Files in this item



application/pdfUJCICH-THESIS-2016.pdf (2MB)
(no description provided)PDF


Title:An attack model, language, and injector for the control plane of software-defined networks
Author(s):Ujcich, Benjamin E.
Advisor(s):Sanders, William H.
Department / Program:Electrical & Computer Eng
Discipline:Electrical & Computer Engr
Degree Granting Institution:University of Illinois at Urbana-Champaign
Subject(s):software-defined networking (SDN)
control plane
attack model
attack language
attack injection
fault injection
fault tolerance
software testing
software validation
Abstract:Software-defined networking (SDN) is an emerging paradigm that differs from traditional approaches to computer networking by decoupling how traffic forwarding should be performed from the traffic itself, logically centralizing the related decisions through one or more controllers, and providing a standardized control protocol among network forwarding devices (e.g., switches) and controller(s). Much of the recent research in the networking community has focused on what is now possible because of the flexibility of SDN architectures, but what is less understood is 1) the resilience of SDN to intentional, malicious attacks against system components and 2) how the control protocol affects and is affected by these attacks. Significant challenges include systematically establishing what attacks are possible in the control protocol and understanding the ramifications of attacks on controllers, switches, network applications, and overall network behavior. This thesis introduces a model, a language, and an injector for describing and injecting attacks into the control plane of the OpenFlow-based SDN architecture. First, we define an attack model that models the components in the SDN network and the assumptions about an attacker's capabilities against control plane messages. Second, we define an attack language that allows for attacks to be described based on the semantics of the OpenFlow protocol. Third, we describe an attack injection architecture that uses the aforementioned attack model and language to actuate attacks that demonstrate vulnerabilities in the design, implementation, and configuration of an SDN-based architecture. Finally, we motivate our design with an enterprise network use case and demonstrate the efficacy of our injector by injecting attacks and understanding the attacks' results.
Issue Date:2016-07-18
Rights Information:Copyright 2016 Benjamin E. Ujcich.
Date Available in IDEALS:2016-11-10
Date Deposited:2016-08

This item appears in the following Collection(s)

Item Statistics