Skip to main content
SpringerLink
Log in

BEADS: Automated Attack Discovery in OpenFlow-Based SDN Systems

  • Conference paper
  • First Online:
Research in Attacks, Intrusions, and Defenses (RAID 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10453))

Abstract

We create BEADS, a framework to automatically generate test scenarios and find attacks in SDN systems. The scenarios capture attacks caused by malicious switches that do not obey the OpenFlow protocol and malicious hosts that do not obey the ARP protocol. We generated and tested almost 19,000 scenarios that consist of sending malformed messages or not properly delivering them, and found 831 unique bugs across four well-known SDN controllers: Ryu, POX, Floodlight, and ONOS. We classify these bugs into 28 categories based on their impact; 10 of these categories are new, not previously reported. We demonstrate how an attacker can leverage several of these bugs by manually creating 4 representative attacks that impact high-level network goals such as availability and network topology.

DISTRIBUTION STATEMENT A. Approved for public release: distribution unlimited. This material is based upon work supported by the Department of Defense under Air Force Contract No. FA8721-05-C-0002 and/or FA8702-15-D-0001. Any opinions, findings, conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Department of Defense.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    http://www.secdev.org/projects/scapy/.

  2. 2.

    http://openvswitch.org/.

  3. 3.

    https://github.com/floodlight/loxigen.

  4. 4.

    Commit 4ebb69446515d9d9a0d5a002243cdca3c411520b from 9/24/2015.

References

  1. Al-Shaer, E., Al-Haj, S.: FlowChecker: Configuration analysis and verification of federated OpenFlow infrastructures. In: Proceedings of ACM SafeConfig, pp. 37–44 (2010)

    Google Scholar 

  2. Al-Shaer, E., Marrero, W., El-Atawy, A., Elbadawi, K.: Network configuration in a box: towards end-to-end verification of network reachability and security. In: Proceedings of ICNP, pp. 123–132 (2009)

    Google Scholar 

  3. Ambrosin, M., Conti, M., De Gaspari, F., Poovendran, R.: LineSwitch: efficiently managing switch flow in software-defined networking while effectively tackling DoS attacks. In: Proceedings of ASIA CCS, pp. 639–644 (2015)

    Google Scholar 

  4. Benton, K., Camp, L.J., Small, C.: OpenFlow vulnerability assessment. In: Proceedings of HotSDN, pp. 151–152 (2013)

    Google Scholar 

  5. Berde, P., Gerola, M., Hart, J., Higuchi, Y., Kobayashi, M., Koide, T., Lantz, B., O’Connor, B., Radoslavov, P., Snow, W., et al.: ONOS: towards an open, distributed SDN OS. In: Proceedings of HotSDN, pp. 1–6 (2014)

    Google Scholar 

  6. Canini, M., Venzano, D., Peresini, P., Kostic, D., Rexford, J.: A NICE way to test OpenFlow applications. In: Proceedings of NSDI (2012)

    Google Scholar 

  7. Dhawan, M., Poddar, R., Mahajan, K., Mann, V.: SPHINX: detecting security attacks in software-defined networks. In: Proceedings of NDSS (2015)

    Google Scholar 

  8. Floodlight Project: Github - floodlight/oftest: Openflow switch test framework (2016). https://github.com/floodlight/oftest

  9. Foster, N., Harrison, R., Freedman, M.J., Monsanto, C., Rexford, J., Story, A., Walker, D.: Frenetic: a network programming language. ACM SIGPLAN Not. 46, 279–291 (2011)

    Article  MATH  Google Scholar 

  10. Hong, S., Xu, L., Wang, H., Gu, G.: Poisoning network visibility in software-defined networks: new attacks and countermeasures. In: Proceedings of NDSS, pp. 8–11 (2015)

    Google Scholar 

  11. Jafarian, J.H., Al-Shaer, E., Duan, Q.: OpenFlow random host mutation: transparent moving target defense using software defined networking. In: Proceedings of HotSDN, pp. 127–132 (2012)

    Google Scholar 

  12. Jero, S., Lee, H., Nita-Rotaru, C.: Leveraging state information for automated attack discovery in transport protocol implementations. In: 45th IEEE/IFIPDSN, pp. 1–12. IEEE Computer Society (2015)

    Google Scholar 

  13. Kampanakis, P., Perros, H., Beyene, T.: SDN-based solutions for moving target defense network protection. In: Proceedings of WoWMoM (2014)

    Google Scholar 

  14. Kang, M.S., Gligor, V.D., Sekar, V.: SPIFFY: inducing cost-detectability tradeoffs for persistent link-flooding attacks. In: Proceedings of NDSS (2016)

    Google Scholar 

  15. Katta, N.P., Rexford, J., Walker, D.: Logic programming for software-defined networks. In: Workshop on Cross-Model Design and Validation (XLDI), vol. 412 (2012)

    Google Scholar 

  16. Kazemian, P., Chang, M., Zeng, H., Varghese, G., McKeown, N., Whyte, S.: Real time network policy checking using header space analysis. In: Proceedings of NSDI, pp. 99–111 (2013)

    Google Scholar 

  17. Kazemian, P., Varghese, G., McKeown, N.: Header space analysis: static checking for networks. In: Proceedings of NSDI, pp. 113–126 (2012)

    Google Scholar 

  18. Khurshid, A., Zhou, W., Caesar, M., Godfrey, P.B.: Veriflow: verifying network-wide invariants in real time. In: Proceedings of NSDI (2013)

    Google Scholar 

  19. Kotani, D., Okabe, Y.: A packet-in message filtering mechanism for protection of control plane in OpenFlow networks. In: Proceedings of ANCS, pp. 29–40 (2014)

    Google Scholar 

  20. Kuzniar, M., Canini, M., Kostic, D.: OFTEN testing OpenFlow networks. In: European Workshop on Software Defined Networking (EWSDN), pp. 54–60 (2012)

    Google Scholar 

  21. Lantz, B., Heller, B., McKeown, N.: A network in a laptop: rapid prototyping for software-defined networks. In: Proceedings of HotNets (2010)

    Google Scholar 

  22. Leavitt, N.: Internet security under attack: the undermining of digital certificates. Computer 44(12), 17–20 (2011)

    Article  Google Scholar 

  23. Lee, H., Seibert, J., Hoque, E., Killian, C., Nita-Rotaru, C.: Turret: a platform for finding attacks in unmodified implementations of intrusion tolerant systems. In: IEEE ICDCS (2014)

    Google Scholar 

  24. Lee, S., Yoon, C., Lee, C., Shin, S., Yegneswaran, V., Porras, P.: DELTA: a security assessment framework for software-defined networks. In: Network and Distributed System Security Symposium. Internet Society (2017)

    Google Scholar 

  25. Lim, S., Ha, J.I., Kim, H., Kim, Y., Yang, S.: A SDN-oriented DDoS blocking scheme for botnet-based attacks. In: Proceedings of ICUFN, pp. 63–68 (2014)

    Google Scholar 

  26. Marlinspike, M.: New tricks for defeating SSL in practice. BlackHat DC, February 2009

    Google Scholar 

  27. McCauley, M.: About POX (2013). http://www.noxrepo.org/pox/about-pox/

  28. Mekky, H., Hao, F., Mukherjee, S., Zhang, Z.L., Lakshman, T.: Application-aware data plane processing in SDN. In: Proceedings of HotSDN, pp. 13–18 (2014)

    Google Scholar 

  29. Natarajan, S.: Github - snrism/florence-dev: Sdn security test framework (2016). https://github.com/snrism/florence-dev

  30. Nelson, T., Ferguson, A.D., Scheer, M.J., Krishnamurthi, S.: Tierless programming and reasoning for software-defined networks. In: Proceedings of NSDI, pp. 519–531 (2014)

    Google Scholar 

  31. Open Networking Foundation: OpenFlow switch specification (1.0) (2009)

    Google Scholar 

  32. Open Networking Foundation: Conformance test specification for OpenFlow switch specification 1.0.1 (2013). https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/openflow-test/conformance-test-spec-openflow-1.0.1.pdf

  33. Open Networking Foundation: OpenFlow switch specification (1.5.0) (2014)

    Google Scholar 

  34. Open Networking Foundation: Conformance test specification for OpenFlow switch specification 1.3.4 - basic single table conformance test profile (2015). https://www.opennetworking.org/images/stories/downloads/working-groups/OpenFlow1.3.4TestSpecification-Basic.pdf

  35. Pickett, G.: Abusing software defined networks. In: Defcon (2014)

    Google Scholar 

  36. Pickett, G.: Staying persistent in software defined networks. In: BlackHat (2015)

    Google Scholar 

  37. Plummer, D.: Ethernet address resolution protocol: Or converting network protocol addresses to 48.bit ethernet address for transmission on ethernet hardware. RFC 826 (1982)

    Google Scholar 

  38. Porras, P., Cheung, S., Fong, M., Skinner, K., Yegneswaran, V.: Securing the software-defined network control layer. In: Proceedings of NDSS (2015)

    Google Scholar 

  39. Project Floodlight: Floodlight OpenFlow Controller (2016)

    Google Scholar 

  40. Reitblatt, M., Foster, N., Rexford, J., Schlesinger, C., Walker, D.: Abstractions for network update. In: Proceedings of ACM SIGCOMM, pp. 323–334 (2012)

    Google Scholar 

  41. Scott, C., Wundsam, A., Raghavan, B., Panda, A., Or, A., Lai, J., Huang, E., Liu, Z., El-Hassany, A., Whitlock, S., Acharya, H., Zarifis, K., Shenker, S.: Troubleshooting blackbox SDN control software with minimal causal sequences. In: Proceedings of SIGCOMM, pp. 395–406. ACM (2014)

    Google Scholar 

  42. Shin, S., Gu, G.: Attacking software-defined networks: a first feasibility study. In: Proceedings of HotSDN, pp. 165–166 (2013)

    Google Scholar 

  43. Shin, S., Porras, P., Yegneswaran, V., Gu, G.: A framework for integrating security services into software-defined networks. In: Proceedings of Open Networking Summit (2013)

    Google Scholar 

  44. Shin, S., Yegneswaran, V., Porras, P., Gu, G.: Avant-guard: scalable and vigilant switch flow management in software-defined networks. In: Proceedings of CCS, pp. 413–424 (2013)

    Google Scholar 

  45. The Ryu Project: Ryu SDN framework using OpenFlow 1.3. Website (2014). https://osrg.github.io/ryu/

Download references

Acknowledgements

We thank William Streilein and James Landry for their support of this work as well as our shepherd, Guofei Gu, and anonymous reviewers for their helpful comments on this paper. This material is based in part upon work supported by the National Science Foundation under Grant Numbers CNS-1654137 and CNS-1319924. This work is sponsored by the Department of Defense under Air Force Contract #FA8721-05-C-0002. Opinions, interpretations, conclusions and recommendations are those of the author and are not necessarily endorsed by the United States Government.

Author information

Authors and Affiliations

  1. Purdue University, West Lafayette, IN, USA

    Samuel Jero, Xiangyu Bu & Sonia Fahmy

  2. Northeastern University, Boston, MA, USA

    Cristina Nita-Rotaru

  3. MIT Lincoln Laboratory, Lexington, MA, USA

    Hamed Okhravi & Richard Skowyra

Authors
  1. Samuel Jero
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiangyu Bu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Cristina Nita-Rotaru
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hamed Okhravi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Richard Skowyra
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Sonia Fahmy
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Samuel Jero .

Editor information

Editors and Affiliations

  1. Qatar Computing Research Institute, Doha, Qatar

    Marc Dacier

  2. University of Illinois at Urbana Champaign, Champaign, Illinois, USA

    Michael Bailey

  3. Stony Brook University, Stony Brook, New York, USA

    Michalis Polychronakis

  4. Georgia Institute of Technology, Georgia, USA

    Manos Antonakakis

1 Electronic supplementary material

Below is the link to the electronic supplementary material.

Supplementary material 1 (txt 1 KB)

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Jero, S., Bu, X., Nita-Rotaru, C., Okhravi, H., Skowyra, R., Fahmy, S. (2017). BEADS: Automated Attack Discovery in OpenFlow-Based SDN Systems. In: Dacier, M., Bailey, M., Polychronakis, M., Antonakakis, M. (eds) Research in Attacks, Intrusions, and Defenses. RAID 2017. Lecture Notes in Computer Science(), vol 10453. Springer, Cham. https://doi.org/10.1007/978-3-319-66332-6_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-66332-6_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-66331-9

  • Online ISBN: 978-3-319-66332-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation