ETRI-Knowledge Sharing Plaform



논문 검색
구분 SCI
연도 ~ 키워드


학술지 A Framework for Policy Inconsistency Detection in Software-Defined Networks
Cited 3 time in scopus Download 11 time Share share facebook twitter linkedin kakaostory
이승수, 우승원, 김진우, 남재현, Vinod Yegneswaran, Phillip Porras, 신승원
IEEE/ACM Transactions on Networking, v.30 no.3, pp.1410-1423
Software-Defined Networking (SDN) has aggressively grown in data center networks, telecommunication providers, and enterprises by virtue of its programmable and extensible control plane. Also, there have been many kinds of research on the security of SDN components along with the growth of SDN. Some of them have inspected network policy inconsistency problems that can severely cause network reliability and security issues in SDN. However, they do not consider whether a single network policy itself is corrupted during processing inside and between SDN components. In this paper, we thus focus on the question of how to automatically identify cases in which the SDN stack fails to prevent policy inconsistencies from arising among those components. We then present AudiSDN, an automated fuzz-testing framework designed to formulate test cases in which policy inconsistencies can arise in OpenFlow networks, the most prevalent SDN protocol. To prove its feasibility, we applied AudiSDN to two widely used SDN controllers, Floodlight and ONOS, and uncovered three separate CVEs (Common Vulnerabilities and Exposures) that cause the network policy inconsistencies among SDN components. Furthermore, we investigate the design flaws that cause the inconsistencies in modern SDN components, suggesting specific validations to address such a serious but understudied pragmatic concern.
KSP 제안 키워드
Control plane, Data Center Networks, Extensible control, Network Reliability, OpenFlow networks, Security issues, Software-Defined Networking(SDN), Testing Framework, design flaws, inconsistency detection, inconsistency problems