Gwardar: towards protecting a software-defined network from malicious network operating systems

Arash Shaghaghi, Salil S. Kanhere, Mohamed Ali Kaafar, Sanjay Jha

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

2 Citations (Scopus)

Abstract

A Software-Defined Network (SDN) controller (aka. Network Operating System or NOS) is regarded as the brain of the network and is the single most critical element responsible to manage an SDN. Complimentary to existing solutions that aim to protect a NOS, we propose an intrusion protection system designed to protect an SDN against a controller that has been successfully compromised. Gwardar maintains a virtual replica of the data plane by intercepting the OpenFlow messages exchanged between the control and data plane. By observing the long-term flow of the packets, Gwardar learns the normal set of trajectories in the data plane for distinct packet headers. Upon detecting an unexpected packet trajectory, it starts by verifying the data plane forwarding devices by comparing the actual packet trajectories with the expected ones computed over the virtual replica. If the anomalous trajectories match the NOS instructions, Gwardar inspects the NOS itself. For this, it submits policies matching the normal set of trajectories and verifies whether the controller submits matching flow rules to the data plane and whether the network view provided to the application plane reflects the changes. Our evaluation results prove the practicality of Gwardar with a high detection accuracy in a reasonable time-frame.

Original languageEnglish
Title of host publication2018 IEEE 17th International Symposium on Network Computing and Applications, NCA 2018
Place of PublicationPiscataway, NJ
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Pages1-5
Number of pages5
ISBN (Electronic)9781538676592
ISBN (Print)9781538676608
DOIs
Publication statusPublished - 26 Nov 2018
Event17th IEEE International Symposium on Network Computing and Applications, NCA 2018 - Cambridge, United States
Duration: 1 Nov 20183 Nov 2018

Conference

Conference17th IEEE International Symposium on Network Computing and Applications, NCA 2018
CountryUnited States
CityCambridge
Period1/11/183/11/18

Keywords

  • Controller Security
  • SDN Security
  • Software-Defined Network

Fingerprint

Dive into the research topics of 'Gwardar: towards protecting a software-defined network from malicious network operating systems'. Together they form a unique fingerprint.

Cite this