SDN Security: Information Disclosure and Flow Table Overflow Attacks

被引：3

作者：

Patwardhan, Aditya ^{[1
]}

Jayarama, Deepthi ^{[1
]}

Limaye, Nitish ^{[2
]}

Vidhale, Shivaji ^{[2
]}

Parekh, Zarna ^{[1
]}

Harfoush, Khaled ^{[2
]}

机构：

[1] North Carolina State Univ, Dept Elect & Comp Engn, Raleigh, NC 27606 USA

[2] North Carolina State Univ, Dept Comp Sci, Raleigh, NC 27606 USA

来源：

2019 IEEE GLOBAL COMMUNICATIONS CONFERENCE (GLOBECOM) | 2019年

关键词：

SDN security; OpenFlow; Overflow attacks; Flow tables;

D O I：

10.1109/globecom38437.2019.9014048

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

In this paper, we study some of the security pitfalls present in the OpenFlow protocol, which plays a central role in Software Defined Networks. Specifically, we introduce information disclosure attacks capable of identifying idle and hard timeout values, and the number of free entries in the flow tables at SDN switches. We then leverage this information to mount Denial of Service (DoS) attacks using a small number of packets and without flooding the SDN network, making it harder to detect. Experimental results indicate that mounting the proposed attack leads to delays and packet losses for legitimate flows. We further propose solutions to detect and mitigate similar attacks.

引用

页数：6

共 50 条

[41] Inference Attacks and Information Security in Databases
A. A. Poltavtsev
A. R. Khabarov
A. O. Selyankin
[J]. Automatic Control and Computer Sciences, 2020, 54 : 829 - 833
[42] Inference Attacks and Information Security in Databases
Poltavtsev, A. A.
Khabarov, A. R.
Selyankin, A. O.
[J]. AUTOMATIC CONTROL AND COMPUTER SCIENCES, 2020, 54 (08) : 829 - 833
[43] Enhancing security in SDN: Systematizing attacks and defenses from a penetration perspective
Kim, Jinwoo
Seo, Minjae
Lee, Seungsoo
Nam, Jaehyun
Yegneswaran, Vinod
Porras, Phillip
Gu, Guofei
Shin, Seungwon
[J]. COMPUTER NETWORKS, 2024, 241
[44] On an Integrated Security Framework for Defense Against Various DDoS Attacks in SDN
Wu, Hao
Hou, Aiqin
Nie, Weike
Wu, Chase
[J]. 2023 INTERNATIONAL CONFERENCE ON COMPUTING, NETWORKING AND COMMUNICATIONS, ICNC, 2023, : 311 - 317
[45] Decision Tree-Based Entries Reduction scheme using multi-match attributes to prevent flow table overflow in SDN environment
Nallusamy, Priyanka
Saravanen, Sapna
Krishnan, Murugan
[J]. INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT, 2021, 31 (04)
[46] Detection and Mitigation of Security Attacks using Real Time SDN Analytics
Veena, S.
Manju, R.
[J]. 2017 INTERNATIONAL CONFERENCE OF ELECTRONICS, COMMUNICATION AND AEROSPACE TECHNOLOGY (ICECA), VOL 2, 2017, : 87 - 93
[47] Solid-Flow : A Flow Rules Security Mechanism for SDN
Qasmaoui, Youssef
Haqiq, Abdelkrim
[J]. PROCEEDINGS OF 2017 3RD INTERNATIONAL CONFERENCE OF CLOUD COMPUTING TECHNOLOGIES AND APPLICATIONS (CLOUDTECH), 2017, : 257 - 263
[48] Security protection and checking in embedded system integration against buffer overflow attacks
Shao, ZL
Xue, C
Zhuge, QF
Sha, EHM
Xiao, B
[J]. ITCC 2004: INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY: CODING AND COMPUTING, VOL 1, PROCEEDINGS, 2004, : 409 - 413
[49] Isolation Guarantees with Flow Table Overflow in Software-Defined Networks
Chang, Tzu-Wen
Huang, Zhi-Hong
Chang, You-Jia
Kuo, Jian-Jhih
Tsai, Ming-Jer
[J]. 2020 IEEE GLOBAL COMMUNICATIONS CONFERENCE (GLOBECOM), 2020,
[50] Protection against Flow Table Overflow Attack in Software Defined Networks
Noh, Sichul Kevin
Kang, Minjae
Park, Minho
[J]. 35TH INTERNATIONAL CONFERENCE ON INFORMATION NETWORKING (ICOIN 2021), 2021, : 486 - 490

← 1 2 3 4 5 →