04.09.16 - 09.09.16, Seminar 16361

Network Attack Detection and Defense - Security Challenges and Opportunities of Software-Defined Networking

Diese Seminarbeschreibung wurde vor dem Seminar auf unseren Webseiten veröffentlicht und bei der Einladung zum Seminar verwendet.

Motivation

Software-defined networking (SDN) provides a way for virtualizing the network infrastructure to make it simpler to configure and manage. It separates the control and data plane in routers and switches with the aim to control network flows from a centralized control application, running either on a server or on a virtual machine. This allows admins to specify rules for an optimal handling and routing of network traffic, data packets, and frames according to given user requirements from diverse applications. SDN has attracted a great attention both in industry and academia since the beginning of the decade. This attention remains undiminished. Especially in industry, there are great expectations regarding the promises of SDN.

While the requirement for security has been acknowledged early on, work on actual solutions is only recently gaining full attention. Opinions differ widely. Some believe that the security problems introduced by SDN are manageable – that SDN can even bring security benefits; others think that Pandora's Box has been opened with SDN and SDN-enabled networks can never be secured properly.

No doubt, there are a number of serious security problems as the following examples show. SDN controllers represent single points of failures. They might be subject to distributed denial of service attacks. Compromising the central control could give an attacker command of the entire network. SDN controllers are configured by network operators. Configuration errors may unpredictably influence the physical network. Furthermore, the idea of introducing ‘network applications’ that interact with the controller to modify network behavior seems like a complexity nightmare in terms of required authentication and authorization schemes. Also ensuring fairness in allocation of network resources in the face of egoistic participants can be considered a security issue. Along the same line, members of the security community worry about the possibility to intentionally design SDN applications that could eventually be turned into attack weapons or simply be misused by malicious attackers.

On the other hand, SDN is also considered by many researchers as an effective means to improve the security of networks. SDN controllers can be used, for instance, to store rules about the permission of certain requests which cannot be decided at the level of a single switch or router because this requires full overview over network status or additional information and interactions which are not contained in the current protocol versions. This allows preventing attacks like ARP spoofing, MAC flooding, rogue DHCP server, and spanning tree attacks.

These two contrary facets of SDN security will be the key ingredients for an extremely lively and successful seminar.

The objectives of the proposed seminar are threefold:

Objective 1

We want to foster a discussion on the specific security challenges of software-defined networking. Based on possible attacker models, we will consider various threats, such as malware propagation, denial of service attacks, targeted attacks, to discuss their impact in the context of SDN. Moreover, we will discuss how the traditional security zones protected by firewalls and specific security policies change in the context of SDN networks and virtualization.

Objective 2

Based on the outcome of objective 1, we want to discuss appropriate measures for securing SDN infrastructures, in particular, the requirements to firewall technology, intrusion detection, malware detection, and network monitoring. We will also discuss the question how a security architecture for SDN networks should look like.

Objective 3

In a next step, we want to discuss how SDN can be used to improve the security of networks. In particular we intend to focus on novel methods and approaches which benefit from a centralized view on the network to detect and prevent attacks. We also would like to find answers on the question how an SDN-based network monitoring infrastructure should look like.

The seminar will foster the exchange of ideas between academic researchers and industry practitioners. Therefore, we plan a special industry day on Thursday, September 8th, 2016.

Areas of interest include, but are not limited to the following:

  • Security risks of software defined networking
  • Attack scenarios and attacker models
  • Definition of security policies in the context of SDN
  • Requirements to firewalls for securing SDN-enabled networks
  • Security architectures for SDN
  • Design of attack resilient SDN-based networks
  • Use of SDN for attack detection and prevention