Protecting Virtual Programmable Switches from Cross-App Poisoning (CAP) Attacks

Cross-App Poisoning (CAP) is an emerging class of network integrity attacks against Software Defined Networking (SDN). In a CAP attack, a malicious app poison shared data objects maintained by the controller, thus co-opting legitimate apps into carrying out bogus actions that the malicious app itsel...

Full description

Saved in:
Bibliographic Details
Main Authors: Lamb, Ivan Peter, Saquetti, Mateus, de Oliveira, Guilherme Bueno, Rodrigo Azambuja, Jose, Cordeiro, Weverton
Format: Conference Proceeding
Language:English
Subjects:
Control systems
Data Provenance
Information Flow Control
Software defined networking
Sofware Defined Networking
Toxicology
Virtualization
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Cross-App Poisoning (CAP) is an emerging class of network integrity attacks against Software Defined Networking (SDN). In a CAP attack, a malicious app poison shared data objects maintained by the controller, thus co-opting legitimate apps into carrying out bogus actions that the malicious app itself cannot perform due to insufficient privileges. Existing solutions, such as ProvSDN, demonstrated that Information Flow Control (IFC) can track and thus prevent such attacks. However, these solutions cannot prevent CAP attacks in networks where malicious apps can take advantage of programmable virtual switches to bypass IFC. In this paper, we propose Virtual Information Flow Control (vIFC), a solution for defending against CAP attacks that exploit virtual switches to obfuscate malicious information flow. vIFC has shown high effectivity while posing low performance overhead. We also propose a policy model that offers flexibility to the network manager to determine IFC between apps running on multiple controllers.
ISSN:2374-9709
DOI:10.1109/NOMS54207.2022.9789775