research-article

SHIELD: An Automated Framework for Static Analysis of SDN Applications

Authors:

Seungwon ShinAuthors Info & Claims

SDN-NFV Security '16: Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization

Pages 29 - 34

https://doi.org/10.1145/2876019.2876026

Published: 11 March 2016 Publication History

Abstract

Software-Defined Network (SDN) is getting popular and increasingly deployed in both of academia and industry. As a result of which, its security issue is being magnified as a critical controversy, and some pioneering researchers have investigated the vulnerabilities of SDN to discover the feasibility of compromising SDN networks. Especially, they prove that a simple malicious/buggy SDN application running on an SDN controller can kill an SDN control plane because it usually has a right to access the resources of SDN controller. To address this issue, we focus on the malicious SDN application themselves (i.e., how to understand if an SDN application is malicious). In this context, we consider analyzing SDN applications before running in a static manner. We present SHIELD, a new automated framework for static analysis of SDN applications carefully considering SDN abilities. SHIELD provides the Control-Flow Graph (CFG) and critical flows of SDN applications. We evaluate the effectiveness of SHIELD with 33 real world applications (both benign and malicious applications), and from the results, we define 10 malicious behaviors of SDN applications.

References

[1]

D. Arp, M. Spreitzenbarth, M. H bner, H. Gascon, K. Rieck, and C. Siemens. Drebin: Effective and explainable detection of android malware in your pocket. In NDSS, 2014.

[2]

J. Ellson, E. Gansner, L. Koutsoffos, S. C. North, and G. Woodhull. Graphviz-open source graph drawing tools. In Graph Drawing, pages 483--484, 2002.

[3]

FloodLight. http:// oodlight.open owhub.org/.

[4]

O. N. Foundation. Open ow switch specification 1.5.0. https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/open ow/ open ow-switch-v1.5.0.noipr.pdf.

[5]

E. Gansner, E. Koutsoffos, and S. North. Drawing graphs with dot. Technical report, AT&T Research. http://www.graphviz.org/Documentation/dotguide.pdf, 2006.

[6]

C.-Y. Hong, S. Kandula, R. Mahajan, M. Zhang, V. Gill, M. Nanduri, and R. Wattenhofer. Achieving high utilization with software-driven wan. In ACM SIGCOMM Computer Communication Review, volume 43, pages 15--26, 2013.

Digital Library

[7]

S. Hong, L. Xu, H. Wang, and G. Gu. Poisoning network visibility in software-defined networks: New attacks and countermeasures. In NDSS, 2015.

[8]

S. Jain, A. Kumar, S. Mandal, J. Ong, L. Poutievski, A. Singh, S. Venkata, J. Wanderer, J. Zhou, M. Zhu, et al. B4: Experience with a globally-deployed software defined wan. In ACM SIGCOMM Computer Communication Review, volume 43, pages 3--14, 2013.

Digital Library

[9]

C. Kolbitsch, P. M. Comparetti, C. Kruegel, E. Kirda, X.-y. Zhou, and X. Wang. Effective and efficient malware detection at the end host. In USENIX security symposium, pages 351--366, 2009.

Digital Library

[10]

P. Lam, E. Bodden, O. Lhotak, and L. Hendren. The soot framework for java program analysis: a retrospective. In Cetus Users and Compiler Infrastructure Workshop (CETUS 2011), 2011.

[11]

J. Medved, R. Varga, A. Tkacik, and K. Gray. Opendaylight: Towards a model-driven sdn controller architecture. In 2014 IEEE 15th International Symposium on, pages 1--6. IEEE, 2014.

[12]

P. Porras, S. Cheung, M. Fong, K. Skinner, and V. Yegneswaran. Securing the software-defined network control layer. In NDSS, 2015.

[13]

SDNSecurity.org. http://SDNSecurity.org/.

[14]

S. Shin and G. Gu. Attacking software-defined networks: A first feasibility study. In Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, pages 165--166, 2013.

Digital Library

[15]

S. Shin, Y. Song, T. Lee, S. Lee, J. Chung, P. Porras, V. Yegneswaran, J. Noh, and B. B. Kang. Rosemary: A robust, secure, and high-performance network operating system. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pages 78--89, 2014.

Digital Library

[16]

Y. Zhou, Z. Wang, W. Zhou, and X. Jiang. Hey, you, get off my market: Detecting malicious apps in official and alternative android markets. In NDSS, 2012.

Cited By

Mellal IWakrime ABoukir K(2024)Advances in the Security of SDNs: Exploration of Recent ML-Based ApproachesSmart Applications and Data Analysis10.1007/978-3-031-77043-2_17(215-228)Online publication date: 24-Dec-2024
https://doi.org/10.1007/978-3-031-77043-2_17
Deng SQing XLi XGao XGao X(2023)SDN Application Backdoor: Disrupting the Service via Poisoning the TopologyIEEE INFOCOM 2023 - IEEE Conference on Computer Communications10.1109/INFOCOM53939.2023.10229058(1-10)Online publication date: 17-May-2023
https://doi.org/10.1109/INFOCOM53939.2023.10229058
Jain LU V(2023)Swguard: Mitigating Flow Rule Modification Attack in P4 Switches2023 14th International Conference on Computing Communication and Networking Technologies (ICCCNT)10.1109/ICCCNT56998.2023.10307738(1-7)Online publication date: 6-Jul-2023
https://doi.org/10.1109/ICCCNT56998.2023.10307738
Show More Cited By

Index Terms

SHIELD: An Automated Framework for Static Analysis of SDN Applications
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
    1. Malware and its mitigation

Recommendations

DDoS-shield: DDoS-resilient scheduling to counter application layer attacks

Countering distributed denial of service (DDoS) attacks is becoming ever more challenging with the vast resources and techniques increasingly available to attackers. In this paper, we consider sophisticated attacks that are protocol-compliant, non-...
Static analysis for detecting taint-style vulnerabilities in web applications

The number and the importance of web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consuming, ...
SAFERPHP: finding semantic vulnerabilities in PHP applications
PLAS '11: Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security

Web applications are vulnerable to semantic attacks such as denial of service due to infinite loops caused by malicious inputs and unauthorized database operations due to missing security checks. Unlike "conventional" threats such as SQL injection and ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SDN-NFV Security '16: Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization

March 2016

64 pages

ISBN:9781450340786

DOI:10.1145/2876019

General Chairs:
Gail-Joon Ahn
Arizona State University, USA
,
Guofei Gu
Texas A&M University, USA
,
Program Chairs:
Hongxin Hu
Clemson University, USA
,
Seungwon Shin
KAIST, Korea

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 March 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

IITP / MSIP Republic of Korea

Conference

CODASPY'16

Sponsor:

SIGSAC

CODASPY'16: Sixth ACM Conference on Data and Application Security and Privacy

March 11, 2016

Louisiana, New Orleans, USA

Acceptance Rates

SDN-NFV Security '16 Paper Acceptance Rate 7 of 20 submissions, 35%;

Overall Acceptance Rate 11 of 30 submissions, 37%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

17
Total Citations
View Citations
433
Total Downloads

Downloads (Last 12 months)20
Downloads (Last 6 weeks)2

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Mellal IWakrime ABoukir K(2024)Advances in the Security of SDNs: Exploration of Recent ML-Based ApproachesSmart Applications and Data Analysis10.1007/978-3-031-77043-2_17(215-228)Online publication date: 24-Dec-2024
https://doi.org/10.1007/978-3-031-77043-2_17
Deng SQing XLi XGao XGao X(2023)SDN Application Backdoor: Disrupting the Service via Poisoning the TopologyIEEE INFOCOM 2023 - IEEE Conference on Computer Communications10.1109/INFOCOM53939.2023.10229058(1-10)Online publication date: 17-May-2023
https://doi.org/10.1109/INFOCOM53939.2023.10229058
Jain LU V(2023)Swguard: Mitigating Flow Rule Modification Attack in P4 Switches2023 14th International Conference on Computing Communication and Networking Technologies (ICCCNT)10.1109/ICCCNT56998.2023.10307738(1-7)Online publication date: 6-Jul-2023
https://doi.org/10.1109/ICCCNT56998.2023.10307738
Yao JLin SWang JLi DYang QWang CWang X(2022)Model Checking of Software-Defined Networking for Multiple Applications2022 IEEE Smartworld, Ubiquitous Intelligence & Computing, Scalable Computing & Communications, Digital Twin, Privacy Computing, Metaverse, Autonomous & Trusted Vehicles (SmartWorld/UIC/ScalCom/DigitalTwin/PriComp/Meta)10.1109/SmartWorld-UIC-ATC-ScalCom-DigitalTwin-PriComp-Metaverse56740.2022.00360(1099-1104)Online publication date: Dec-2022
https://doi.org/10.1109/SmartWorld-UIC-ATC-ScalCom-DigitalTwin-PriComp-Metaverse56740.2022.00360
Yao JLin SXu CJing MLi DWang MCao X(2022)Review of Detection and Avoidance of Interference Among Multiple Applications in Software-Defined NetworksArtificial Intelligence and Security10.1007/978-3-031-06788-4_38(448-459)Online publication date: 15-Jul-2022
https://dl.acm.org/doi/10.1007/978-3-031-06788-4_38
Jimenez MFernandez DRivadeneira JBellido LCardenas A(2021)A Survey of the Main Security Issues and Solutions for the SDN ArchitectureIEEE Access10.1109/ACCESS.2021.31095649(122016-122038)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3109564
Xiao FZhang JHuang JGu GWu DLiu P(2020)Unexpected Data Dependency Creation and Chaining: A New Attack to SDN2020 IEEE Symposium on Security and Privacy (SP)10.1109/SP40000.2020.00017(1512-1526)Online publication date: May-2020
https://doi.org/10.1109/SP40000.2020.00017
Toshniwal BJoshi KShrivastava PKataoka K(2019)BEAM: BEhavior-Based Access Control Mechanism for SDN Applications2019 28th International Conference on Computer Communication and Networks (ICCCN)10.1109/ICCCN.2019.8846954(1-2)Online publication date: Jul-2019
https://doi.org/10.1109/ICCCN.2019.8846954
Yaping CYuzhou YJianxi Y(2019)Deep Learning Based Detection Method for SDN Malicious ApplicationsCommunications, Signal Processing, and Systems10.1007/978-981-13-6508-9_13(96-104)Online publication date: 14-Jun-2019
https://doi.org/10.1007/978-981-13-6508-9_13
Ujcich BJero SEdmundson AWang QSkowyra RLandry JBates ASanders WNita-Rotaru COkhravi HLie DMannan MBackes MWang X(2018)Cross-App Poisoning in Software-Defined NetworkingProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3243759(648-663)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3243734.3243759
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents