10 likes | 142 Views
Towards A Secure Controller Platform for OpenFlow Applications Xitao Wen 1 , Yan Chen 1 , Chengchen Hu 2 , Chao Shi 1 , Yi Wang 3 1 Northwestern University, 2 Xi’an Jiaotong University, 3 Tsinghua University. Motivation.
E N D
Towards A Secure Controller Platform for OpenFlow Applications Xitao Wen1, Yan Chen1, Chengchen Hu2, Chao Shi1, Yi Wang3 1 Northwestern University, 2 Xi’an Jiaotong University, 3 Tsinghua University Motivation The OpenFlow (OF) architecture embraces third-party development efforts, and therefore suffers from potential trust issues on OF applications (apps). In practice, apps possesses great flexibility to define network behavior. The abuse of such trust could lead to various types of attacks impacting the entire network. Threat Model and Potential Attacks • Two threat models • Exploit of existing benign-but-buggy apps • Distribution of malicious apps by attacker • Example attack classes • Direct intrusion from control plane into data plane • Leakage of sensitive configuration from control plane • Manipulation of OpenFlow rules • Attacking and deactivating other apps Defense – A Fine-grained Permission System for OpenFlow Apps • Permission Set Design • Identify critical activities • Build basic permission set • Refine Permission set • Verify security goals and determine limitations • Isolation Goals • Controller maintains a conceptually superior role to apps • Apps cannot access functions and data of the controller as well as other apps • Controller manages apps’ access to OS resources, e.g. network and storage Implementation and Evaluation • We implement a preliminary prototype as an extension to Floodlight OpenFlow controller • Java thread is taken as the isolation container • Latency overhead is around tens of microseconds; while throughput is comparable with original Floodlight Related Work • FlowVisor[1] deals with cross-slice attacks; while we mainly focus on inter-app attacks within a user slice • FortNOX cares about the OF rule conflicts that violate the global security policies; while we expand the focus to all behaviors of apps that violate the app-specific security policies • [1] Sherwood, R., etc., FlowVisor: A Network Virtualization Layer. OpenFlow Switch Consortium ’09 • [2] Porras, P., etc., A Security Enforcement Kernel for OpenFlow Networks. In HotSDN ’12