On the accuracy of formal verification of selective defenses for TDoS attacks

Lemos, Marcilio O. O.; Dantas, Yuri Gil; Fonseca, Iguatemi E.; Nigam, Vivek

doi:10.1016/j.jlamp.2017.09.001

Cited by 5 publications

(3 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Statistical model checking of discrete-time probabilistic models has been used to evaluate different selective strategies for mitigating telephony Denial of Service (DoS) attacks [16], and an distributed DoS attack on the TCAM memory of SDN switches [19]. Our research considers covert channel attacks rather than (D)DoS and we focus on continuous-time reasoning allowing for assessment of performance as well as reasoning about the attack.…”

Section: Conclusion and Related Workmentioning

confidence: 99%

Formal Analysis of Sneak-Peek: A Data Centre Attack and Its Mitigations

Chen

Lin

Galpin

et al. 2018

ICT Systems Security and Privacy Protection

Self Cite

View full text Add to dashboard Cite

Attackers can exploit covert channels, such as timing side-channels, to transmit information without data owners or network administrators being aware. Sneak-Peek is a recently considered data centre attack, where, in a multi-tenant setting, an insider attacker can communicate with colluding outsiders by intentionally adding delays to traffic on logically isolated but physically shared links. Timing attack mitigations typically introduce delays or randomness which can make it difficult to understand the trade-off between level of security (bandwidth of the covert channel) and performance loss. We demonstrate that formal methods can help. We analyse the impacts of two Sneak-Peek mitigations, namely, noise addition and path hopping. We provide a precise mathematical model of the attack and of the effectiveness these defences. This mathematical analysis is extended by two tool-based stochastic formal models, one formalized in UPPAAL and the other in CARMA. The formal models can capture more general and larger networks than a paper-based analysis, can be used to check properties and make measurements, and are more easily modifiable than conventional network simulations. With UPPAAL, we can analyse the effectiveness of mitigations and with CARMA, we can analyse how these mitigations affect latencies in typical data centre topologies. As results, we show that using a selective strategy for path hopping is better than a random strategy, that using the two defences in conjunction may actually be worse than using a single defence, and we show the connection between hop frequency and network latency.

show abstract

Section: Conclusion and Related Workmentioning

confidence: 99%

Formal Analysis of Sneak-Peek: A Data Centre Attack and Its Mitigations

Chen

Lin

Galpin

et al. 2018

ICT Systems Security and Privacy Protection

Self Cite

View full text Add to dashboard Cite

show abstract

“…Furthermore, if we know that the generic components work correctly, then debugging can focus on the network specification. Hence, this level of abstraction allows for speed in developing, debugging and simulating models with a fast turn-around which is not possible with full-stack emulation or simulation methods, as shown by similar formal methods research [31]. Furthermore, very few formal methods take a quantitative approach which is required if performance is to be measured.…”

Section: Evaluation and Conclusionmentioning

confidence: 99%

Formal Modelling of Software Defined Networking

Galpin

2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

This paper investigates the application of CARMA, a recently developed quantitative process-algebra-based modelling language, to the stochastic modelling of software defined networking (SDN). In SDN, a single controller (or hierarchy of controllers) determines the behaviour of the switches that forward traffic through the network, and it is used in a variety of settings including cloud and data centres. This research is the initial phase of developing a methodology for agile formal modelling of performance and security aspects of SDN, and focusses on the fat-tree network topology. The results demonstrate that the CARMA language and its software tools which include the MultiVeStA statistical model checker provide a good basis for modelling SDN.

show abstract

“…Inspired by slow-rate Application DDoS Attacks [15,16,20,22] , this paper investigate slow DDoS attacks on SDN, which do not require very large amount of traffic. Since existing defense are triggered by monitoring traffic volume, these slow attacks can bypass such defenses.…”

Section: Introductionmentioning

confidence: 99%

Slow denial-of-service attacks on software defined networks

2020

Self Cite

View full text Add to dashboard Cite

Software Defined Networking (SDN) is a network paradigm that decouples the network's control plane, delegated to the SDN controller, from the data plane, delegated to SDN switches. For increased efficiency, SDN switches use a high-performance Ternary Content-Addressable memory (TCAM) to install rules. However, due to the TCAM's high cost and power consumption, switches have a limited amount of TCAM memory. Consequently, a limited number of rules can be installed. This limitation has been exploited to carry out Distributed Denial of Service (DDoS) attacks, such as Saturation attacks, that generate large amounts of traffic. Inspired by slow application layer DDoS attacks, this paper presents and investigates DDoS attacks on SDN that do not require large amounts of traffic, thus bypassing existing defenses that are triggered by traffic volume. In particular, we offer two slow attacks on SDN. The first attack, called Slow TCAM Exhaustion attack (Slow-TCAM), is able to consume all SDN switch's TCAM memory by forcing the installation of new forwarding rules and maintaining them indeterminately active, thus disallowing new rules to be installed to serve legitimate clients. The second attack, called Slow Saturation attack, combines Slow-TCAM attack with a lower rate instance of the Saturation attack. A Slow Saturation attack is capable of denying service using a fraction of the traffic of typical Saturation attacks. Moreover, the Slow Saturation attack can also impact installed legitimate rules, thus causing a greater impact than the Slow-TCAM attack. In addition, it also affects the availability of other network's components, e.g. , switches, even the ones not being directly targeted by the attack, as has been proven by our experiments. We propose a number of variations of these attacks and demonstrate their effectiveness by means of an extensive experimental evaluation. The Slow-TCAM is able to deny service to legitimate clients requiring only 38 s and sending less than 40 packets per second without abruptly changing network resources, such as CPU and memory. Moreover, besides denying service as a Slow-TCAM attack, the Slow Saturation attack can also disrupt multiple SDN switches (not only the targeted ones) by sending a lower-rate traffic when compared to current known Saturation attacks.

show abstract

On the accuracy of formal verification of selective defenses for TDoS attacks

Cited by 5 publications

References 26 publications

Formal Analysis of Sneak-Peek: A Data Centre Attack and Its Mitigations

Formal Analysis of Sneak-Peek: A Data Centre Attack and Its Mitigations

Formal Modelling of Software Defined Networking

Slow denial-of-service attacks on software defined networks

Contact Info

Product

Resources

About