Thorsten},
biburl = {https://www.bibsonomy.org/bibtex/25ff5a42dc3bb237f84e7ca5486c7b924/savolainenpekka},
booktitle = {ACM SIGCOMM 2018 Workshop on Security in Softwarized Networks: Prospects and Challenges (SecSoN 2018)},
day = 24,
interhash = {dea6cd900904938477a0ba7f376a41d3},
intrahash = {5ff5a42dc3bb237f84e7ca5486c7b924},
keywords = {sendate sendate-planets},
month = {August},
timestamp = {2019-02-11T17:53:42.000+0100},
title = {Preventing Malicious SDN Applications From Hiding Adverse Network Manipulations},
year = 2018
}