ATTAIN: An Attack Injection Framework for Software-Defined Networking

Ujcich, Benjamin E.; Thakore, Uttam; Sanders, William H.

doi:10.1109/dsn.2017.59

Cited by 15 publications

(15 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Researchers have provided a few automated analysis and test frameworks [45], [46], [47], [48] to find potential vulnerabilities in SDN applications and other components. SHIELD [45] provides an automated framework to efficiently conduct static analysis of SDN applications, which requires source codes of applications and well-defined malicious behavior to find malicious applications.…”

Section: Related Workmentioning

confidence: 99%

When Match Fields Do Not Need to Match: Buffered Packets Hijacking in SDN

Cao¹,

Xie²,

Sun³

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Software-Defined Networking (SDN) greatly meets the need in industry for programmable, agile, and dynamic networks by deploying diversified SDN applications on a centralized controller. However, SDN application ecosystem inevitably introduces new security threats since compromised or malicious applications can significantly disrupt network operations. Thus, a number of effective security enhancement systems have been developed to defend against potential attacks from SDN applications. In this paper, we identify a new vulnerability on flow rule installation in SDN, namely, buffered packet hijacking, which can be exploited by malicious applications to launch effective attacks bypassing all existing defense systems. The root cause of this vulnerability lies in that SDN systems do not check the inconsistency between buffer IDs and match fields when an application attempts to install flow rules. Thus, a malicious application can manipulate buffer IDs to hijack buffered packets even though they do not match any installed flow rules. We design effective attacks exploiting this vulnerability to disrupt all three SDN layers, i.e., application layer, data plane layer, and control layer. First, by modifying buffered packets and resending them to controllers, a malicious application can poison other applications. Second, by manipulating forwarding behaviors of buffered packets, a malicious application can not only disrupt TCP connections of flows but also make flows bypass network security policies. Third, by copying massive buffered packets to controllers, a malicious application can saturate the bandwidth of SDN control channels and their computing resources. We demonstrate the feasibility and effectiveness of these attacks with both theoretical analysis and experiments in a real SDN testbed. Finally, we develop a lightweight defense system that can be readily deployed in existing SDN controllers as a patch.

show abstract

Section: Related Workmentioning

confidence: 99%

When Match Fields Do Not Need to Match: Buffered Packets Hijacking in SDN

Cao¹,

Xie²,

Sun³

et al. 2020

Proceedings 2020 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…While the latter can be easily solved by owning virtual machines in the infrastructure, the former requires to be able to alter nodes configuration. This has been proven possible in [8], [9], [10]. Precisely, the attacker is able to spoof the identity of the network hypervisor, and thus is able to inject malicious flow rules inside the nodes to create the data exfiltration path.…”

Section: Problem Statementmentioning

confidence: 99%

“…In scenario b) the higher the detection rate the higher the reward of node 3, the secondary source of attacks. The steadiness in the evolution of each node shows that the performance of the detection is not a major factor in determining which b f bc p ca γ [30,40] [ 10,20,30,40] [0.5,0.6,0.7,0.8,0.9] 10 0.9 10,10,10,5,5,5] TABLE I: Parameters summary nodes are best suited for the monitoring. We formulate some hypotheses in Section VIII.…”

Section: Use Casementioning

confidence: 99%

Optimizing Resource Allocation for Secure SDN-based Virtual Network Migration

Charmet

Blanc

Kiennert

2019

2019 IEEE 18th International Symposium on Network Computing and Applications (NCA)

View full text Add to dashboard Cite

“…Van Woudenberg et al [16] and Jeong et al [17] use optical fault injection and power supply disturbances, respectively, on protected smart cards to identify and exploit security vulnerabilities to recover secret keys and access decrypted data. Ujcich et al [7] use the ATTAIN framework, Fonseca et al [6] use the VAIT tool and Antunes et al [18] and Neves et al [8] use the AJECT tool to perform attack injection to identify vulnerabilities. ATTAIN is developed to inject attacks on software-defined networking (SDN) architectures; VAIT is used to evaluate web security mechanisms; and AJECT is developed to inject attacks on network-related servers, specifically IMAP servers, where it uses a specification of the server's communication protocol and predefined test case generation algorithms to automatically generate attacks.…”

Section: B Related Workmentioning

confidence: 99%

“…Several attack injection tools and frameworks have been proposed in the past [4], [5], [6], [7], [8], which all target the system either in later parts of the system's development process or even after deployment of the system. However, the attack injection framework proposed in this paper simulates cybersecurity attacks in early development phases of systems; thus it is suitable for model-based design and development of, e.g., automotive embedded systems [9].…”

Section: Introductionmentioning

confidence: 99%

A Study of the Interplay Between Safety and Security Using Model-Implemented Fault Injection

Sangchoolie

Folkesson

Vinter

2018

2018 14th European Dependable Computing Conference (EDCC)

View full text Add to dashboard Cite

The combination of high mobility and wireless communication in many safety-critical systems have increased their exposure to malicious security threats. Consequently, many works in the past have proposed solutions to ensure safety and security of these systems. However, not much attention has been given to the interplay between these two groups of nonfunctional requirements. This is a concern as safety solutions may negatively impact system security and vice versa. This paper addresses the interplay between safety and security by proposing an attack injection framework, based on model-implemented fault injection, suitable for model-based design. The framework enables us to study and evaluate the impact of cybersecurity attacks on system safety early in the development process. To this end, we have implemented six attack injection models and conducted experiments on Simulink models of a CAN bus and a brake-by-wire controller. The results show that the security attacks modeled could successfully impact the system safety by violating our defined safety requirements.

show abstract

ATTAIN: An Attack Injection Framework for Software-Defined Networking

Cited by 15 publications

References 12 publications

When Match Fields Do Not Need to Match: Buffered Packets Hijacking in SDN

When Match Fields Do Not Need to Match: Buffered Packets Hijacking in SDN

Optimizing Resource Allocation for Secure SDN-based Virtual Network Migration

A Study of the Interplay Between Safety and Security Using Model-Implemented Fault Injection

Contact Info

Product

Resources

About