ETRI-Knowledge Sharing Plaform

KOREAN
논문 검색
Type SCI
Year ~ Keyword

Detail

Journal Article A Framework for Policy Inconsistency Detection in Software-Defined Networks
Cited 6 time in scopus Download 12 time Share share facebook twitter linkedin kakaostory
Authors
Seungsoo Lee, Seungwon Woo, Jinwoo Kim, Jaehyun Nam, Vinod Yegneswaran, Phillip Porras, Seungwon Shin
Issue Date
2022-06
Citation
IEEE/ACM Transactions on Networking, v.30, no.3, pp.1410-1423
ISSN
1063-6692
Publisher
IEEE, ACM
Language
English
Type
Journal Article
DOI
https://dx.doi.org/10.1109/TNET.2022.3140824
Abstract
Software-Defined Networking (SDN) has aggressively grown in data center networks, telecommunication providers, and enterprises by virtue of its programmable and extensible control plane. Also, there have been many kinds of research on the security of SDN components along with the growth of SDN. Some of them have inspected network policy inconsistency problems that can severely cause network reliability and security issues in SDN. However, they do not consider whether a single network policy itself is corrupted during processing inside and between SDN components. In this paper, we thus focus on the question of how to automatically identify cases in which the SDN stack fails to prevent policy inconsistencies from arising among those components. We then present AudiSDN, an automated fuzz-testing framework designed to formulate test cases in which policy inconsistencies can arise in OpenFlow networks, the most prevalent SDN protocol. To prove its feasibility, we applied AudiSDN to two widely used SDN controllers, Floodlight and ONOS, and uncovered three separate CVEs (Common Vulnerabilities and Exposures) that cause the network policy inconsistencies among SDN components. Furthermore, we investigate the design flaws that cause the inconsistencies in modern SDN components, suggesting specific validations to address such a serious but understudied pragmatic concern.
KSP Keywords
Control plane, Data Center Networks, Extensible control, Network Reliability, OpenFlow networks, Security issues, Software-Defined Networking(SDN), Testing Framework, design flaws, inconsistency detection, inconsistency problems