期刊文献+

基于模糊测试的SDN控制器漏洞挖掘 被引量:1

Research on Vulnerability Discovery and Security Test of SDN Controllers
下载PDF
导出
摘要 随着SDN网络的迅速发展,相应的安全问题成为业界关注的焦点。SDN控制器作为整个网络的控制核心,其安全性极为重要。针对此问题,研究SDN控制器安全问题,使用模糊测试技术对SDN控制器进行漏洞挖掘。将控制器的南北向接口作为模糊测试的对象,对南向接口OpenFlow协议进行了详细的分析与模糊测试。针对OpenFlow协议字段以及消息设计了基于现有的模糊测试框架Sulley的字段模糊测试和基于有限状态机的消息模糊测试。针对Floodlight、POX、NOX等五种控制器进行了测试,发现了一些潜在的漏洞,检验了SDN控制器的异常处理能力。 With the fast development and deployment of the SDN and its underlying technology OpenFlow,the corresponding security problem has become the focus of the industry. As the brain of the whole network,the security of SDN controllers becomes increasingly important. Aiming at this problem,this paper studies the security of SDN controllers and implements fuzzing tests to discover their vulnerabilities. The north interface of the SDN controllers is selected as the fuzzing testing objects. In order to discover the SDN controller’s vulnerability more effectively and inspect the exception handling ability of the SDN controllers,this paper has developed two ways to do fuzzing test.One is to fuzz the fields of the messages based on the existing fuzzing framework Sulley,the other is to fuzz the messages based on finite state machine. Experiments are conducted on several SDN controllers including Floodlight,POX and NOX and we do find some potential vulnerabilities.
作者 田消冰 魏晓明 高婷 郭静宜 TIAN Xiaobing;WEI Xiaoming;GAO Ting;GUO Jingyi(State Grid Shaanxi Electric Power Company,Xi’an 710048,Shaanxi,China;Department of Computer Science and Technology,Xi’an Jiaotong University,Xi’an 710049,Shaanxi,China)
出处 《电网与清洁能源》 2018年第4期15-21,共7页 Power System and Clean Energy
关键词 SDN/OpenFlow 控制器 模糊测试 漏洞挖掘 SDN/OpenFlow Controller Fuzzing test Vul. nerability discovery
  • 相关文献

参考文献4

二级参考文献68

  • 1Open Networking Foundation. Software-defined networking: the new norm for networks [ R/OL]. [ 2013-11 - 16 ]. https ://www. opennet- working, org/images/stories/downloads/sdnresources/white-papers/ wpsdn-newnorm, pdf.
  • 2ZARGAR S T, JOSHI J, TIPPER D. A survey of defense mechanisms against distributed denial of service ( DDoS ) flooding attacks [ J ]. IEEE Communications Surveys & Tutorials,2013,15 (4) :2046- 2069.
  • 3ZHOU Wan-lei. Keynote Ⅲ: detection and traceback of DDoS attacks [C]//Proc of the 8th IEEE International Conference on Computer and Information Technology. [ S. l. ] :IEEE Press,2008.
  • 4Real time threat mitigation through intelligent network quarantine [ EB/OL ]. [ 2013- 11- 18 ]. http://www, opennetsummit, org/ar- chives/apr12/site/pdf/varmour, pdf.
  • 5PORRAS P, SHIN S, YEGNESWARAN V, et al. A security en- forcement kernel for OpenFlow networks [ C ]//Proc of the 1 st Work- shop on Hot Topics in Software Defined Networks. New York : ACM Press,2012 : 121 - 126.
  • 6ANTONATOS S, AKRITIDIS P, MARKATOS E P, et al. Defending against hitlist worms using network address space randomization [ J ]. Computer Networks ,2007,51 ( 12 ) :3471-3490.
  • 7JAFARIAN H J, AI-S E, DUAN Qi. OpenFlow random host muta-tlon : transparent moving target defense using software defined networ- king[C]//Proc of the 1st Workshop on Hot Topics in Software De- fined Networks. New York :ACM Press ,2012 : 127-132.
  • 8KUMAR S, SEHGAL R, BHATIA J S. Hybrid honeypot framework for malware collection and analysis [ C ]//Proe of the 7th International Conference on Industrial and Information Systems. [ S. 1. ] : IEEE Press.2012 : 1-5.
  • 9YEGANEH S H, GANJALI Y. Kandoo: a framework for efficient and scalable offloading of control applications [ C ]//Proc of the 1 st Work- shop on Hot Topics in Software Defined Networks. New York:ACM Press,2012 : 19-24.
  • 10BEHESHTI N, ZHANG Ying. Fast failover for control traffic in soft- ware-defined networks [ C ]//Proc of IEEE Global Communication Conference. [ S. 1. ] : IEEE Press,2012:2665-2670.

共引文献47

同被引文献7

引证文献1

二级引证文献2

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部