ETRI-Knowledge Sharing Plaform

ENGLISH

성과물

논문 검색
구분 SCI
연도 ~ 키워드

상세정보

학술지 A Framework for Policy Inconsistency Detection in Software-Defined Networks
Cited 3 time in scopus Download 11 time Share share facebook twitter linkedin kakaostory
저자
이승수, 우승원, 김진우, 남재현, Vinod Yegneswaran, Phillip Porras, 신승원
발행일
202206
출처
IEEE/ACM Transactions on Networking, v.30 no.3, pp.1410-1423
ISSN
1063-6692
출판사
IEEE, ACM
DOI
https://dx.doi.org/10.1109/TNET.2022.3140824
초록
Software-Defined Networking (SDN) has aggressively grown in data center networks, telecommunication providers, and enterprises by virtue of its programmable and extensible control plane. Also, there have been many kinds of research on the security of SDN components along with the growth of SDN. Some of them have inspected network policy inconsistency problems that can severely cause network reliability and security issues in SDN. However, they do not consider whether a single network policy itself is corrupted during processing inside and between SDN components. In this paper, we thus focus on the question of how to automatically identify cases in which the SDN stack fails to prevent policy inconsistencies from arising among those components. We then present AudiSDN, an automated fuzz-testing framework designed to formulate test cases in which policy inconsistencies can arise in OpenFlow networks, the most prevalent SDN protocol. To prove its feasibility, we applied AudiSDN to two widely used SDN controllers, Floodlight and ONOS, and uncovered three separate CVEs (Common Vulnerabilities and Exposures) that cause the network policy inconsistencies among SDN components. Furthermore, we investigate the design flaws that cause the inconsistencies in modern SDN components, suggesting specific validations to address such a serious but understudied pragmatic concern.
KSP 제안 키워드
Control plane, Data Center Networks, Extensible control, Network Reliability, OpenFlow networks, Security issues, Software-Defined Networking(SDN), Testing Framework, design flaws, inconsistency detection, inconsistency problems