Abstract
Software-defined networking (SDN) continues to grow in popularity because of its programmable and extensible control plane realized through network applications (apps). However, apps introduce significant security challenges that can systemically disrupt network operations, since apps must access or modify data in a shared control plane state. If our understanding of how such data propagate within the control plane is inadequate, apps can co-opt other apps, causing them to poison the control plane’s integrity. We present a class of SDN control plane integrity attacks that we call cross-app poisoning (CAP), in which an unprivileged app manipulates the shared control plane state to trick a privileged app into taking actions on its behalf. We demonstrate how role-based access control (RBAC) schemes are insufficient for preventing such attacks because they neither track information flow nor enforce information flow control (IFC). We also present a defense, ProvSDN, that uses data provenance to track information flow and serves as an online reference monitor to prevent CAP attacks. We implement ProvSDN on the ONOS SDN controller and demonstrate that information flow can be tracked with low-latency overheads.
| Original language | English (US) |
|---|---|
| Title of host publication | CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security |
| Publisher | Association for Computing Machinery |
| Pages | 648-663 |
| Number of pages | 16 |
| ISBN (Electronic) | 9781450356930 |
| DOIs | |
| State | Published - Oct 15 2018 |
| Event | 25th ACM Conference on Computer and Communications Security, CCS 2018 - Toronto, Canada Duration: Oct 15 2018 → … |
Publication series
| Name | Proceedings of the ACM Conference on Computer and Communications Security |
|---|---|
| ISSN (Print) | 1543-7221 |
Other
| Other | 25th ACM Conference on Computer and Communications Security, CCS 2018 |
|---|---|
| Country | Canada |
| City | Toronto |
| Period | 10/15/18 → … |
Fingerprint
Keywords
- Data provenance
- Information flow control
- Network operating system
- Software-defined networking
ASJC Scopus subject areas
- Software
- Computer Networks and Communications
Cite this
Cross-app poisoning in software-defined networking. / Ujcich, Benjamin E.; Jero, Samuel; Edmundson, Anne; Wang, Qi; Skowyra, Richard; Landry, James; Bates, Adam; Sanders, William H.; Nita-Rotaru, Cristina; Okhravi, Hamed.
CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2018. p. 648-663 (Proceedings of the ACM Conference on Computer and Communications Security).Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
}
TY - GEN
T1 - Cross-app poisoning in software-defined networking
AU - Ujcich, Benjamin E.
AU - Jero, Samuel
AU - Edmundson, Anne
AU - Wang, Qi
AU - Skowyra, Richard
AU - Landry, James
AU - Bates, Adam
AU - Sanders, William H.
AU - Nita-Rotaru, Cristina
AU - Okhravi, Hamed
PY - 2018/10/15
Y1 - 2018/10/15
N2 - Software-defined networking (SDN) continues to grow in popularity because of its programmable and extensible control plane realized through network applications (apps). However, apps introduce significant security challenges that can systemically disrupt network operations, since apps must access or modify data in a shared control plane state. If our understanding of how such data propagate within the control plane is inadequate, apps can co-opt other apps, causing them to poison the control plane’s integrity. We present a class of SDN control plane integrity attacks that we call cross-app poisoning (CAP), in which an unprivileged app manipulates the shared control plane state to trick a privileged app into taking actions on its behalf. We demonstrate how role-based access control (RBAC) schemes are insufficient for preventing such attacks because they neither track information flow nor enforce information flow control (IFC). We also present a defense, ProvSDN, that uses data provenance to track information flow and serves as an online reference monitor to prevent CAP attacks. We implement ProvSDN on the ONOS SDN controller and demonstrate that information flow can be tracked with low-latency overheads.
AB - Software-defined networking (SDN) continues to grow in popularity because of its programmable and extensible control plane realized through network applications (apps). However, apps introduce significant security challenges that can systemically disrupt network operations, since apps must access or modify data in a shared control plane state. If our understanding of how such data propagate within the control plane is inadequate, apps can co-opt other apps, causing them to poison the control plane’s integrity. We present a class of SDN control plane integrity attacks that we call cross-app poisoning (CAP), in which an unprivileged app manipulates the shared control plane state to trick a privileged app into taking actions on its behalf. We demonstrate how role-based access control (RBAC) schemes are insufficient for preventing such attacks because they neither track information flow nor enforce information flow control (IFC). We also present a defense, ProvSDN, that uses data provenance to track information flow and serves as an online reference monitor to prevent CAP attacks. We implement ProvSDN on the ONOS SDN controller and demonstrate that information flow can be tracked with low-latency overheads.
KW - Data provenance
KW - Information flow control
KW - Network operating system
KW - Software-defined networking
UR - http://www.scopus.com/inward/record.url?scp=85056857465&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85056857465&partnerID=8YFLogxK
U2 - 10.1145/3243734.3243759
DO - 10.1145/3243734.3243759
M3 - Conference contribution
AN - SCOPUS:85056857465
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 648
EP - 663
BT - CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
PB - Association for Computing Machinery
ER -