software defined networking security: security for sdn and ...security issues in sdn •why security...
TRANSCRIPT
Software Defined Networking Security: Security for SDN and Security with SDN
Seungwon Shin
Texas A&M University
Contents
• SDN Basic Operation
• SDN Security Issues
SDN Operation
SDN Switch
Host A Host B
L2 Forwarding application
(1) (2) (3)
Controller (e.g., NOX)
SDN Controller
(5)
A B: Forward
Flow Table in SDN Switch
(4)
SDN Security Research
• Two issues
– Security for SDN
• Security issues in SDN itself
– Security with SDN
• Security applications based on SDN
Security Issues in SDN
Security Issues in SDN
• Why security issues?
– SDN is not so mature yet
– There could be some (or many) possible security problems in SDN
– E.g.,
• Rule conflict and Dynamic flow tunneling problem
• Flooding attack problem
Rule Conflict
• Problem – Rule conflicts between flow rule and security policies
• F/W : block all packets from the host A to the host B • SDN flow rule: forward all packets from the host A to the
host B
SDN Switch
Host A Host B
L2 Forwarding application
Controller (e.g., NOX)
SDN Controller
A B: Forward
A B: Block
Dynamic Flow Tunneling
• Problem
– A buggy (or malicious) application can let an attacker evade security policies
SDN Switch
Host A Host B
Malicious or buggy application
Controller (e.g., NOX)
SDN Controller
A C: Replace A with D, D C: Replace C with B D B: Forward Finally, A can contact B
A B: Block
A C D B
Real Problem
• People really care about dynamic tunneling
Chief Architect, Security Division at Juniper talked this problem in RSA 2013
BigSwitch (leading SDN company) mentioned this Problem and our solution in CENIC Workshop 2012
Solution
• FortNOX (SE-FloodLight) – Detect policy conflict with OpenFlow flow rules
• Check if a condition of a flow rule violates the firewall policies
• If there are multiple conditions, find all possible combinations – (A,D) (C, B)
» A C, A B, D C, D B
– Affiliation • SRI International and Texas A&M
Flooding Problem
• Problem – Attacker can flood
• Messages to a controller
• Flow rules in a flow table
Attacker 20.0.0.1
Load balancing application
Controller (e.g., NOX)
SDN Controller
SRC IP -> DST IP
Fake SRC IP
10.0.0.1 -> 20.0.0.1
10.0.0.255 -> 20.0.0.1 10.0.0.1 -> 20.0.0.1 10.0.0.2 -> 20.0.0.1
……
Flow Table
Solution
• Rule merging – Control the rule granularity
• Fine grained flow rule coarse grained flow rule • E.g.,
– 10.0.0.1 20.0.0.1, 10.0.0.2 20.0.0.1, 10….. – 10.0.0.* 20.0.0.1
– Affiliation • Princeton and HP Labs
• Detect and reject malicious packets – Detect IP spoofing and ignore spoofed packets – Affiliation
• SRI International and Texas A&M
Other Critical Problem
• Controller is not safe
– Buggy or Malicious applications can kill the control plane (i.e., controller)
– A malicious application can control a network
– and more issues
Security Applications Based On SDN
Security Applications Based on SDN
• Use SDN technology to make our network secure
• Then, how to?
– Build network security applications with SDN
– Cooperate with existing security devices
Access Control in A Cloud Network
• Problems – Access control for a cloud network
• Inside attacks – A tenant can attack another tenants
– Need to install F/W to protect each tenant
– However,
– Hard to install access control policies in a cloud network • Many network links
• Complicated and different access control policies
Solution
• CloudPolice – New access control for a cloud network
environment
– Installed at each VM
– Features • Scalable (millions of tenants)
• Flexible (easy to change)
• Robust to DoS attacks
– Affiliation • UCB and Princeton
CloudPolice
• Overall operation – CloudPolice at a source sends a control packet before sending data flow
– CloudPolice at a destination investigates access control policies for a source, and it returns response message to a source
– CloudPolice at a source performs some operations based on the received messages
Network Separation/Isolation
• Problem
– A cloud or an enterprise network needs to separate logical networks for each tenant
– Solution
• VLAN – However, limitation in creation: 4096
Solution
• FlowVisor
– Create virtual networks with SDN
– Ideally, no limitation
– Affiliation
• Stanford and BigSwitch FlowVisor
Controller 1 Controller 2
Alice Virtual Network Bob Virtual Network
Physical Network
OpenFlow switch
App 1 App 2 App 1 App 2
Home Network Instrumentation
• Problem
– Home network elements are commonly used for network attacks
• Bot infected hosts
– However, it is not easy to investigate each home network element
• Need to install third-party applications
• No standard
Solution
• Bismark project
– Embed an OpenFlow switch module into each AP
– Monitor home network traffic (1)
– Detect attacks (2)
– Enforce a flow rule to handle attacks (3)
– Affiliation
• GIT
Alice home network Bob home network John home network
Controller
Security Application
(1) (1) (1)
(2) Detect attacks
(e.g., botnet, spam)
(3) (3) (3)
Security Aware Routing
• Problem – It is not easy to protect a cloud network, even
though we have installed network security devices
– Why? • Attack from inside
– Most network security devices monitor traffic from outside
• Dynamic configuration – VM migration
– Network configuration change
– Where do we need to install security devices?
Solution
• CloudWatcher
– Provide new routing algorithms, and they guarantee that specified network security devices can monitor specific network flows
– Affiliation
• Texas A&M University
CloudWatcher
• New Routing algorithms – Multipath naïve
– Shortest through
– Multipath shortest
– Shortest inside
- Sample network - S: start node, E: end node R: router, C: security device
CloudWatcher
• Basic routing scheme (NOT CloudWatcher’s idea)
– Find the shortest path between a start host and an end host
– Path: S R1 R5 R6 E
• Problem
– It does not pass through the security device C (R4)
CloudWatcher
• Multipath shortest – Improved version of multipath naïve – Two phase
• Find the shortest path (P1) – S R1 R5 R6 E
• Find the shortest path between routers on the path P1 and R4 – R6 R4 – R6 {R4, E}
Routing Algorithms
Multi-path naive
Shortest through
Summary
• Security issues in SDN
– Rule conflict and Dynamic flow tunneling
– Flooding problem
• Security applications with SDN
– Access control for a cloud network
– Network separation
– Home network instrumentation
– Security-Aware routing
Thank you, Question ?