software defined networking a
play

Software Defined Networking : A Security Perspective Dr. Sarker - PowerPoint PPT Presentation

Aug 10, 2023 •267 likes •539 views

Software Defined Networking : A Security Perspective Dr. Sarker Tanveer Ahmed Rumee Dept. of CSE, University of Dhaka Traditional Network Infrastructure Two Main Tasks Control of information flow (control plane) Calculation of routing

  1. Software Defined Networking : A Security Perspective Dr. Sarker Tanveer Ahmed Rumee Dept. of CSE, University of Dhaka

  2. Traditional Network Infrastructure

  3. Two Main Tasks • Control of information flow (control plane) – Calculation of routing decisions / tables – Additional decision: QoS, Security etc. • Forwarding of information (data plane) – Forward network packets based on predetermined/ precalculclated decisions

  4. Traditional Computer Networks Data plane: Packet streaming Forward, filter, buffer, mark, rate-limit, and measure packets

  5. Traditional Computer Networks Control plane: Distributed algorithms Track topology changes, compute routes, install forwarding rules

  6. Traditional Computer Networks Management plane: Human time scale Collect measurements and configure the equipment

  7. We want to do better • How? – One possible solution is to separate the control plane from the data plane – Provides great flexibility – Easier to accommodate change – Solution: Software Defined Network

  8. Software Defined Networking (SDN) Smart, Logically-centralized control slow API to the data plane (e.g., OpenFlow) Dumb, fast Switches

  9. Software Defined Network (SDN) Control Program A Control Program B Network OS Packet Forwarding Packet Forwarding Packet Forwarding Packet Forwarding Packet Forwarding

  10. Applications Applications Applications North bound API Network O.S. SDN Southbound API Switch Operating System Switch Hardware

  11. Implications Of SDN Current Networking SDN Enabled Environment Applications Applications Applications Applications Applications Applications Applications Network O.S. Network O.S. Global View ASIC ASIC Controller (N. O.S.) Applications Applications Programmatic Southbound Network O.S. Control ASIC API Switch O.S Switch HW Switch O.S Switch O.S Switch HW Switch HW

  12. SDN Challenges

  13. Controller Availability Applications Applications Applications Controller (N. O.S.) 13

  14. Controller Availability Applications Applications Applications Controller (N. O.S.) 14

  15. Controller Availability “ control a large force like a small force: divide and conquer” --Sun Tzu, Art of war • How many controllers? • How do you assign switches to controllers? • More importantly: which assignment reduces Applications processing time Applications Applications • How to ensure consistency between Controller (N. O.S.) controllers Applications Applications Applications Applications Applications Applications Controller (N. O.S.) Controller (N. O.S.) 15

  16. SDN Reliability/Fault Tolerance Controller : Single point of Existing network control • Bug in controller takes the survives failures or bugs whole network down in code for any one devices Applications Applications Applications Controller (N. O.S.) 16

  17. SDN Security Controller: Single point of control If one device in the • Compromise controller current networks are compromised the network may still be Applications Applications Applications safe Controller (N. O.S.) 17

  18. SDN Security Controller: Single point of control • Compromise controller • Denial of Service attack the control channel Applications Applications Applications Controller (N. O.S.) 18

  19. SDN Security issues

  20. Primary Concerns • Security Challenges :  Attack on the centralized controller  Trust problem between controller and software applications  Attack on the communication channel between controller and devices

  21. Security in SDN---DoS Attack in Detail step 2 step 3 packet step 1 step 4 sender switch receiver

  22. Security in SDN---DoS • Possible solution to DoS attack :  Run the device in proactive mode or using Firewall Internet Header Header

  23. Security in SDN---Malicious Applications App App App App SDN controller • Malicious application can now be easily developed and deployed on controllers. • Possible solutions : software attestation.

  24. Security in SDN---Control Channel Attack SDN Controller control channel SSL • Attack can either pretend to be the controller or the switch! • Possible solution 1: encrypt the channel by SSL.

  25. Control Channel Attack Solution -2

  26. Conclusion • SDN is still is in infancy period • Security protection of SDN – standards not developed yet • Eventually SDN will be standard • We need to find solutions and mechanisms to make it work for all kinds of networks

Recommend

software defined networking CS 6410 Fall 2017 Eric Campbell and Rolph Recto software defined

software defined networking CS 6410 Fall 2017 Eric Campbell and Rolph Recto software defined

software defined networking CS 6410 Fall 2017 Eric Campbell and Rolph Recto software defined networking software defined networking (OpenFlow, originally) Stanford computer scientist Nick McKeown and colleagues developed a standard called

1.13k views • 77 slides
Software Defined Networking Is it really the future of networking? And are the big switch vendors

Software Defined Networking Is it really the future of networking? And are the big switch vendors

Software Defined Networking Is it really the future of networking? And are the big switch vendors finished? 0 Data Centers a network crunch More Traffic Complexity More Dollars Less Latency Infiniband Fiber Channel More Servers

240 views • 9 slides
CompSci 514: Computer Networks Lecture 11: Software Defined Networking Xiaowei Yang 1

CompSci 514: Computer Networks Lecture 11: Software Defined Networking Xiaowei Yang 1

CompSci 514: Computer Networks Lecture 11: Software Defined Networking Xiaowei Yang 1 Overview Introducing SDN A real-world application of SDN Googles B4 netwok 2 Software Defined Networking Slides adapted from Mohammad

661 views • 50 slides
(First) NSF AiTF Workshop on Algorithms for Software-Defined Networking Michael Dinitz Vyas

(First) NSF AiTF Workshop on Algorithms for Software-Defined Networking Michael Dinitz Vyas

Welcome! (First) NSF AiTF Workshop on Algorithms for Software-Defined Networking Michael Dinitz Vyas Sekar JHU CMU 1 Context for this workshop Software-defined Networking taking off! E.g., Google Software-defined WAN E.g.,

501 views • 9 slides
CS 356: Computer Network Architectures Lecture 26: Router hardware, Software defined networking,

CS 356: Computer Network Architectures Lecture 26: Router hardware, Software defined networking,

CS 356: Computer Network Architectures Lecture 26: Router hardware, Software defined networking, and programmable routers [PD] chapter 3.4 Xiaowei Yang xwy@cs.duke.edu Overview Switching hardware Software defined networking

1.07k views • 70 slides
Software-Defined Networking Paul Grubbs Portions of this talk taken from:

Software-Defined Networking Paul Grubbs Portions of this talk taken from:

Software-Defined Networking Paul Grubbs Portions of this talk taken from: https://www.cs.rutgers.edu/~badri/552dir/papers/intro/nick09.pdf http://dl.acm.org/citation.cfm?id=2602219

643 views • 35 slides
Addressing Shortcomings of Existing DDoS Protection Software Using Software-Defined Networking

Addressing Shortcomings of Existing DDoS Protection Software Using Software-Defined Networking

Addressing Shortcomings of Existing DDoS Protection Software Using Software-Defined Networking SSP 2018, Hildesheim Lukas Ifflnder , Stefan Geissler, Jrgen Walter, Lukas Beierlieb, Samuel Kounev 08.11.2018

677 views • 46 slides
Software Defined Networking nancy@di.uoa.gr The Internet: A Remarkable Story Tremendous

Software Defined Networking nancy@di.uoa.gr The Internet: A Remarkable Story Tremendous

Software Defined Networking nancy@di.uoa.gr The Internet: A Remarkable Story Tremendous success From research experiment to global infrastructure Brilliance of under-specifying Network: best-effort packet delivery Hosts:

1.58k views • 144 slides
OF-RHM: Transparent Moving Target Defense using Software Defined Networking Haadi Jafarian, Qi

OF-RHM: Transparent Moving Target Defense using Software Defined Networking Haadi Jafarian, Qi

OF-RHM: Transparent Moving Target Defense using Software Defined Networking Haadi Jafarian, Qi Duan and Ehab Al-Shaer ACM SIGCOMM HotSDN Workshop August 2012 Helsinki, Finland CyberDNA lab, UNC Charlotte Why IP Mutation Static assignment

571 views • 28 slides
Towards a Secure and Resilient Industrial Control System Using Software-Defined Networking Dong

Towards a Secure and Resilient Industrial Control System Using Software-Defined Networking Dong

Towards a Secure and Resilient Industrial Control System Using Software-Defined Networking Dong (Kevin) Jin 1 Who am I? CS faculty, Ph.D., University of Illinois at Urbana- Champaign (UIUC), http://cs.iit.edu/~djin/ Research:

851 views • 52 slides
Revisiting Routing Control Platforms with the Eyes and Muscles of Software-Defined Networking

Revisiting Routing Control Platforms with the Eyes and Muscles of Software-Defined Networking

Revisiting Routing Control Platforms with the Eyes and Muscles of Software-Defined Networking ACM SIGCOMM HotSDN' 12 Workshop Helsinki, Finland, 13 August 2012 Agenda Research in scope and contribution RouteFlow Control Platform

709 views • 26 slides
Revisiting Routing Control Platforms with the Eyes and Muscles of Software-Defined Networking

Revisiting Routing Control Platforms with the Eyes and Muscles of Software-Defined Networking

Revisiting Routing Control Platforms with the Eyes and Muscles of Software-Defined Networking ACM SIGCOMM HotSDN' 12 Workshop Helsinki, Finland, 13 August 2012 Agenda Research in scope and contribution RouteFlow Control Platform

621 views • 31 slides
6.888 Lecture 14: Software Defined Networking Mohammad Alizadeh Many thanks to Nick McKeown

6.888 Lecture 14: Software Defined Networking Mohammad Alizadeh Many thanks to Nick McKeown

6.888 Lecture 14: Software Defined Networking Mohammad Alizadeh Many thanks to Nick McKeown (Stanford), Jennifer Rexford (Princeton), Sco< Shenker (Berkeley), Nick Feamster (Princeton), Li Erran Li (Columbia), Yashar Ganjali (Toronto)

765 views • 50 slides
Software Defined Networking OpenFlow and NOX ECE/CS598HPN Radhika Mittal Acknowledgements:

Software Defined Networking OpenFlow and NOX ECE/CS598HPN Radhika Mittal Acknowledgements:

Software Defined Networking OpenFlow and NOX ECE/CS598HPN Radhika Mittal Acknowledgements: Yashar Ganjali, Univ. of Toronto Software Defined Network (SDN) Feature Feature Network OS Packet Forwarding Packet Forwarding Packet

772 views • 36 slides
Automated Discovery of Cross - Plane Event - Based Vulnerabilities in Software - Defined Networking

Automated Discovery of Cross - Plane Event - Based Vulnerabilities in Software - Defined Networking

Automated Discovery of Cross - Plane Event - Based Vulnerabilities in Software - Defined Networking Benjamin E. Ujcich 1 , Samuel Jero 2 , Richard Skowyra 2 , Steven R. Gomez 2 , Adam Bates 1 , William H. Sanders 1 , and Hamed Okhravi 2 1 University

605 views • 46 slides
FlowFence: A Denial of Service Defense System for Software Defined Networking Andr es Felipe

FlowFence: A Denial of Service Defense System for Software Defined Networking Andr es Felipe

FlowFence: A Denial of Service Defense System for Software Defined Networking Andr es Felipe Murillo Piedrahita and Sandra Rueda Diogo M. F. Mattos and Otto Carlos M. B. Duarte Systems and Computing Engineering Department Grupo de

417 views • 6 slides
Software-Defined Networking Architecture Framework for Multi-Tenant Enterprise Cloud Environments

Software-Defined Networking Architecture Framework for Multi-Tenant Enterprise Cloud Environments

Introduction Solutions Evaluation Summary Software-Defined Networking Architecture Framework for Multi-Tenant Enterprise Cloud Environments Aryan TaheriMonfared Department of Electrical Engineering and Computer Science University of

1.51k views • 92 slides
Software-Defined Networking: OpenFlow and Frenetic Mohamed Ismail Background Problem:

Software-Defined Networking: OpenFlow and Frenetic Mohamed Ismail Background Problem:

Software-Defined Networking: OpenFlow and Frenetic Mohamed Ismail Background Problem: Programming Networks is Hard 3/39 Network Stack Pros Key to the success of the Internet Layers and layers of abstraction Independent innovation

569 views • 39 slides
OSiRIS Distributed Ceph and Software Defined Networking for Multi-Institutional Research Benjeman

OSiRIS Distributed Ceph and Software Defined Networking for Multi-Institutional Research Benjeman

OSiRIS Distributed Ceph and Software Defined Networking for Multi-Institutional Research Benjeman Meekhof University of Michigan Advanced Research Computing Technology Services October 6, 2016 Project and participants Latency and

571 views • 30 slides
Next Generation Clouds, The Chameleon Cloud Testbed, and Software Defined Networking (SDN) Joe

Next Generation Clouds, The Chameleon Cloud Testbed, and Software Defined Networking (SDN) Joe

Next Generation Clouds, The Chameleon Cloud Testbed, and Software Defined Networking (SDN) Joe Mambretti, Director, (j-mambretti@northwestern.edu) International Center for Advanced Internet Research (www.icair.org) Northwestern University

1.08k views • 40 slides
Software Defined Networking at Scale Bikash Koley on behalf of Google Technical Infrastructure

Software Defined Networking at Scale Bikash Koley on behalf of Google Technical Infrastructure

Software Defined Networking at Scale Bikash Koley on behalf of Google Technical Infrastructure BTE 2014 Software Defined Networking at Scale Bikash Koley on behalf of Google Technical Infrastructure Software Defined Google Networking at

677 views • 21 slides
OSiRIS Distributed Ceph and Software Defined Networking for Multi-Institutional Research Benjeman

OSiRIS Distributed Ceph and Software Defined Networking for Multi-Institutional Research Benjeman

OSiRIS Distributed Ceph and Software Defined Networking for Multi-Institutional Research Benjeman Meekhof University of Michigan Advanced Research Computing Technology Services May 11, 2016 About OSiRIS Status Today

581 views • 27 slides
Software Defined Networking for big-data science Eric Pouyoul Chin Guok Inder Monga

Software Defined Networking for big-data science Eric Pouyoul Chin Guok Inder Monga

Software Defined Networking for big-data science Eric Pouyoul Chin Guok Inder Monga (presenting) TERENA Network Architects meeting, Copenhagen November 21 st , 2012 ESnet: Worlds Leading Science Network ASIA-PACIFIC RUSSIA US R&E

277 views • 23 slides
IRNC: RXP: StarLight SDX A Software Defined Networking Exchange for Global Science Research and

IRNC: RXP: StarLight SDX A Software Defined Networking Exchange for Global Science Research and

IRNC: RXP: StarLight SDX A Software Defined Networking Exchange for Global Science Research and Education Joe Mambretti, Director, (j-mambretti@northwestern.edu) International Center for Advanced Internet Research (www.icair.org) Northwestern

525 views • 37 slides

More recommend