A Model Checking Based Approach for Detecting SDN Races

Vinarskii, Evgenii; López, Jorge; Kushik, Natalia; Yevtushenko, Nina; Zeghlache, Djamal

doi:10.1007/978-3-030-31280-0_12

Cited by 6 publications

(5 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…SVHunter [56] targets D2C2 vulnerabilities (data dependency creation and chaining) exploitable by attackers. SDN-fuzzer [57] detects storage vulnerabilities in NMDA-based controllers; and Evgenii Vinarskii et al [58] have proposed a modeling approach for identifying concurrency issues (i.e., races) in controllers. Due to the distinct nature of these studies, they were not included in our direct comparison.…”

Section: Attack Demonstrationmentioning

confidence: 99%

“…The formal methods have also been integrated into SDN security practices, with formal verification techniques being extensively applied in the SDN control plane. Canini et al [21] examined NOX controller applications using symbolic execution, while Vinarskii et al [58] and Lu et al [62] explored the concurrency races problems between components in SDN network. While these studies focused on specific controller types, our work delves into universal issues arising from common design principles in the SDN paradigm.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Toward Automated Attack Discovery in SDN Controllers Through Formal Verification

Yuan,

Zhang,

Ren

et al. 2024

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

Software-defined Network (SDN), presented to be a novel architecture of network because of its separation of data plane and control plane, brings centralization and extensibility to network management as well as new attacks that exploit the flexibility of SDN. OpenFlow, which is the protocol that is applied by the majority of SDN, leads to the widely used definition of the communication between the controller and the switch resulting in similar implementations regardless of different vendors. In this paper, we focus on the mechanisms of packet processing and topology discovery and their fundamental weaknesses caused by general implementations or device limitations. Despite the common vulnerabilities, the universal standard mechanisms of basic function in SDN also enlighten us to present an automated attack discovery method based on the formal verification with a generic model of SDN system. We describe the abstraction of the SDN components, their key functions, and communications along with the malicious operations that could be executed by malicious hosts and malicious switches and translate them into a formal model of the SDN system. The formal verification carried on with the assertion representing the security properties derived from the common vulnerabilities of the SDN system reports the potential attack paths each of which shows an attack process. Our evaluation shows that our method can discover feasible attack paths efficiently and effectively, with 23 attacks being identified, among which 2 are new. We further demonstrate the practicality of the 2 new attacks.

show abstract

Section: Attack Demonstrationmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Toward Automated Attack Discovery in SDN Controllers Through Formal Verification

Yuan,

Zhang,

Ren

et al. 2024

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

show abstract

“…Может случиться так (см. [15]), что контроллер ПКС при получении входного временного слова ( 1 , 1 ), ( 2 , 2 ), где 1 < 2 , выдаёт входное временное слово ( 2 , 1 ), ( 1 , 2 ), где 2 < 1 , т.е. второе правило будет установлено раньше первого.…”

Section: свойство безопасности для систем реального времениunclassified

On the Modeling of Sequential Reactive Systems by Means of Real Time Automata

Vinarskii

Zakharov

2021

Aut. Control Comp. Sci.

View full text Add to dashboard Cite

Sequential reactive systems include hardware devices and so ware programs which operate in continuous interaction with the external environment, from which they receive streams of input signals (data, commands) and in response to them form streams of output signals. Systems of this type include controllers, network switches, program interpreters, system drivers. e behavior of some reactive systems is determined not only by the sequence of values of input signals, but also by the time of their arrival at the inputs of the system and the delays in computing the output signals.ese aspects of reactive system computations are taken into account by real-time models of computation which include, in particular, realtime nite state machines (TFSMs). However, in most works where this class of real-time automata is studied a simple variant of TFSM semantics is used: the transduction relation computed by a TFSM is de ned so that the elements of an output stream, regardless of their timestamps, follow in the same order as the corresponding elements of the input stream.is straightforward approach makes the model easier to analyze and manipulate, but it misses many important features of real-time computation. In this paper we study a more realistic semantics of TFSMs and show how to represent it by means of Labeled Transition Systems. e use of the new TFSM model also requires new approaches to the solution of veri cation problems in the framework of this model. For this purpose, we propose an alternative de nition of TFSM computations by means of Labeled Transition Systems and show that the two de nitions of semantics for the considered class of real-time nite state machines are in good agreement with each other. e use of TFSM semantics based on Labeled Transition Systems opens up the possibility of adapting well known real-time model checking techniques to the veri cation of sequential reactive systems.

show abstract

“…Может случиться так (см. [15] которое удовлетворяет свойству безопасности . Данный пример показывает, что операционная семантика TFSM, которая определена в терминах преобразования временных слов, мало пригодна для эффективного решения на ее основе задачи верификации свойств безопасности вычислений TFSM.…”

Section: свойство безопасности для систем реального времениunclassified

“…Эти команды доставляются коммутаторам по каналам сети с некоторой задержкой, и поэтому порядок выполнения команд, вносящих изменения в таблицы коммутации, может отличаться от того порядка, в котором они были сформированы контроллером ПКС. Возможна такая ситуация, описанная в [15], когда контроллер получает пару запросов 1 и 2 на добавление новых правил от коммутаторов сети 1 и 2 в моменты времени 1 и 2 соответственно, где 1 < 2 . В ответ на каждый из этих запросов контроллер формирует команду добавления в таблицы коммутации новых правил, и эта команда может быть доставлена коммутатору и выполнена им с некоторой задержкой .…”

Section: Introductionunclassified

On the Modeling of Sequential Reactive Systems by Means of Real Time Automata

Vinarskii

Zakharov

2020

Model. anal. inf. sist.

View full text Add to dashboard Cite

Sequential reactive systems include hardware devices and software programs which operate in continuous interaction with the external environment, from which they receive streams of input signals (data, commands) and in response to them form streams of output signals. Systems of this type include controllers, network switches, program interpreters, system drivers. The behavior of some reactive systems is determined not only by the sequence of values of input signals, but also by the time of their arrival at the inputs of the system and the delays in computing the output signals. These aspects of reactive system computations are taken into account by real-time models of computation which include, in particular, realtime finite state machines (TFSMs). However, in most works where this class of real-time automata is studied a simple variant of TFSM semantics is used: the transduction relation computed by a TFSM is defined so that the elements of an output stream, regardless oftheir timestamps, follow in the same order as the corresponding elements ofthe input stream. This straightforward approach makes the model easier to analyze and manipulate, but it misses many important features of real-time computation. In this paper we study a more realistic semantics of TFSMs and show how to represent it by means of Labeled Transition Systems. The use of the new TFSM model also requires new approaches to the solution of verification problems in the framework of this model. For this purpose, we propose an alternative definition of TFSM computations by means of Labeled Transition Systems and show that the two definitions of semantics for the considered class of real-time finite state machines are in good agreement with each other. The use of TFSM semantics based on Labeled Transition Systems opens up the possibility of adapting well known real-time model checking techniques to the verification ofsequential reactive systems.

show abstract

A Model Checking Based Approach for Detecting SDN Races

Cited by 6 publications

References 11 publications

Toward Automated Attack Discovery in SDN Controllers Through Formal Verification

Toward Automated Attack Discovery in SDN Controllers Through Formal Verification

On the Modeling of Sequential Reactive Systems by Means of Real Time Automata

On the Modeling of Sequential Reactive Systems by Means of Real Time Automata

Contact Info

Product

Resources

About