Securing P4-SDN Data Plane against Flow Table Modification Attack

被引：2

作者：

Reddy, Buchammagari Avinash ^{[1
]}

Sahoo, Kshira Sagar ^{[2
]}

Bhuyan, Monowar ^{[2
]}

机构：

[1] IIIT Naya Raipur, Dept Data Sci & Artificial Intelligence, Raipur, India

[2] Umea Univ, Dept Comp Sci, SE-90187 Umea, Sweden

来源：

PROCEEDINGS OF 2024 IEEE/IFIP NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM, NOMS 2024 | 2024年

关键词：

SDN; Flow table security; Flow rule modification attack; P4; switch; Data plane;

D O I：

10.1109/NOMS59830.2024.10575461

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Security in Software Defined Network (SDN) architecture is becoming the most substantial challenge. This paper introduces a novel threat model focused on flow table modification in the P4-programmable SDN data plane, outlining an attacker's stochastic manipulation of flow rules from a compromised switch. A detection framework is proposed to identify the malicious switch within the network by utilizing the thrift port. Moreover, a fuzzy-rule-based mitigation strategy has been proposed to identify the severity of attacks. The feasibility and effectiveness of the methodology are evaluated using a developed testbed setup by employing Facebook datacenter fabric topology in a Mininet emulator and BMv2 switch.

引用

页数：5

共 50 条

[41] P4Filter: A two level defensive mechanism against attacks in SDN using P4
Saxena, Ananya
Muttreja, Ritvik
Upadhyay, Shivam
Kumar, K. Shiv
Venkanna, U.
2021 IEEE INTERNATIONAL CONFERENCE ON ADVANCED NETWORKS AND TELECOMMUNICATIONS SYSTEMS (IEEE ANTS), 2021,
[42] Flow classification for network security using P4-based Programmable Data Plane switches
Krishnan, Aniswar S.
Sivalingam, Krishna M.
Shami, Gauravdeep
Lyonnais, Marc
Wilson, Rodney
2023 IEEE 9TH INTERNATIONAL CONFERENCE ON NETWORK SOFTWARIZATION, NETSOFT, 2023, : 374 - 379
[43] HOL4P4: Semantics for a Verified Data Plane
Alshnakat, Anoud
Lundberg, Didrik
Guanciale, Roberto
Dam, Mads
Palmskog, Karl
PROCEEDINGS OF THE 5TH INTERNATIONAL WORKSHOP ON P4 IN EUROPE, EUROP4 2022, 2022, : 39 - 45
[44] KPDFI: Efficient data flow integrity based on key property against data corruption attack
Nie, Xiaofan
Chen, Liwei
Wei, Haolai
Zhang, Yuantong
Cui, Ningning
Shi, Gang
COMPUTERS & SECURITY, 2023, 128
[45] Resilient Distributed DC Optimal Power Flow Against Data Integrity Attack
Duan, Jie
Zeng, Wente
Chow, Mo-Yuen
IEEE TRANSACTIONS ON SMART GRID, 2018, 9 (04) : 3543 - 3552
[46] Exploring Data Plane Updates on P4 Switches with P4Runtime
Stubbe, Henning
Gallenmueller, Sebastian
Simon, Manuel
Hauser, Eric
Scholz, Dominik
Carle, Georg
COMPUTER COMMUNICATIONS, 2024, 225 : 44 - 53
[47] DWT in P4: Periodicity Detection in the Data Plane
Huaytalla, Briggette R.
Jacobs, Arthur S.
Silva, Marcus V. B.
Carvalho, Fabricio B.
Ferreira, Ronaldo A.
Willinger, Walter
Granville, Lisandro Z.
2022 IEEE GLOBAL COMMUNICATIONS CONFERENCE (GLOBECOM 2022), 2022, : 6343 - 6348
[48] P4 Switch Code Data Flow Analysis: Towards Stronger Verification of Forwarding Plane Software
Birnfeld, Karine
da Silva, Diogo Campos
Cordeiro, Weverton
Nicolau de Franca, Breno Bernard
NOMS 2020 - PROCEEDINGS OF THE 2020 IEEE/IFIP NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM 2020: MANAGEMENT IN THE AGE OF SOFTWARIZATION AND ARTIFICIAL INTELLIGENCE, 2020,
[49] Collaborative Defense Against Hybrid Network Attacks by SDN Controllers and P4 Switches
Wang, You-Chiun
Su, Pin-Yu
IEEE TRANSACTIONS ON NETWORK SCIENCE AND ENGINEERING, 2024, 11 (02): : 1480 - 1495
[50] Towards a Security Monitoring Plane for Named Data Networking and its Application against Content Poisoning Attack
Mai, Hoang Long
Nguyen, Tan
Doyen, Guillaume
Cogranne, Remi
Mallouli, Wissam
de Oca, Edgardo Montes
Festor, Olivier
NOMS 2018 - 2018 IEEE/IFIP NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM, 2018,

← 1 2 3 4 5 →