| dc.description.abstract | Software-Defined Networking (SDN) is a new networking paradigm that centralizes the control logic from the data plane. Benefits from its centralized control plane (or SDN Controller), SDN intends to provide two key innovations, i.e., holistic network visibility and flexible network programmability, and thus to enable innovative network application scenarios ranging from campus network innovation to cloud network virtualization and data center network optimization. Unfortunately, the security issues and limitations of those two innovations are rarely explored, which put SDN-based infrastructures at risk. In this thesis, we conduct in-depth security analysis upon SDN-provisioned network visibility and programmability. As a result, we locate several security issues and limitations that may impede current SDN to achieve its goals. First, network visibility depends on a reliable topology management service. However, we find that existing topology management services in SDN are vulnerable to network topology poisoning attacks, which thereby misleads topology-dependent services and applications. Second, programmability enables the concurrent execution of multiple apps/modules in SDN to efficiently process network events. However, we find that the concurrency of SDN is vulnerable to harmful race conditions, which can be exploited by state manipulation attacks and cause serious security and reliability issues. Finally, the current SDN visibility and programmability only cover network flow-level information, which is far from enough to secure the entire infrastructure in today’s enterprise/cloud systems.
It is because most of the recent cyber attacks involve many system-level malicious activities to attack system resources (e.g., a file hijacking by ransomware). To tackle these problems, we propose new security solutions to significantly enhance existing SDN on its visibility and programmability with three major components, i.e., TOPOGUARD, CONGUARD, and SYSFLOW. TOPOGUARD works as a security extension on the SDN controller that secures the topology management by providing light-weighted, automatic, and real-time detection of topology poison attacks. CONGUARD works as a dynamic framework to effectively detect and exploit those harmful race conditions in SDN controllers. SYSFLOW works as a unified programmable security framework to facilitate the enforcement of diverse security intents to secure both network and system resources by abstracting system level activities and security capabilities. We believe our experience and lessons are of great benefit to design and implement more secure SDN architecture. | en |
