SDN Security Design Challenges

Similar documents
Towards Secure Multi-tenant Virtualized Networks

SDN. What's Software Defined Networking? Angelo Capossele

OperationCheckpoint: SDN Application Control

Software Defined Networking Architecture

Virtualizing the Network Forwarding Plane

How To Design A Secure, Robust, And Resilient Network Control System (Network) Controller

Traffic-based Malicious Switch Detection in SDN

CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks

Scalability of Control Planes for Software Defined Networks:Modeling and Evaluation

Enabling Software Defined Networking using OpenFlow

Network Management through Graphs in Software Defined Networks

Can Software Defined Networks (SDN) manage the dependability of the service provided to selected customers?

Network Virtualization in the Data Center

Software-Defined Networks: on the road to the softwarization of networking

Providing Elasticity to Intrusion Detection Systems in Virtualized Software Defined Networks

Software Defined Networks (SDN): Leveraging network state for rendezvous services

A collaborative model for routing in multi-domains OpenFlow networks

A Study on Software Defined Networking

Review On Architecture & Security Issues of SDN

Towards Secure and Dependable Software-Defined Networks

Distributed Software-Defined Networking: The ACM PODC 2014 Workshop DSDN

OpenFlow Vulnerability Assessment

HyperFlow: A Distributed Control Plane for OpenFlow

Security improvement in IoT based on Software Defined Networking (SDN)

SDN Rootkits: Subverting Network Operating Systems of Software-Defined Networks

OpenFlow and Onix. OpenFlow: Enabling Innovation in Campus Networks. The Problem. We also want. How to run experiments in campus networks?

SDN AND SECURITY: Why Take Over the Hosts When You Can Take Over the Network

Software Defined Networking

An Introduction to Software-Defined Networking (SDN) Zhang Fu

Pushing Enterprise Security Down the Network Stack

Mitigating DDoS Attacks using OpenFlow-based Software Defined Networking

Formal Specification and Programming for SDN

Towards an Elastic Distributed SDN Controller

Implementation of Address Learning/Packet Forwarding, Firewall and Load Balancing in Floodlight Controller for SDN Network Management

DDoS Attack Protection in the Era of Cloud Computing and Software-Defined Networking

Future of DDoS Attacks Mitigation in Software Defined Networks

Improving Network Management with Software Defined Networking

How OpenFlow-based SDN can increase network security

Trusting SDN. Brett Sovereign Trusted Systems Research National Security Agency 28 October, 2015

Control-Plane Slicing Methods in Multi-Tenant Software Defined Networks

Scalable Network Virtualization in Software-Defined Networks

A Collaborative Network Security Management System in Metropolitan Area Network

libnetvirt: the network virtualization library

Software Defined Networking for Security Enhancement in Wireless Mobile Networks

On Bringing Software Engineering to Computer Networks with Software Defined Networking

ASIC: An Architecture for Scalable Intra-domain Control in OpenFlow

Software Defined Networks

Software Defined Networks

Enabling Practical SDN Security Applications with OFX (The OpenFlow extension Framework)

HybNET: Network Manager for a Hybrid Network Infrastructure

SDN Interfaces and Performance Analysis of SDN components

EventBus Module for Distributed OpenFlow Controllers

HERCULES: Integrated Control Framework for Datacenter Traffic Management

Fabric: A Retrospective on Evolving SDN

Survey: Software Defined Networks with Emphasis on Network Monitoring

Kandoo: A Framework for Efficient and Scalable Offloading of Control Applications

Orion: A Hybrid Hierarchical Control Plane of Software-Defined Networking for Large-Scale Networks

A Presentation at DGI 2014 Government Cloud Computing and Data Center Conference & Expo, Washington, DC. September 18, 2014.

Software Defined Networking - a new approach to network design and operation. Paul Horrocks Pre-Sales Strategist 8 th November 2012

Michael Jarschel, Thomas Zinner, Tobias Hoßfeld, Phuoc Tran Gia University of Würzburg, Institute of Computer Science, Würzburg, Germany.

Security Challenges & Opportunities in Software Defined Networks (SDN)

Lecture 02b Cloud Computing II

SDN/Virtualization and Cloud Computing

Simplify IT. With Cisco Application Centric Infrastructure. Barry Huang Nov 13, 2014

A Security Enforcement Kernel for OpenFlow Networks

Enabling Fast Failure Recovery in OpenFlow Networks

SDN security. Nokia Research perspective. Peter Schneider Version Nokia Solutions and Networks 2015 Public

Virtual Application Networks Innovations Advance Software-defined Network Leadership

SDN Security Considerations in the Data Center. ONF Solution Brief October 8, 2013

Testing Network Virtualization For Data Center and Cloud VERYX TECHNOLOGIES

LPM: Layered Policy Management for Software-Defined Networks

Software Defined Networking Basics

Using SDN-OpenFlow for High-level Services

East-West Bridge for SDN Network Peering

The Evolution of SDN and OpenFlow: A Standards Perspective

Data Center Network Virtualisation Standards. Matthew Bocci, Director of Technology & Standards, IP Division IETF NVO3 Co-chair

Extensible and Scalable Network Monitoring Using OpenSAFE

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Open Source Network: Software-Defined Networking (SDN) and OpenFlow

Applying Software-defined Networks to Cloud Computing

Software-Defined Energy Communication Networks: From Substation Automation to Future Smart Grids

Simplify IT. With Cisco Application Centric Infrastructure. Roberto Barrera VERSION May, 2015

The Future of Networking, and the Past of Protocols

Cloud Infrastructure Services for Service Providers VERYX TECHNOLOGIES

Software Defined Networking: Advanced Software Engineering to Computer Networks

Improving Network Management with Software Defined Networking

AuthFlow: Authentication and Access Control Mechanism for Software Defined Networking

Mock RFI for Enterprise SDN Solutions

CLOUD NETWORKING THE NEXT CHAPTER FLORIN BALUS

Project 3 and Software-Defined Networking (SDN)

Transcription:

Nicolae Paladi SDN Security Design Challenges SICS Swedish ICT! Lund University In Multi-Tenant Virtualized Networks

Multi-tenancy Multiple tenants share a common physical infrastructure.

Multi-tenancy A tenant corresponds to a customer using a particular virtual network. Organization A

Multi-tenancy Tenants may belong to different administrative domains. Organization A Organization B

Multi-tenancy Tenants expect network isolation of their domain. Domain B Domain A

Multi-tenancy Physical resource sharing is fully abstracted, with tenants unaware of other neighbours. Tenant A Tenant B Tenant C

Multi-tenancy Tenants may create multiple distinct virtual network instances and topologies.

Network Slicing A. Bandwidth B. Topology C. Traffic D. Device CPU E. Forwarding tables (aka forwarding information base)

Software Defined Networking A network architecture which decouples the network forwarding functionality from the control and management logic!

SDN System Model Management applications are used by network administrators to express their network configuration goals using a set of high-level comments. May include components such as firewalls, intrusion detection systems, traffic shapers, etc. Control plane is a logically distributed abstraction layer that transforms high-level network operator goals into discrete routing policies based on a global network view. Southbound API is a vendor-agnostic set of instructions implemented by the routing equipment on the data plane. The data plane contains both hardware and software rout- ing equipment. This component implements the routing policies that satisfy the goals of the network administrator. Management Applications Network Hypervisor Global network view Network Operating System (e.g. NOX, Rosemary, etc.) Southbound API

Scenario http://chucksblog.emc.com/chucks_blog/2012/07/workload-mobility-is-more-real-than-you-might-think.html

Scenario Large-scale enterprise network infrastructure (e.g. one or multiple datacenters)! Multiple tenants share the virtualised infrastructure! Tenants set up their own topology! Provider allocates quotas, manages routing, handles conflicts and service disruptions http://chucksblog.emc.com/chucks_blog/2012/07/workload-mobility-is-more-real-than-you-might-think.html

SDN Adversarial Model Who is the adversary?! What are the capabilities of the adversary?! What are the threat vectors?

Security of SDN infrastructure! vs.! Security capabilities enabled by SDN

Security of SDN infrastructure! vs.! Security capabilities enabled by SDN

Adversarial Model Assumptions Assume hardware integrity Assume physical security Assume cryptographic security

Adversary Capabilities Overhear, intercept, and synthesise messages. Analyse the traffic patterns in the network Disrupt or degrade network connectivity. Send valid tenant packages with an arbitrary content and frequency to the components it can reach. Attempt to impersonate other tenants. Install arbitrary management applications and issue policies within its network domain. Attempt to decrypt intercepted network traffic that is sent and received by other tenants. Attack the network communication of the SDN-based infrastructure. Attempt to impersonate network infrastructure components. Issue malicious policies aiming to either monitor, distort or disrupt network traffic. Attempt to decrypt intercepted network traffic that is sent and received by other network infrastructure components.

Attack Vectors A.Vulnerabilities in the control plane B. Attacks on control plane communications C. Lack of a trust chain between the management applications and the data plane D. Attacks on policies and rules in programmable networks E. Resource limit violations F. Attacks on virtual switches and network gateways G. Weak bandwidth isolation as attack vehicle Management Applications Network Hypervisor Global network view Network Operating System (e.g. NOX, Rosemary, etc.) Southbound API C E A/B/C D F/G

Security Requirements A: Access control model to limit effect of vulnerabilities in controllers. A: Policy verification prior to deployment. B: Authenticated communication between control plane components; secure enrolment mechanism for management applications and data plane devices. C: Traceability and non-repudiation for all configuration commands and policies issued by network management applications. D: A mechanism for network policy isolation, such that the effects of policies in a certain tenant domain have no effect on other domains. Management Applications Network Hypervisor Global network view Network Operating System (e.g. NOX, Rosemary, etc.) Southbound API C E A/B/C D F/G

Security Requirements (continued) D: New network management policies must run through an integration verification engine prior to deployment. E: Mechanism to ensure that network management applications do not allocate resources beyond the assigned quota. F: Verified integrity of virtual network components prior to deployment; keys protected with a hardware root of trust. G: Policy-based routing decisions immune to vulnerabilities in bandwidth isolation between tenants. G: Software and hardware network components must offer equally strong bandwidth isolation properties. Management Applications Network Hypervisor Global network view Network Operating System (e.g. NOX, Rosemary, etc.) Southbound API C E A/B/C D F/G

Upcoming Work (Setting up the infrastructure) 1. Integrity verification of virtual network components prior to deployment.! 2. Authenticated communication between control plane components.! 3. Secure enrolment mechanism for management applications and data plane devices.! 4. Configuration policy grammar suitable for integration verification. http://pixshark.com/brick-wall-black-and-white-drawing.htm

Upcoming Work (Ramping up security guarantees) 1. Access control model for network operating systems.! 2. Additional mechanisms for quota enforcement and monitoring.! 3. Scalable model-based policy integration verification prior to deployment on data plane. Bodiam Castle

Recommended Reading A. Greenberg, G. Hjalmtysson, D. A. Maltz, A. Myers, J. Rexford, G. Xie, H. Yan, J. Zhan, and H. Zhang, A clean slate 4D approach to network control and management, ACM SIGCOMM Computer Communication Review, vol. 35, no. 5, pp. 41 54, 2005. M. Casado, M. J. Freedman, J. Pettit, J. Luo, N. McKeown, and S. Shenker, Ethane: taking control of the enterprise, in ACM SIGCOMM Computer Communication Review, vol. 37, pp. 1 12, ACM, 2007. M. Casado, N. Foster, and A. Guha, Abstractions for software-defined networks, Communications of the ACM, vol. 57, no. 10, pp. 86 95, 2014. N. Gude, T. Koponen, J. Pettit, B. Pfaff, M. Casado, N. McKeown, and S. Shenker, NOX: towards an operating system for networks, ACM SIGCOMM Computer Communication Review, vol. 38, no. 3, pp. 105 110, 2008. T. Koponen, M. Casado, N. Gude, J. Stribling, L. Poutievski, M. Zhu, R. Ramanathan, Y. Iwata, H. Inoue, T. Hama, et al., Onix: A Distributed Control Platform for Large-scale Production Networks., in OSDI, vol. 10, pp. 1 6, 2010. P. Porras, S. Shin, V. Yegneswaran, M. Fong, M. Tyson, and G. Gu, A security enforcement kernel for OpenFlow networks, in Proceedings of the first workshop on Hot topics in software defined networks, pp. 121 126, ACM, 2012. S. Shin, Y. Song, T. Lee, S. Lee, J. Chung, P. Porras, V. Yegneswaran, J. Noh, and B. B. Kang, Rosemary: A Robust, Secure, and High- Performance Network Operating System, in Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 78 89, ACM, 2014. D. Kreutz, F. Ramos, and P. Verissimo, Towards secure and dependable software-defined networks, in Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking, pp. 55 60, ACM, 2013. Lasserre, M., et al. Framework for Data Center (DC) Network Virtualization. No. RFC 7365. 2014. Hartman, S., Zhang, D., Wasserman, M., Qiang, Z., Mingui, Z. Security Requirements of NVO3, draft-ietf-nvo3-security-requirements-04.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information