Loading…

SDN Application Backdoor: Disrupting the Service via Poisoning the Topology

Software-Defined Networking (SDN) enables the deployment of diversified networking applications by providing global visibility and open programmability on a centralized controller. As SDN enters its second decade, several well-developed open source controllers have been widely adopted in industry, a...

Full description

Saved in:
Bibliographic Details
Main Authors: Deng, Shuhua, Qing, Xian, Li, Xiaofan, Gao, Xing, Gao, Xieping
Format: Conference Proceeding
Language:English
Subjects:
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Software-Defined Networking (SDN) enables the deployment of diversified networking applications by providing global visibility and open programmability on a centralized controller. As SDN enters its second decade, several well-developed open source controllers have been widely adopted in industry, and various commercial SDN applications are built to meet the surging demand of network innovation. This complex ecosystem inevitably introduces new security threats, as malicious applications can significantly disrupt network operations. In this paper, we introduce a new vulnerability in existing SDN controllers that enable adversaries to create a backdoor and further deploy malicious applications to disrupt network service via a series of topology poisoning attacks. The root cause of this vulnerability is that SDN systems simply process received Packet-In messages without checking the integrity, and thus can be misguided by manipulated messages. We discover that five popular SDN controllers (i.e., Floodlight, ONOS, OpenDaylight, POX and Ryu) are potentially vulnerable to the disclosed attack, and further propose six new attacks exploiting this vulnerability to disrupt SDN services from different layers. We evaluate the effectiveness of these attacks with experiments in real SDN testbeds, and discuss feasible countermeasures.
ISSN:2641-9874
DOI:10.1109/INFOCOM53939.2023.10229058