Flow Table Security in SDN: Adversarial Reconnaissance and Intelligent Attacks

Mingli Yu; Ting He; Patrick McDaniel; Quinn K. Burke

doi:10.1109/INFOCOM41043.2020.9155538

Flow Table Security in SDN: Adversarial Reconnaissance and Intelligent Attacks

Mingli Yu, Ting He, Patrick McDaniel, Quinn K. Burke

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The performance-driven design of SDN architectures leaves many security vulnerabilities, a notable one being the communication bottleneck between the controller and the switches. Functioning as a cache between the controller and the switches, the flow table mitigates this bottleneck by caching flow rules received from the controller at each switch, but is very limited in size due to the high cost and power consumption of the underlying storage medium. It thus presents an easy target for attacks. Observing that many existing defenses are based on simplistic attack models, we develop a model of intelligent attacks that exploit specific cache-like behaviors of the flow table to infer its internal configuration and state, and then design attack parameters accordingly. Our evaluations show that such attacks can accurately expose the internal parameters of the target flow table and cause measurable damage with the minimum effort.

Original language	English (US)
Title of host publication	INFOCOM 2020 - IEEE Conference on Computer Communications
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	1519-1528
Number of pages	10
ISBN (Electronic)	9781728164120
DOIs	https://doi.org/10.1109/INFOCOM41043.2020.9155538
State	Published - Jul 2020
Event	38th IEEE Conference on Computer Communications, INFOCOM 2020 - Toronto, Canada Duration: Jul 6 2020 → Jul 9 2020

Publication series

Name	Proceedings - IEEE INFOCOM
Volume	2020-July
ISSN (Print)	0743-166X

Conference

Conference	38th IEEE Conference on Computer Communications, INFOCOM 2020
Country	Canada
City	Toronto
Period	7/6/20 → 7/9/20

All Science Journal Classification (ASJC) codes

Computer Science(all)
Electrical and Electronic Engineering

Access to Document

10.1109/INFOCOM41043.2020.9155538

Fingerprint Dive into the research topics of 'Flow Table Security in SDN: Adversarial Reconnaissance and Intelligent Attacks'. Together they form a unique fingerprint.

Cite this

Yu, M., He, T., McDaniel, P., & Burke, Q. K. (2020). Flow Table Security in SDN: Adversarial Reconnaissance and Intelligent Attacks. In INFOCOM 2020 - IEEE Conference on Computer Communications (pp. 1519-1528). [9155538] (Proceedings - IEEE INFOCOM; Vol. 2020-July). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/INFOCOM41043.2020.9155538

@inproceedings{49fcc908b7624556baed49eaac466a9b,

title = "Flow Table Security in SDN: Adversarial Reconnaissance and Intelligent Attacks",

abstract = "The performance-driven design of SDN architectures leaves many security vulnerabilities, a notable one being the communication bottleneck between the controller and the switches. Functioning as a cache between the controller and the switches, the flow table mitigates this bottleneck by caching flow rules received from the controller at each switch, but is very limited in size due to the high cost and power consumption of the underlying storage medium. It thus presents an easy target for attacks. Observing that many existing defenses are based on simplistic attack models, we develop a model of intelligent attacks that exploit specific cache-like behaviors of the flow table to infer its internal configuration and state, and then design attack parameters accordingly. Our evaluations show that such attacks can accurately expose the internal parameters of the target flow table and cause measurable damage with the minimum effort.",

author = "Mingli Yu and Ting He and Patrick McDaniel and Burke, {Quinn K.}",

note = "Funding Information: This research was partly sponsored by the U.S. Army Combat Capabilities Development Command Army Research Laboratory and was accomplished under Cooperative Agreement Number W911NF-13-2-0045 (ARL Cyber Security CRA). The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Combat Capabilities Development Command Army Research Laboratory or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation here on.; 38th IEEE Conference on Computer Communications, INFOCOM 2020 ; Conference date: 06-07-2020 Through 09-07-2020",

year = "2020",

month = jul,

doi = "10.1109/INFOCOM41043.2020.9155538",

language = "English (US)",

series = "Proceedings - IEEE INFOCOM",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "1519--1528",

booktitle = "INFOCOM 2020 - IEEE Conference on Computer Communications",

address = "United States",

}

Yu, M, He, T , McDaniel, P & Burke, QK 2020, Flow Table Security in SDN: Adversarial Reconnaissance and Intelligent Attacks. in INFOCOM 2020 - IEEE Conference on Computer Communications., 9155538, Proceedings - IEEE INFOCOM, vol. 2020-July, Institute of Electrical and Electronics Engineers Inc., pp. 1519-1528, 38th IEEE Conference on Computer Communications, INFOCOM 2020, Toronto, Canada, 7/6/20. https://doi.org/10.1109/INFOCOM41043.2020.9155538

Flow Table Security in SDN : Adversarial Reconnaissance and Intelligent Attacks. / Yu, Mingli; He, Ting ; McDaniel, Patrick; Burke, Quinn K.

INFOCOM 2020 - IEEE Conference on Computer Communications. Institute of Electrical and Electronics Engineers Inc., 2020. p. 1519-1528 9155538 (Proceedings - IEEE INFOCOM; Vol. 2020-July).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Flow Table Security in SDN

T2 - 38th IEEE Conference on Computer Communications, INFOCOM 2020

AU - Yu, Mingli

AU - He, Ting

AU - McDaniel, Patrick

AU - Burke, Quinn K.

N1 - Funding Information: This research was partly sponsored by the U.S. Army Combat Capabilities Development Command Army Research Laboratory and was accomplished under Cooperative Agreement Number W911NF-13-2-0045 (ARL Cyber Security CRA). The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the Combat Capabilities Development Command Army Research Laboratory or the U.S. Government. The U.S. Government is authorized to reproduce and distribute reprints for Government purposes notwithstanding any copyright notation here on.

PY - 2020/7

Y1 - 2020/7

N2 - The performance-driven design of SDN architectures leaves many security vulnerabilities, a notable one being the communication bottleneck between the controller and the switches. Functioning as a cache between the controller and the switches, the flow table mitigates this bottleneck by caching flow rules received from the controller at each switch, but is very limited in size due to the high cost and power consumption of the underlying storage medium. It thus presents an easy target for attacks. Observing that many existing defenses are based on simplistic attack models, we develop a model of intelligent attacks that exploit specific cache-like behaviors of the flow table to infer its internal configuration and state, and then design attack parameters accordingly. Our evaluations show that such attacks can accurately expose the internal parameters of the target flow table and cause measurable damage with the minimum effort.

AB - The performance-driven design of SDN architectures leaves many security vulnerabilities, a notable one being the communication bottleneck between the controller and the switches. Functioning as a cache between the controller and the switches, the flow table mitigates this bottleneck by caching flow rules received from the controller at each switch, but is very limited in size due to the high cost and power consumption of the underlying storage medium. It thus presents an easy target for attacks. Observing that many existing defenses are based on simplistic attack models, we develop a model of intelligent attacks that exploit specific cache-like behaviors of the flow table to infer its internal configuration and state, and then design attack parameters accordingly. Our evaluations show that such attacks can accurately expose the internal parameters of the target flow table and cause measurable damage with the minimum effort.

UR - http://www.scopus.com/inward/record.url?scp=85090277397&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85090277397&partnerID=8YFLogxK

U2 - 10.1109/INFOCOM41043.2020.9155538

DO - 10.1109/INFOCOM41043.2020.9155538

M3 - Conference contribution

AN - SCOPUS:85090277397

T3 - Proceedings - IEEE INFOCOM

SP - 1519

EP - 1528

BT - INFOCOM 2020 - IEEE Conference on Computer Communications

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 6 July 2020 through 9 July 2020

ER -