Demo: Adversarial network forensics in software defined networking

Stefan Achleitner; Thomas La Porta; Trent Jaeger; Patrick McDaniel

doi:10.1145/3050220.3060599

Demo: Adversarial network forensics in software defined networking

Stefan Achleitner, Thomas La Porta, Trent Jaeger, Patrick McDaniel

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The essential part of an SDN-based network are flow rules that enable network elements to steer and control the traffic and deploy policy enforcement points with a fine granularity at any entry-point in a network. Such applications, implemented with the usage of OpenFlow rules, are already integral components of widely used SDN controllers such as Floodlight or OpenDayLight. The implementation details of network policies are reflected in the composition of flow rules and leakage of such information provides adversaries with a significant attack advantage such as bypassing Access Control Lists (ACL), reconstructing the resource distribution of Load Balancers or revealing of Moving Target Defense techniques. In this demo [4, 5] we present our open-source scanner SDNMap and demonstrate the findings discussed in the paper "Adversarial Network Forensics in Software Defined Networking" [6]. On two real world examples, Floodlight's Access Control Lists (ACL) and Floodlight's Load Balancer (LBaaS), we show that severe security issues arise with the ability to reconstruct the details of OpenFlow rules on the data-plane.

Original language	English (US)
Title of host publication	SOSR 2017 - Proceedings of the 2017 Symposium on SDN Research
Publisher	Association for Computing Machinery, Inc
Pages	177-178
Number of pages	2
ISBN (Electronic)	9781450349475
DOIs	https://doi.org/10.1145/3050220.3060599
State	Published - Apr 3 2017
Event	2017 Symposium on SDN Research, SOSR 2017 - Santa Clara, United States Duration: Apr 3 2017 → Apr 4 2017

Publication series

Name	SOSR 2017 - Proceedings of the 2017 Symposium on SDN Research

Other

Other	2017 Symposium on SDN Research, SOSR 2017
Country	United States
City	Santa Clara
Period	4/3/17 → 4/4/17

Fingerprint

All Science Journal Classification (ASJC) codes

Computer Networks and Communications
Software

Cite this

Achleitner, S., La Porta, T., Jaeger, T., & McDaniel, P. (2017). Demo: Adversarial network forensics in software defined networking. In SOSR 2017 - Proceedings of the 2017 Symposium on SDN Research (pp. 177-178). (SOSR 2017 - Proceedings of the 2017 Symposium on SDN Research). Association for Computing Machinery, Inc. https://doi.org/10.1145/3050220.3060599

@inproceedings{6cca7e2f4aa24b17a2da03485a0a0255,

title = "Demo: Adversarial network forensics in software defined networking",

abstract = "The essential part of an SDN-based network are flow rules that enable network elements to steer and control the traffic and deploy policy enforcement points with a fine granularity at any entry-point in a network. Such applications, implemented with the usage of OpenFlow rules, are already integral components of widely used SDN controllers such as Floodlight or OpenDayLight. The implementation details of network policies are reflected in the composition of flow rules and leakage of such information provides adversaries with a significant attack advantage such as bypassing Access Control Lists (ACL), reconstructing the resource distribution of Load Balancers or revealing of Moving Target Defense techniques. In this demo [4, 5] we present our open-source scanner SDNMap and demonstrate the findings discussed in the paper {"}Adversarial Network Forensics in Software Defined Networking{"} [6]. On two real world examples, Floodlight's Access Control Lists (ACL) and Floodlight's Load Balancer (LBaaS), we show that severe security issues arise with the ability to reconstruct the details of OpenFlow rules on the data-plane.",

author = "Stefan Achleitner and {La Porta}, Thomas and Trent Jaeger and Patrick McDaniel",

year = "2017",

month = apr,

day = "3",

doi = "10.1145/3050220.3060599",

language = "English (US)",

series = "SOSR 2017 - Proceedings of the 2017 Symposium on SDN Research",

publisher = "Association for Computing Machinery, Inc",

pages = "177--178",

booktitle = "SOSR 2017 - Proceedings of the 2017 Symposium on SDN Research",

note = "2017 Symposium on SDN Research, SOSR 2017 ; Conference date: 03-04-2017 Through 04-04-2017",

}

Achleitner, S, La Porta, T , Jaeger, T & McDaniel, P 2017, Demo: Adversarial network forensics in software defined networking. in SOSR 2017 - Proceedings of the 2017 Symposium on SDN Research. SOSR 2017 - Proceedings of the 2017 Symposium on SDN Research, Association for Computing Machinery, Inc, pp. 177-178, 2017 Symposium on SDN Research, SOSR 2017, Santa Clara, United States, 4/3/17. https://doi.org/10.1145/3050220.3060599

Demo : Adversarial network forensics in software defined networking. / Achleitner, Stefan; La Porta, Thomas ; Jaeger, Trent ; McDaniel, Patrick.

SOSR 2017 - Proceedings of the 2017 Symposium on SDN Research. Association for Computing Machinery, Inc, 2017. p. 177-178 (SOSR 2017 - Proceedings of the 2017 Symposium on SDN Research).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Demo

T2 - 2017 Symposium on SDN Research, SOSR 2017

AU - Achleitner, Stefan

AU - La Porta, Thomas

AU - Jaeger, Trent

AU - McDaniel, Patrick

PY - 2017/4/3

Y1 - 2017/4/3

N2 - The essential part of an SDN-based network are flow rules that enable network elements to steer and control the traffic and deploy policy enforcement points with a fine granularity at any entry-point in a network. Such applications, implemented with the usage of OpenFlow rules, are already integral components of widely used SDN controllers such as Floodlight or OpenDayLight. The implementation details of network policies are reflected in the composition of flow rules and leakage of such information provides adversaries with a significant attack advantage such as bypassing Access Control Lists (ACL), reconstructing the resource distribution of Load Balancers or revealing of Moving Target Defense techniques. In this demo [4, 5] we present our open-source scanner SDNMap and demonstrate the findings discussed in the paper "Adversarial Network Forensics in Software Defined Networking" [6]. On two real world examples, Floodlight's Access Control Lists (ACL) and Floodlight's Load Balancer (LBaaS), we show that severe security issues arise with the ability to reconstruct the details of OpenFlow rules on the data-plane.

AB - The essential part of an SDN-based network are flow rules that enable network elements to steer and control the traffic and deploy policy enforcement points with a fine granularity at any entry-point in a network. Such applications, implemented with the usage of OpenFlow rules, are already integral components of widely used SDN controllers such as Floodlight or OpenDayLight. The implementation details of network policies are reflected in the composition of flow rules and leakage of such information provides adversaries with a significant attack advantage such as bypassing Access Control Lists (ACL), reconstructing the resource distribution of Load Balancers or revealing of Moving Target Defense techniques. In this demo [4, 5] we present our open-source scanner SDNMap and demonstrate the findings discussed in the paper "Adversarial Network Forensics in Software Defined Networking" [6]. On two real world examples, Floodlight's Access Control Lists (ACL) and Floodlight's Load Balancer (LBaaS), we show that severe security issues arise with the ability to reconstruct the details of OpenFlow rules on the data-plane.

UR - http://www.scopus.com/inward/record.url?scp=85018960648&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85018960648&partnerID=8YFLogxK

U2 - 10.1145/3050220.3060599

DO - 10.1145/3050220.3060599

M3 - Conference contribution

AN - SCOPUS:85018960648

T3 - SOSR 2017 - Proceedings of the 2017 Symposium on SDN Research

SP - 177

EP - 178

BT - SOSR 2017 - Proceedings of the 2017 Symposium on SDN Research

PB - Association for Computing Machinery, Inc

Y2 - 3 April 2017 through 4 April 2017

ER -

Access to Document

10.1145/3050220.3060599