摘要
随着SDN网络的迅速发展,相应的安全问题成为业界关注的焦点。SDN控制器作为整个网络的控制核心,其安全性极为重要。针对此问题,研究SDN控制器安全问题,使用模糊测试技术对SDN控制器进行漏洞挖掘。将控制器的南北向接口作为模糊测试的对象,对南向接口OpenFlow协议进行了详细的分析与模糊测试。针对OpenFlow协议字段以及消息设计了基于现有的模糊测试框架Sulley的字段模糊测试和基于有限状态机的消息模糊测试。针对Floodlight、POX、NOX等五种控制器进行了测试,发现了一些潜在的漏洞,检验了SDN控制器的异常处理能力。
With the fast development and deployment of the SDN and its underlying technology OpenFlow,the corresponding security problem has become the focus of the industry. As the brain of the whole network,the security of SDN controllers becomes increasingly important. Aiming at this problem,this paper studies the security of SDN controllers and implements fuzzing tests to discover their vulnerabilities. The north interface of the SDN controllers is selected as the fuzzing testing objects. In order to discover the SDN controller’s vulnerability more effectively and inspect the exception handling ability of the SDN controllers,this paper has developed two ways to do fuzzing test.One is to fuzz the fields of the messages based on the existing fuzzing framework Sulley,the other is to fuzz the messages based on finite state machine. Experiments are conducted on several SDN controllers including Floodlight,POX and NOX and we do find some potential vulnerabilities.
作者
田消冰
魏晓明
高婷
郭静宜
TIAN Xiaobing;WEI Xiaoming;GAO Ting;GUO Jingyi(State Grid Shaanxi Electric Power Company,Xi’an 710048,Shaanxi,China;Department of Computer Science and Technology,Xi’an Jiaotong University,Xi’an 710049,Shaanxi,China)
出处
《电网与清洁能源》
2018年第4期15-21,共7页
Power System and Clean Energy