Malicious Code and Access Control in SDN SPRING14 , 31.7. 1.8.2014 - - PowerPoint PPT Presentation

malicious code and access control in sdn
SMART_READER_LITE
LIVE PREVIEW

Malicious Code and Access Control in SDN SPRING14 , 31.7. 1.8.2014 - - PowerPoint PPT Presentation

Jan 26, 2024 214 likes •421 views

Malicious Code and Access Control in SDN SPRING14 , 31.7. 1.8.2014 Hans Christian Rpke Chair for System Security 1 Introduction 2 Malicious Code in SDN 3 Access Control in SDN 4 Conclusions Software-Defined Networks|Horst Grtz

slide-1
SLIDE 1

Malicious Code and Access Control in SDN

SPRING’14, 31.7. – 1.8.2014 Hans Christian Röpke Chair for System Security

slide-2
SLIDE 2

1 Introduction 2 Malicious Code in SDN 3 Access Control in SDN 4 Conclusions

Software-Defined Networks|Horst Görtz Institute for IT-Security|SPRING’14|31.7. – 1.8.2014 2/19

slide-3
SLIDE 3

Computer Market Evolution

Specialized Hardware Specialized Operation Systems Specialized Applications Appl. Open Interface Open Interface

  • Closed, proprietary
  • Slow innovation
  • Small industry
  • Open interfaces
  • Rapid innovation
  • Huge industry

∗McKeown et al., ONS’11 Software-Defined Networks|Horst Görtz Institute for IT-Security|SPRING’14|31.7. – 1.8.2014 3/19

slide-4
SLIDE 4

Networks Today

Specialized Hardware Specialized Control Systems Specialized Features Open Interface

  • Closed, proprietary
  • Slow innovation
  • Open interfaces

∗McKeown et al., ONS’11 Software-Defined Networks|Horst Görtz Institute for IT-Security|SPRING’14|31.7. – 1.8.2014 4/19

slide-5
SLIDE 5

Network Market Evolution

Appl. Open Interface Open Interface

?

Specialized Hardware Specialized Control Systems Specialized Features

  • Closed, proprietary
  • Slow innovation
  • Open interfaces
  • Rapid innovation (?)

∗McKeown et al., ONS’11 Software-Defined Networks|Horst Görtz Institute for IT-Security|SPRING’14|31.7. – 1.8.2014 5/19

slide-6
SLIDE 6

What is Software-Defined Networking? Definition

SDN := Decoupling network control features from forwarding hardware.

  • Spec. HW
  • Spec. Control

Systems Spec. Features

  • Spec. HW
  • Spec. Control

Systems Spec. Features

  • Spec. HW
  • Spec. Control

Systems Spec. Features Network OS Appl. Appl. Appl. Appl. Appl. Southbound API Northbound API Open Interface Open Interface Open Interface

Software-Defined Networks|Horst Görtz Institute for IT-Security|SPRING’14|31.7. – 1.8.2014 6/19

slide-7
SLIDE 7

SDN @ Google

Backbone performance Operation costs Fault tolerance

∗Hölzle, ONS’12 Software-Defined Networks|Horst Görtz Institute for IT-Security|SPRING’14|31.7. – 1.8.2014 7/19

slide-8
SLIDE 8

Example

SDN controller Appl.

packet

Flow table

?

Software-Defined Networks|Horst Görtz Institute for IT-Security|SPRING’14|31.7. – 1.8.2014 8/19

slide-9
SLIDE 9

Example

SDN controller Appl.

packet

Flow table

?

Flow rule

packet

Flow rule

packet

Software-Defined Networks|Horst Görtz Institute for IT-Security|SPRING’14|31.7. – 1.8.2014 9/19

slide-10
SLIDE 10

SDN Layers

SDN controller Appl.

packet

Flow table

?

Flow rule

packet

Flow rule

packet

Network intelligence Global network view Complexity hiding Switch programming Packet forwarding

Application Layer Control Layer Switch Infrastructure

Software-Defined Networks|Horst Görtz Institute for IT-Security|SPRING’14|31.7. – 1.8.2014 10/19

slide-11
SLIDE 11

Most Common Implementation

SDN Controller Process Standard PC Hardware Common OS SDN Appl. OpenFlow-enabled Switch Network Other Processes SDN Appl. SDN Appl. SDN Appl. Standard PC HW Common OS

SDN Appl. SDN Appl.

Software-Defined Networks|Horst Görtz Institute for IT-Security|SPRING’14|31.7. – 1.8.2014 11/19

slide-12
SLIDE 12

Module vs. REST Applications

SDN Controller Process Standard PC Hardware Common OS SDN Appl. OpenFlow-enabled Switch Network Other Processes SDN Appl. SDN Appl. SDN Appl. Standard PC HW Common OS

SDN Appl. SDN Appl.

Module Applications REST Applications

Software-Defined Networks|Horst Görtz Institute for IT-Security|SPRING’14|31.7. – 1.8.2014 12/19

slide-13
SLIDE 13

Network-level vs. System-level

  • Network-level
  • Main purpose
  • Forwarding decisions
  • Flow rules
  • System-level
  • Rather a side effect
  • Negligible for SDN
  • But significant with respect to security

∗Canini et al., NSDI’13 Software-Defined Networks|Horst Görtz Institute for IT-Security|SPRING’14|31.7. – 1.8.2014 13/19

slide-14
SLIDE 14

Malicious SDN Applications

SDN Controller Process Standard PC Hardware Common OS OpenFlow-enabled Switch Network Other Processes SDN Appl. SDN Appl.

  • Module applications
  • Consequences on system-level

Software-Defined Networks|Horst Görtz Institute for IT-Security|SPRING’14|31.7. – 1.8.2014 14/19

slide-15
SLIDE 15

Experiments

  • Malicious SDN module application samples
  • Denial-of-service attack
  • Arbitrary code execution
  • Remote control / backdoor
  • Examined SDN controllers (popular & state-of-the-art)
  • Beacon
  • Floodlight
  • OpenDaylight
  • HP VAN
  • Results
  • SDN controller shutdown
  • Malware execution
  • Remote control of SDN controllers (→ of entire networks)

Software-Defined Networks|Horst Görtz Institute for IT-Security|SPRING’14|31.7. – 1.8.2014 15/19

slide-16
SLIDE 16

Security Tool

  • Idea
  • Put SDN module applications into a sandbox
  • Control access to sensitive operations
  • Design

SDN Appl. Access Control

Sensitive

  • perations

Non-sensitive

  • perations

Security rule set Code Execution

?

Default rules SDN appl. A rule set SDN appl. B rule set

  • Contribution: Effective attack prevention

Software-Defined Networks|Horst Görtz Institute for IT-Security|SPRING’14|31.7. – 1.8.2014 16/19

slide-17
SLIDE 17

Access Control in SDN

  • Security tool limitations
  • Unknown sensitive operations in use
  • Manual configuration
  • Idea: Access control framework
  • Enable developers to define permissions
  • Enable network operators to review permission requests
  • Enforce network operations to decide on permission requests

(before the start of a certain SDN application)

  • Activate security rules automatically according to decisions
  • Support network operators in case of unavailable permission requests
  • Contributions
  • Provide access control mechanism for SDN controllers
  • Protect SDN controller on system-level

Software-Defined Networks|Horst Görtz Institute for IT-Security|SPRING’14|31.7. – 1.8.2014 17/19

slide-18
SLIDE 18

Conclusions

  • SDN may change the network market drastically
  • SDN promises rapid innovation through third-party software
  • Third-party software must not be malicious-free
  • Malicious SDN applications harm entire networks
  • SDN security is essential for the SDN success
  • We provide building blocks for system-level SDN security
  • Security analysis
  • Security tool
  • Access control mechanism

Software-Defined Networks|Horst Görtz Institute for IT-Security|SPRING’14|31.7. – 1.8.2014 18/19

slide-19
SLIDE 19

Many thanks for your attention! Questions? Contact Hans Christian Röpke christian.roepke@rub.de Chair for System Security