research-article

Free access

Fleet: defending SDNs from malicious administrators

Authors:

Stephanos Matsumoto,

Samuel Hitz,

Adrian PerrigAuthors Info & Claims

HotSDN '14: Proceedings of the third workshop on Hot topics in software defined networking

Pages 103 - 108

https://doi.org/10.1145/2620728.2620750

Published: 22 August 2014 Publication History

PDF eReader

Abstract

We present the malicious administrator problem, in which one or more network administrators attempt to damage routing, forwarding, or network availability by misconfiguring controllers. While this threat vector has been acknowledged in previous work, most solutions have focused on enforcing specific policies for forwarding rules. We present a definition of this problem and a controller design called Fleet that makes a first step towards addressing this problem. We present two protocols that can be used with the Fleet controller, and argue that its lower layer deployed on top of switches eliminates many problems of using multiple controllers in SDNs. We then present a prototype simulation and show that as long as a majority of non-malicious administrators exists, we can usually recover from link failures within several seconds (a time dominated by failure detection speed and inter-administrator latency).

References

[1]

Ivan Damgård and Maciej Koprowski. Practical threshold RSA signatures without a trusted dealer. Springer, 2001.

Crossref

Google Scholar

[2]

Advait Dixit, Fang Hao, Sarit Mukherjee, TV Lakshman, and Ramana Kompella. Towards an elastic distributed SDN controller. In Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, 2013.

Digital Library

Google Scholar

[3]

Open Networking Foundation. OpenFlow switch specification version 1.4.0, 2013.

Google Scholar

[4]

Ahmed Khurshid, Wenxuan Zhou, Matthew Caesar, and P Brighten Godfrey. VeriFlow: Verifying network-wide invariants in real time. 2012.

Google Scholar

[5]

Diego Kreutz, Fernando Ramos, and Paulo Verissimo. Towards secure and dependable software-defined networks. In Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, 2013.

Digital Library

Google Scholar

[6]

Juniper Networks. What's behind network downtime?, 2008.

Google Scholar

[7]

Philip Porras, Seungwon Shin, Vinod Yegneswaran, Martin Fong, Mabry Tyson, and Guofei Gu. A security enforcement kernel for OpenFlow networks. In Proceedings of the First Workshop on Hot Topics in Software Defined Networks, 2012.

Digital Library

Google Scholar

[8]

Claus-Peter Schnorr. Efficient identification and signatures for smart cards. In Proceedings of Advances in Cryptology (Crypto). Springer, 1989.

Digital Library

Google Scholar

[9]

Adi Shamir. How to share a secret. Communications of the ACM, 22(11), 1979.

Digital Library

Google Scholar

[10]

Seungwon Shin, Vinod Yegneswaran, Phillip Porras, and Guofei Gu. AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & communications security, 2013.

Digital Library

Google Scholar

[11]

Douglas R Stinson and Reto Strobl. Provably secure distributed Schnorr signatures and a (t,n) threshold scheme for implicit certificates. In Information Security and Privacy. Springer, 2001.

Digital Library

Google Scholar

[12]

Amin Tootoonchian and Yashar Ganjali. HyperFlow: a distributed control plane for OpenFlow. In Proceedings of the 2010 Internet Network Management Conference on Research on Enterprise Networking. USENIX Association, 2010

Digital Library

Google Scholar

Cited By

View all

Vaghela GSanghani NBorisaniya B(2024)Review on DDoS Attack in Controller Environment of Software Defined NetworkICST Transactions on Scalable Information Systems10.4108/eetsis.582311Online publication date: 24-Jul-2024
https://doi.org/10.4108/eetsis.5823
Chen MLa Porta TTaylor TAraujo FJaeger TLuo BLiao XXu JKirda ELie D(2024)Manipulating OpenFlow Link Discovery Packet Forwarding for Topology PoisoningProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690345(3704-3718)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690345
Kanwal ANizamuddin MIqbal WAman WAbbas YMussiraliyeva S(2024)Exploring Security Dynamics in SDN Controller Architectures: Threat Landscape and ImplicationsIEEE Access10.1109/ACCESS.2024.339096812(56517-56553)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3390968
Show More Cited By

Index Terms

Fleet: defending SDNs from malicious administrators
1. Networks
  1. Network architectures

Recommendations

WormTerminator: an effective containment of unknown and polymorphic fast spreading worms
ANCS '06: Proceedings of the 2006 ACM/IEEE symposium on Architecture for networking and communications systems

The fast spreading worm is becoming one of the most serious threats to today's networked information systems. A fast spreading worm could infect hundreds of thousands of hosts within a few minutes. In order to stop a fast spreading worm, we need the ...
Centralized fleet management system for cybernetic transportation

In this article, we present a centralized fleet management system (CFMS) for cybernetic vehicles called cybercars. Cybercars are automatically guided vehicles for passenger transport on dedicated networks like amusement parks, shopping centres etc. The ...
Challenges and Opportunities in Taxi Fleet Anomaly Detection
SENSEMINE'13: Proceedings of First International Workshop on Sensing and Big Data Mining

To enhance fleet operation and management, logistics companies instrument their vehicles with GPS receivers and network connectivity to servers. Mobility traces from such large fleets provide significant information on commuter travel patterns, traffic ...

Comments

Information & Contributors

Information

Published In

HotSDN '14: Proceedings of the third workshop on Hot topics in software defined networking

August 2014

252 pages

ISBN:9781450329897

DOI:10.1145/2620728

Program Chairs:
Aditya Akella
University of Wisconsin-Madison, USA
,
Albert Greenberg
Microsoft, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 August 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tag

secure software-defined networks

Qualifiers

Research-article

Funding Sources

Division of Graduate Education

Conference

SIGCOMM'14

Sponsor:

SIGCOMM

SIGCOMM'14: ACM SIGCOMM 2014 Conference

August 22, 2014

Illinois, Chicago, USA

Acceptance Rates

HotSDN '14 Paper Acceptance Rate 50 of 114 submissions, 44%;

Overall Acceptance Rate 88 of 198 submissions, 44%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

52
Total Citations
View Citations
1,834
Total Downloads

Downloads (Last 12 months)91
Downloads (Last 6 weeks)14

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Vaghela GSanghani NBorisaniya B(2024)Review on DDoS Attack in Controller Environment of Software Defined NetworkICST Transactions on Scalable Information Systems10.4108/eetsis.582311Online publication date: 24-Jul-2024
https://doi.org/10.4108/eetsis.5823
Chen MLa Porta TTaylor TAraujo FJaeger TLuo BLiao XXu JKirda ELie D(2024)Manipulating OpenFlow Link Discovery Packet Forwarding for Topology PoisoningProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690345(3704-3718)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690345
Kanwal ANizamuddin MIqbal WAman WAbbas YMussiraliyeva S(2024)Exploring Security Dynamics in SDN Controller Architectures: Threat Landscape and ImplicationsIEEE Access10.1109/ACCESS.2024.339096812(56517-56553)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3390968
Maleh YSahid AAbd El-Latif AOuazzane K(2024)Machine Learning Techniques for Secure Edge SDNSecure Edge and Fog Computing Enabled AI for IoT and Smart Cities10.1007/978-3-031-51097-7_14(175-193)Online publication date: 20-Mar-2024
https://doi.org/10.1007/978-3-031-51097-7_14
Hassan MGregory MLi S(2023)Multi-Domain Federation Utilizing Software Defined Networking—A ReviewIEEE Access10.1109/ACCESS.2023.324268711(19202-19227)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3242687
Chattaraj DBera BDas ARodrigues JPark Y(2022)Designing Fine-Grained Access Control for Software-Defined Networks Using Private BlockchainIEEE Internet of Things Journal10.1109/JIOT.2021.30881159:2(1542-1559)Online publication date: 15-Jan-2022
https://doi.org/10.1109/JIOT.2021.3088115
Maleh YQasmaoui YEl Gholami KSadqi YMounir S(2022)A comprehensive survey on SDN security: threats, mitigations, and future directionsJournal of Reliable Intelligent Environments10.1007/s40860-022-00171-89:2(201-239)Online publication date: 8-Feb-2022
https://doi.org/10.1007/s40860-022-00171-8
Ahmed NBakar KZuhra FKehkashan TMujahid MRathore MDawood MIsyaku B(2022)Security & Privacy in Software Defined Networks, Issues, Challenges and Cost of Developed Solutions: A Systematic Literature ReviewInternational Journal of Wireless Information Networks10.1007/s10776-022-00561-y29:3(314-340)Online publication date: 23-Jun-2022
https://doi.org/10.1007/s10776-022-00561-y
Maleh YFatani IGholami K(2022)A Systematic Review on Software Defined Networks Security: Threats and MitigationsAdvances in Information, Communication and Cybersecurity10.1007/978-3-030-91738-8_54(591-606)Online publication date: 12-Jan-2022
https://doi.org/10.1007/978-3-030-91738-8_54
Kumar RAggarwal AHanda KSoni PKumar M(2022)Software‐Defined Networks and Its ApplicationsSoftware Defined Networks10.1002/9781119857921.ch3(63-96)Online publication date: 11-Aug-2022
https://doi.org/10.1002/9781119857921.ch3
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

WormTerminator: an effective containment of unknown and polymorphic fast spreading worms

Centralized fleet management system for cybernetic transportation

Challenges and Opportunities in Taxi Fleet Anomaly Detection