Name
Title | ||
|---|---|---|
Attacking Network Isolation in Software-Defined Networks: New Attacks and Countermeasures |
Abstract | ||
|---|---|---|
With the development of virtualization technology and fast expansion of network-scale, SDN has been employed in various cases from campus networks to cloud data center networks. However, SDN networks are also facing some new security issues, relative to the traditional networks. In this work, we demonstrate a novel network isolation attack in SDN networks, called Network Harvesting, that lets an attacker can access to the user's network privileges without the awareness of victim and OpenFlow SDN architecture, which significantly increases persistence. We then present a defense, SpoofDefender, that prevents network isolation attacks or other spoofing attacks by leveraging SDN's data and control plane separation, global network view, and programmatic control of the network, while building upon IEEE 802.1x and encryption. In addition, we also implement SpoofDefender on ONOS 1.10.4 and Mininet with a real network, and extensive simulation results demonstrate that our proposed SpoofDefender is highly effective in terms of computation and communication costs. |
Year | DOI | Venue |
|---|---|---|
2018 | 10.1109/ICCCN.2018.8487340 | 2018 27th International Conference on Computer Communication and Networks (ICCCN) |
Keywords | Field | DocType |
network harvesting,global network view,control plane separation,spoofing attacks,network isolation attacks,OpenFlow SDN architecture,SDN networks,cloud data center networks,campus networks,network-scale,software-defined networks | Virtualization,Global network,Spoofing attack,Computer science,Computer network,Encryption,OpenFlow,Control system,Software-defined networking,Cloud computing | Conference |
ISSN | ISBN | Citations |
1095-2055 | 978-1-5386-5157-5 | 1 |
PageRank | References | Authors |
0.35 | 16 | 6 |