As a novel networking paradigm, SDN introduces both the opportunities of easier network management and more flexible policy deployment, and the challenges of new attack surfaces. This project investigate such new attack surfaces from the perspective of adversarial reconnaissance, which is a family of techniques that allow insider and outsider attackers to use the network behavior and control-plane messaging to infer the structure, configuration, and vulnerabilities of the target SDN. To secure future networks against such attackers, this project proposes to develop a systematic understanding of the techniques, capabilities, fundamental limits, and countermeasures of adversarial reconnaissance in SDNs.
Through collaboration with Dr. Patrick McDaniel (co-PI) and his student, we plan to investigate two correlated questions: (1) What information can be learned by an adversary? (2) What attacks can be launched based on this information? We will carry out two parallel thrusts, one focusing on an internal adversary (compromised switch), and the other focusing on an external adversary (compromised host). Our initial studies have covered flow table reconnaissance from host-based adversary and load balancer reconnaissance from switch-based adversary, with many more interesting questions to be explored next.
- Quinn Burke, Patrick McDaniel, Tom La Porta, Mingli Yu, and Ting He, Misreporting Attacks in Software-Defined Networking, International Conference on Security and Privacy in Communication Networks (SecureComm 2020), October 2020.
- Mingli Yu, Ting He, Patrick McDaniel, and Quinn K. Burke, Flow Table Security in SDN: Adversarial Reconnaissance and Intelligent Attacks, IEEE INFOCOM, April 2020. Code