Loading…
SDN Application Backdoor: Disrupting the Service via Poisoning the Topology
Software-Defined Networking (SDN) enables the deployment of diversified networking applications by providing global visibility and open programmability on a centralized controller. As SDN enters its second decade, several well-developed open source controllers have been widely adopted in industry, a...
Saved in:
Main Authors: | , , , , |
---|---|
Format: | Conference Proceeding |
Language: | English |
Subjects: | |
Online Access: | Request full text |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | Software-Defined Networking (SDN) enables the deployment of diversified networking applications by providing global visibility and open programmability on a centralized controller. As SDN enters its second decade, several well-developed open source controllers have been widely adopted in industry, and various commercial SDN applications are built to meet the surging demand of network innovation. This complex ecosystem inevitably introduces new security threats, as malicious applications can significantly disrupt network operations. In this paper, we introduce a new vulnerability in existing SDN controllers that enable adversaries to create a backdoor and further deploy malicious applications to disrupt network service via a series of topology poisoning attacks. The root cause of this vulnerability is that SDN systems simply process received Packet-In messages without checking the integrity, and thus can be misguided by manipulated messages. We discover that five popular SDN controllers (i.e., Floodlight, ONOS, OpenDaylight, POX and Ryu) are potentially vulnerable to the disclosed attack, and further propose six new attacks exploiting this vulnerability to disrupt SDN services from different layers. We evaluate the effectiveness of these attacks with experiments in real SDN testbeds, and discuss feasible countermeasures. |
---|---|
ISSN: | 2641-9874 |
DOI: | 10.1109/INFOCOM53939.2023.10229058 |