SECURITY IN SOFTWARE DEFINED NETWORKING - AN ANALYSIS OF NEW ATTACK AND DEFENSE VECTORS

Open Access
Author:
Achleitner, Stefan
Graduate Program:
Computer Science and Engineering
Degree:
Doctor of Philosophy
Document Type:
Dissertation
Date of Defense:
November 14, 2017
Committee Members:
  • Thomas F Laporta, Dissertation Advisor
  • Thomas F Laporta, Committee Chair
  • Patrick Drew Mcdaniel, Committee Member
  • Trent Ray Jaeger, Committee Member
  • Soundar Kumara, Outside Member
Keywords:
  • Network Security
  • Software Defined Networking
  • Cyber Security
  • Computer Networks
Abstract:
Software Defined Networking (SDN) is a novel concept in computer networks that enables a central controlling platform to dynamically program the data-plane of a network with the usage of flow rules. This separation of the control- and data-plane provides a framework for the implementation of novel network applications. This dissertation investigates the potential of Software Defined Networking in the security domain of computer networks. By considering two aspects, "Security through SDN" and "Security of SDN", we demonstrate the ability to implement novel defense systems on the basis of SDN as well as discuss how advanced adversaries are able to attack the core parts of an SDN. This analysis motivates the development of a novel security framework which is able to generate network configurations for SDNs that meet defined security properties. In particular, we investigate network reconnaissance which is performed by malicious insiders and is a pre-phase of advanced targeted cyber attacks. Network virtualization techniques, such as SDN, provide the ability to deploy novel defense mechanisms which hide crucial system information from attackers, while maintaining a high quality of system performance for legitimate users. We discuss the development and implementation process of such a system in this dissertation. Attacks such as denial of service, that are launched on SDN-enabled networks may affect current flows traversing the network and disrupt the provided services. For a quick and successful reconfiguration of an SDN-enabled network to reestablish the network services after a cyber attack a deep analysis of the process to deploy a flow rule based network configuration on the data-plane is necessary. We analyze the dominating factors of the network configuration time in SDN and propose optimization models and algorithms to minimize the required time to compute and deploy flow rule based network configurations. We demonstrate that our approach is able to minimize the time required to recover after a cyber attack causing certain network resources to suddenly become unavailable. While SDN provides a platform for the development of novel defense approaches, weaknesses arise if attackers apply advanced techniques, such as network forensics, to exploit the configuration details of SDN-based applications. To demonstrate that network virtualization, with the use of SDN, extends the attack surface of traditional networks, we show that adversaries are able to reconstruct the details of SDN flow rules on the data-plane and exploit the collected information to launch targeted cyber attacks. Adversaries performing advanced network forensics as well as numerous other attack strategies on SDN, pursue different goals but are all based on a small set of attack techniques. Once untrusted nodes are in the perimeter of a network, actions such as probing and transmission of spoofed packets can be performed, which often lead to severe security issues. While novel network architectures such as Software Defined Networking (SDN) are sensitive to attacks involving lateral movement and spoofed traffic they also provide a framework to enforce flow isolation between and across network devices with a fine granularity. To ensure secure information flow between entities a framework that guarantees flow isolation has to implement a proven security policy such as multilevel security (MLS). To achieve secure information flow in a network we introduce a framework, MLSNet, that will find a network configuration given a security lattice, a network topology and a labeling of nodes that guarantees an assignment of flows in the network compliant with an MLS policy. To automatically generate such a configuration we provide two optimization models to compute a network configuration that meets the defined security constraints. We further identify a set of principles for the construction of secure SDN flow rules to deploy a policy compliant configuration on the data-plane. The security issues pointed out in this work motivate the requirement for agile and advanced defense approaches which are able to dynamically react to cyber attacks not addressed by traditional defense mechanisms. The analysis of attack and defense techniques presented in this dissertation are going beyond traditional mechanisms, and additionally consider the impact, in terms of performance, on the provided services and virtualized resources.