ATTAIN: An Attack Injection Framework for Software-Defined Networking

Benjamin E. Ujcich; Uttam Thakore; William H. Sanders

doi:10.1109/DSN.2017.59

ATTAIN: An Attack Injection Framework for Software-Defined Networking

Benjamin E. Ujcich, Uttam Thakore, William H. Sanders

Electrical and Computer Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Software-defined networking (SDN) has recently attracted interest as a way to provide cyber resiliency because of its programmable and logically centralized nature. However, the security of the SDN architecture itself against malicious attacks is not well understood and must be ensured in order to provide cyber resiliency to systems that use SDNs. In this paper, we present ATTAIN, an attack injection framework for OpenFlow-based SDN architectures. First, we define an attack model that relates system components to an attacker's capability to influence control plane behavior. Second, we define an attack language for writing control plane attacks that can be used to evaluate SDN implementations. Third, we describe an attack injector architecture that actuates attacks in networks. Finally, we evaluate our framework with an enterprise network case study by writing and running attacks with popular SDN controllers.

Original language	English (US)
Title of host publication	Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	567-578
Number of pages	12
ISBN (Electronic)	9781538605417
DOIs	https://doi.org/10.1109/DSN.2017.59
State	Published - Aug 30 2017
Event	47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017 - Denver, United States Duration: Jun 26 2017 → Jun 29 2017

Publication series

Name	Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017

Other

Other	47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017
Country/Territory	United States
City	Denver
Period	6/26/17 → 6/29/17

Keywords

OpenFlow
SDN
attack injection
attack language
attack model
dependability
fault injection
security
software testing
software-defined networking

ASJC Scopus subject areas

Hardware and Architecture
Computer Networks and Communications
Safety, Risk, Reliability and Quality

Online availability

10.1109/DSN.2017.59

Library availability

Discover UIUC Full Text

Cite this

Ujcich, B. E., Thakore, U., & Sanders, W. H. (2017). ATTAIN: An Attack Injection Framework for Software-Defined Networking. In Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017 (pp. 567-578). Article 8023155 (Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/DSN.2017.59

ATTAIN: An Attack Injection Framework for Software-Defined Networking. / Ujcich, Benjamin E.; Thakore, Uttam; Sanders, William H.
Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017. Institute of Electrical and Electronics Engineers Inc., 2017. p. 567-578 8023155 (Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Ujcich, BE, Thakore, U & Sanders, WH 2017, ATTAIN: An Attack Injection Framework for Software-Defined Networking. in Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017., 8023155, Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017, Institute of Electrical and Electronics Engineers Inc., pp. 567-578, 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017, Denver, United States, 6/26/17. https://doi.org/10.1109/DSN.2017.59

Ujcich BE, Thakore U, Sanders WH. ATTAIN: An Attack Injection Framework for Software-Defined Networking. In Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017. Institute of Electrical and Electronics Engineers Inc. 2017. p. 567-578. 8023155. (Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017). doi: 10.1109/DSN.2017.59

Ujcich, Benjamin E. ; Thakore, Uttam ; Sanders, William H. / ATTAIN : An Attack Injection Framework for Software-Defined Networking. Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 567-578 (Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017).

@inproceedings{7be79efa8c5f4c628460eda0afed0878,

title = "ATTAIN: An Attack Injection Framework for Software-Defined Networking",

abstract = "Software-defined networking (SDN) has recently attracted interest as a way to provide cyber resiliency because of its programmable and logically centralized nature. However, the security of the SDN architecture itself against malicious attacks is not well understood and must be ensured in order to provide cyber resiliency to systems that use SDNs. In this paper, we present ATTAIN, an attack injection framework for OpenFlow-based SDN architectures. First, we define an attack model that relates system components to an attacker's capability to influence control plane behavior. Second, we define an attack language for writing control plane attacks that can be used to evaluate SDN implementations. Third, we describe an attack injector architecture that actuates attacks in networks. Finally, we evaluate our framework with an enterprise network case study by writing and running attacks with popular SDN controllers.",

keywords = "OpenFlow, SDN, attack injection, attack language, attack model, dependability, fault injection, security, software testing, software-defined networking",

author = "Ujcich, {Benjamin E.} and Uttam Thakore and Sanders, {William H.}",

note = "Publisher Copyright: {\textcopyright} 2017 IEEE.; 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017 ; Conference date: 26-06-2017 Through 29-06-2017",

year = "2017",

month = aug,

day = "30",

doi = "10.1109/DSN.2017.59",

language = "English (US)",

series = "Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "567--578",

booktitle = "Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017",

address = "United States",

}

TY - GEN

T1 - ATTAIN

T2 - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017

AU - Ujcich, Benjamin E.

AU - Thakore, Uttam

AU - Sanders, William H.

PY - 2017/8/30

Y1 - 2017/8/30

N2 - Software-defined networking (SDN) has recently attracted interest as a way to provide cyber resiliency because of its programmable and logically centralized nature. However, the security of the SDN architecture itself against malicious attacks is not well understood and must be ensured in order to provide cyber resiliency to systems that use SDNs. In this paper, we present ATTAIN, an attack injection framework for OpenFlow-based SDN architectures. First, we define an attack model that relates system components to an attacker's capability to influence control plane behavior. Second, we define an attack language for writing control plane attacks that can be used to evaluate SDN implementations. Third, we describe an attack injector architecture that actuates attacks in networks. Finally, we evaluate our framework with an enterprise network case study by writing and running attacks with popular SDN controllers.

AB - Software-defined networking (SDN) has recently attracted interest as a way to provide cyber resiliency because of its programmable and logically centralized nature. However, the security of the SDN architecture itself against malicious attacks is not well understood and must be ensured in order to provide cyber resiliency to systems that use SDNs. In this paper, we present ATTAIN, an attack injection framework for OpenFlow-based SDN architectures. First, we define an attack model that relates system components to an attacker's capability to influence control plane behavior. Second, we define an attack language for writing control plane attacks that can be used to evaluate SDN implementations. Third, we describe an attack injector architecture that actuates attacks in networks. Finally, we evaluate our framework with an enterprise network case study by writing and running attacks with popular SDN controllers.

KW - OpenFlow

KW - SDN

KW - attack injection

KW - attack language

KW - attack model

KW - dependability

KW - fault injection

KW - security

KW - software testing

KW - software-defined networking

UR - http://www.scopus.com/inward/record.url?scp=85031703628&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85031703628&partnerID=8YFLogxK

U2 - 10.1109/DSN.2017.59

DO - 10.1109/DSN.2017.59

M3 - Conference contribution

AN - SCOPUS:85031703628

T3 - Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017

SP - 567

EP - 578

BT - Proceedings - 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2017

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 26 June 2017 through 29 June 2017

ER -

ATTAIN: An Attack Injection Framework for Software-Defined Networking

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this