【 摘 要 】

Software-defined networking (SDN) is an emerging paradigm that differs from traditional approaches to computer networking by decoupling how traffic forwarding should be performed from the traffic itself, logically centralizing the related decisions through one or more controllers, and providing a standardized control protocol among network forwarding devices (e.g., switches) and controller(s). Much of the recent research in the networking community has focused on what is now possible because of the flexibility of SDN architectures, but what is less understood is 1) the resilience of SDN to intentional, malicious attacks against system components and 2) how the control protocol affects and is affected by these attacks. Significant challenges include systematically establishing what attacks are possible in the control protocol and understanding the ramifications of attacks on controllers, switches, network applications, and overall network behavior.This thesis introduces a model, a language, and an injector for describing and injecting attacks into the control plane of the OpenFlow-based SDN architecture. First, we define an attack model that models the components in the SDN network and the assumptions about an attacker's capabilities against control plane messages. Second, we define an attack language that allows for attacks to be described based on the semantics of the OpenFlow protocol. Third, we describe an attack injection architecture that uses the aforementioned attack model and language to actuate attacks that demonstrate vulnerabilities in the design, implementation, and configuration of an SDN-based architecture. Finally, we motivate our design with an enterprise network use case and demonstrate the efficacy of our injector by injecting attacks and understanding the attacks' results.

【 预 览 】

附件列表

Files	Size	Format	View
An attack model, language, and injector for the control plane of software-defined networks	1643KB	PDF	download