상세정보
학술대회
AudiSDN: Automated Detection of Network Policy Inconsistencies in Software-Defined Networks
- 저자
- 이승수, 우승원, 김진우, Vinod Yegneswaran, Phillip Porras, 신승원
- 발행일
- 202007
- 출처
- Conference on Computer Communications (INFOCOM) 2020, pp.1788-1797
- 협약과제
- 20ZR1300, 지능형 사이버 보안 및 신뢰 인프라 기술 연구, 김익균
- 초록
- At the foundation of every network security architecture lies the premise that formulated network flow policies are reliably deployed and enforced by the network infrastructure. However, software-defined networks (SDNs) add a particular challenge to satisfying this premise, as for SDNs the flow pol-icy implementation spans multiple applications and abstraction layers across the SDN stack. In this paper, we focus on the question of how to automatically identify cases in which the SDN stack fails to prevent policy inconsistencies from arising among these components. This question is rather essential, as when such inconsistencies arise the implications to the security and reliability of the network are devastating. We present AudiSDN, an automated fuzz-testing framework designed to formulate test cases in which policy inconsistencies can arise in OpenFlow networks, the most prevalent SDN protocol used today. We also present results from applying AudiSDN to two widely used SDN controllers, Floodlight and ONOS. In fact, our test results have led to the filing of 3 separate CVE reports. We believe that the approach presented in this paper is applicable to the breadth of OpenFlow platforms used today, and that its broader usage will help to address a serious but yet understudied pragmatic concern.
- KSP 제안 키워드
- Automated Detection, Multiple Applications, Network flow, OpenFlow networks, Security and Reliability, Security architecture, Software-Defined Networking(SDN), Testing Framework, network infrastructure, network security, sdn controller