SDN Ro2tkits: A Case Study of Subverting A Closed Source SDN Controller
Author:
Abstract
An SDN controller is a core component of the SDN architecture. It is responsible for managing an underlying network while allowing SDN applications to program it as required. Because of this central role, compromising such an SDN controller is of high interest for an attacker. A recently published SDN rootkit has demonstrated, for example, that a malicious SDN application is able to manipulate an entire network while hiding corresponding malicious actions. However, the facts that this attack targeted an open source SDN controller and applied a specific way to subvert this system leaves important questions unanswered: How easy is it to attack closed source SDN controllers in the same way? Can we concentrate on the already presented technique or do we need to consider other attack vectors as well to protect SDN controllers?
In this paper, we elaborate on these research questions and present two new SDN rootkits, both targeting a closed source SDN controller. Similar to previous work, the first one is based on Java reflection.
In contrast to known reflection abuses, however, we must develop new techniques as the existing ones can only be adopted in parts. Additionally, we demonstrate by a second SDN rootkit that an attacker is by no means limited to reflection-based attacks. In particular, we abuse aspect-oriented programming capabilities to manipulate core functions of the targeted system. To tackle the security issues raised in this case study, we discuss several countermeasures and give concrete suggestions to improve SDN controller security.
- Citation
- BibTeX
Röpke, C.,
(2018).
SDN Ro2tkits: A Case Study of Subverting A Closed Source SDN Controller.
In:
Langweg, H., Meier, M., Witt, B. C. & Reinhardt, D.
(Hrsg.),
SICHERHEIT 2018.
Bonn:
Gesellschaft für Informatik e.V..
(S. 95-106).
DOI: 10.18420/sicherheit2018_07
@inproceedings{mci/Röpke2018,
author = {Röpke, Christian},
title = {SDN Ro2tkits: A Case Study of Subverting A Closed Source SDN Controller},
booktitle = {SICHERHEIT 2018},
year = {2018},
editor = {Langweg, Hanno AND Meier, Michael AND Witt, Bernhard C. AND Reinhardt, Delphine} ,
pages = { 95-106 } ,
doi = { 10.18420/sicherheit2018_07 },
publisher = {Gesellschaft für Informatik e.V.},
address = {Bonn}
}
author = {Röpke, Christian},
title = {SDN Ro2tkits: A Case Study of Subverting A Closed Source SDN Controller},
booktitle = {SICHERHEIT 2018},
year = {2018},
editor = {Langweg, Hanno AND Meier, Michael AND Witt, Bernhard C. AND Reinhardt, Delphine} ,
pages = { 95-106 } ,
doi = { 10.18420/sicherheit2018_07 },
publisher = {Gesellschaft für Informatik e.V.},
address = {Bonn}
}
Dateien | Groesse | Format | Anzeige | |
---|---|---|---|---|
sicherheit2018-07.pdf | 363.5Kb | View/ |
Sollte hier kein Volltext (PDF) verlinkt sein, dann kann es sein, dass dieser aus verschiedenen Gruenden (z.B. Lizenzen oder Copyright) nur in einer anderen Digital Library verfuegbar ist. Versuchen Sie in diesem Fall einen Zugriff ueber die verlinkte DOI: 10.18420/sicherheit2018_07
Haben Sie fehlerhafte Angaben entdeckt? Sagen Sie uns Bescheid: Send Feedback
More Info
ISBN: 978-3-88579-675-6
ISSN: 1617-5468
xmlui.MetaDataDisplay.field.date: 2018
Language: (en)
Content Type: Text/Conference Paper