Abstract

Network Management is a critical process for an enterprise to con-gure and monitor the network devices using cost eective methods. It is imperative for it to be robust and free from adversarial or accidental security aws. With the advent of cloud computing and increasing demands for centralized network control, conventional management protocols like SNMP appear inadequate and newer techniques like NMDA and NETCONF have been invented. However, unlike SNMP which underwent improvements concentrating on security, the new data management and storage techniques have not been scrutinized for the inherent security aws. In this paper, we identify several vulnerabilities in the widely used critical infrastructures which leverage the Network Management Datastore Architecture design (NMDA). Software Dened Networking (SDN), a proponent of NMDA, heavily relies on its datastores to program and manage the network. We base our research on the security challenges put forth by the existing datastore’s design as implemented by the SDN controllers. The vulnerabilities identied in this work have a direct impact on the controllers like OpenDayLight, Open Network Operating System and their proprietary implementations (by CISCO, Ericsson, RedHat, Brocade, Juniper, etc). Using our threat detection methodology, we demonstrate how the NMDA-based implementations are vulnerable to attacks which compromise availability, integrity, and condentiality of the network. We nally propose defense measures to address the security threats in the existing design and discuss the challenges faced while employing these countermeasures.

Original languageEnglish (US)
Title of host publicationCCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery
Pages664-676
Number of pages13
ISBN (Electronic)9781450356930
DOIs
StatePublished - Oct 15 2018
Event25th ACM Conference on Computer and Communications Security, CCS 2018 - Toronto, Canada
Duration: Oct 15 2018 → …

Other

Other25th ACM Conference on Computer and Communications Security, CCS 2018
CountryCanada
CityToronto
Period10/15/18 → …

Fingerprint

Network management
Critical infrastructures
Controllers
Cloud computing
Information management
Availability
Network protocols
Costs
Industry

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this

Dixit, V. H., Doupe, A., Shoshitaishvili, Y., Zhao, Z., & Ahn, G-J. (2018). AIM-SDN: Aacking information mismanagement in SDN-datastores. In CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (pp. 664-676). Association for Computing Machinery. https://doi.org/10.1145/3243734.3243799

AIM-SDN : Aacking information mismanagement in SDN-datastores. / Dixit, Vaibhav Hemant; Doupe, Adam; Shoshitaishvili, Yan; Zhao, Ziming; Ahn, Gail-Joon.

CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2018. p. 664-676.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Dixit, VH, Doupe, A, Shoshitaishvili, Y, Zhao, Z & Ahn, G-J 2018, AIM-SDN: Aacking information mismanagement in SDN-datastores. in CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, pp. 664-676, 25th ACM Conference on Computer and Communications Security, CCS 2018, Toronto, Canada, 10/15/18. https://doi.org/10.1145/3243734.3243799
Dixit VH, Doupe A, Shoshitaishvili Y, Zhao Z, Ahn G-J. AIM-SDN: Aacking information mismanagement in SDN-datastores. In CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery. 2018. p. 664-676 https://doi.org/10.1145/3243734.3243799
Dixit, Vaibhav Hemant ; Doupe, Adam ; Shoshitaishvili, Yan ; Zhao, Ziming ; Ahn, Gail-Joon. / AIM-SDN : Aacking information mismanagement in SDN-datastores. CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2018. pp. 664-676
@inproceedings{788230be53c442c09669387a21407c4a,
title = "AIM-SDN: Aacking information mismanagement in SDN-datastores",
abstract = "Network Management is a critical process for an enterprise to con-gure and monitor the network devices using cost eective methods. It is imperative for it to be robust and free from adversarial or accidental security aws. With the advent of cloud computing and increasing demands for centralized network control, conventional management protocols like SNMP appear inadequate and newer techniques like NMDA and NETCONF have been invented. However, unlike SNMP which underwent improvements concentrating on security, the new data management and storage techniques have not been scrutinized for the inherent security aws. In this paper, we identify several vulnerabilities in the widely used critical infrastructures which leverage the Network Management Datastore Architecture design (NMDA). Software Dened Networking (SDN), a proponent of NMDA, heavily relies on its datastores to program and manage the network. We base our research on the security challenges put forth by the existing datastore’s design as implemented by the SDN controllers. The vulnerabilities identied in this work have a direct impact on the controllers like OpenDayLight, Open Network Operating System and their proprietary implementations (by CISCO, Ericsson, RedHat, Brocade, Juniper, etc). Using our threat detection methodology, we demonstrate how the NMDA-based implementations are vulnerable to attacks which compromise availability, integrity, and condentiality of the network. We nally propose defense measures to address the security threats in the existing design and discuss the challenges faced while employing these countermeasures.",
author = "Dixit, {Vaibhav Hemant} and Adam Doupe and Yan Shoshitaishvili and Ziming Zhao and Gail-Joon Ahn",
year = "2018",
month = "10",
day = "15",
doi = "10.1145/3243734.3243799",
language = "English (US)",
pages = "664--676",
booktitle = "CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security",
publisher = "Association for Computing Machinery",

}

TY - GEN

T1 - AIM-SDN

T2 - Aacking information mismanagement in SDN-datastores

AU - Dixit, Vaibhav Hemant

AU - Doupe, Adam

AU - Shoshitaishvili, Yan

AU - Zhao, Ziming

AU - Ahn, Gail-Joon

PY - 2018/10/15

Y1 - 2018/10/15

N2 - Network Management is a critical process for an enterprise to con-gure and monitor the network devices using cost eective methods. It is imperative for it to be robust and free from adversarial or accidental security aws. With the advent of cloud computing and increasing demands for centralized network control, conventional management protocols like SNMP appear inadequate and newer techniques like NMDA and NETCONF have been invented. However, unlike SNMP which underwent improvements concentrating on security, the new data management and storage techniques have not been scrutinized for the inherent security aws. In this paper, we identify several vulnerabilities in the widely used critical infrastructures which leverage the Network Management Datastore Architecture design (NMDA). Software Dened Networking (SDN), a proponent of NMDA, heavily relies on its datastores to program and manage the network. We base our research on the security challenges put forth by the existing datastore’s design as implemented by the SDN controllers. The vulnerabilities identied in this work have a direct impact on the controllers like OpenDayLight, Open Network Operating System and their proprietary implementations (by CISCO, Ericsson, RedHat, Brocade, Juniper, etc). Using our threat detection methodology, we demonstrate how the NMDA-based implementations are vulnerable to attacks which compromise availability, integrity, and condentiality of the network. We nally propose defense measures to address the security threats in the existing design and discuss the challenges faced while employing these countermeasures.

AB - Network Management is a critical process for an enterprise to con-gure and monitor the network devices using cost eective methods. It is imperative for it to be robust and free from adversarial or accidental security aws. With the advent of cloud computing and increasing demands for centralized network control, conventional management protocols like SNMP appear inadequate and newer techniques like NMDA and NETCONF have been invented. However, unlike SNMP which underwent improvements concentrating on security, the new data management and storage techniques have not been scrutinized for the inherent security aws. In this paper, we identify several vulnerabilities in the widely used critical infrastructures which leverage the Network Management Datastore Architecture design (NMDA). Software Dened Networking (SDN), a proponent of NMDA, heavily relies on its datastores to program and manage the network. We base our research on the security challenges put forth by the existing datastore’s design as implemented by the SDN controllers. The vulnerabilities identied in this work have a direct impact on the controllers like OpenDayLight, Open Network Operating System and their proprietary implementations (by CISCO, Ericsson, RedHat, Brocade, Juniper, etc). Using our threat detection methodology, we demonstrate how the NMDA-based implementations are vulnerable to attacks which compromise availability, integrity, and condentiality of the network. We nally propose defense measures to address the security threats in the existing design and discuss the challenges faced while employing these countermeasures.

UR - http://www.scopus.com/inward/record.url?scp=85056824448&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85056824448&partnerID=8YFLogxK

U2 - 10.1145/3243734.3243799

DO - 10.1145/3243734.3243799

M3 - Conference contribution

AN - SCOPUS:85056824448

SP - 664

EP - 676

BT - CCS 2018 - Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery

ER -