Abstract

Network Management is a critical process for an enterprise to con-gure and monitor the network devices using cost eective methods. It is imperative for it to be robust and free from adversarial or accidental security aws. With the advent of cloud computing and increasing demands for centralized network control, conventional management protocols like SNMP appear inadequate and newer techniques like NMDA and NETCONF have been invented. However, unlike SNMP which underwent improvements concentrating on security, the new data management and storage techniques have not been scrutinized for the inherent security aws. In this paper, we identify several vulnerabilities in the widely used critical infrastructures which leverage the Network Management Datastore Architecture design (NMDA). Software Dened Networking (SDN), a proponent of NMDA, heavily relies on its datastores to program and manage the network. We base our research on the security challenges put forth by the existing datastore’s design as implemented by the SDN controllers. The vulnerabilities identied in this work have a direct impact on the controllers like OpenDayLight, Open Network Operating System and their proprietary implementations (by CISCO, Ericsson, RedHat, Brocade, Juniper, etc). Using our threat detection methodology, we demonstrate how the NMDA-based implementations are vulnerable to attacks which compromise availability, integrity, and condentiality of the network. We nally propose defense measures to address the security threats in the existing design and discuss the challenges faced while employing these countermeasures.

Original languageEnglish (US)
Title of host publicationCCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery
Pages664-676
Number of pages13
ISBN (Electronic)9781450356930
DOIs
StatePublished - Oct 15 2018
Event25th ACM Conference on Computer and Communications Security, CCS 2018 - Toronto, Canada
Duration: Oct 15 2018 → …

Other

Other25th ACM Conference on Computer and Communications Security, CCS 2018
CountryCanada
CityToronto
Period10/15/18 → …

    Fingerprint

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this

Dixit, V. H., Doupe, A., Shoshitaishvili, Y., Zhao, Z., & Ahn, G-J. (2018). AIM-SDN: Aacking information mismanagement in SDN-datastores. In CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (pp. 664-676). Association for Computing Machinery. https://doi.org/10.1145/3243734.3243799