摘要
Software defined networking(SDN)has attracted significant attention from both academia and industry by its ability to reconfigure network devices with logically centralized applications.However,some critical security issues have also been introduced along with the benefits,which put an obstruction to the deployment of SDN.One root cause of these issues lies in the limited resources and capability of devices involved in the SDN architecture,especially the hardware switches lied in the data plane.In this paper,we analyze the vulnerability of SDN and present two kinds of SDN-targeted attacks:1)data-to-control plane saturation attack which exhausts resources of all SDN components,including control plane,data plane,and the in-between downlink channel and 2)control plane reflection attack which only attacks the data plane and gets conducted in a more efficient and hidden way.Finally,we propose the corresponding defense frameworks to mitigate such attacks.
Software defined networking(SDN)has attracted significant attention from both academia and industry by its ability to reconfigure network devices with logically centralized applications.However,some critical security issues have also been introduced along with the benefits,which put an obstruction to the deployment of SDN.One root cause of these issues lies in the limited resources and capability of devices involved in the SDN architecture,especially the hardware switches lied in the data plane.In this paper,we analyze the vulnerability of SDN and present two kinds of SDN-targeted attacks:1)data-to-control plane saturation attack which exhausts resources of all SDN components,including control plane,data plane,and the in-between downlink channel and 2)control plane reflection attack which only attacks the data plane and gets conducted in a more efficient and hidden way.Finally,we propose the corresponding defense frameworks to mitigate such attacks.
基金
supported in part by the National Key R&D Program of China under Grant No.2017YFB0801701
the National Science Foundation of China under Grant No.61472213
CERNET Innovation Project(NGII20160123)
