Yong Huang,Xuezeng Pan

DOI: https://doi.org/10.1007/978-3-642-23226-8_21

2011-01-01

Abstract:Aiming at the main problem that the link between the formal definition of multilevel security and security goal is not always clear, we propose a new definition of multilevel security closer to the practical application. Due to the fact that separability property based on the construction of covert channels is not practical, we introduce the concept of trusted domain to the theoretical framework initiated by the characteristics of transitive and intransitive security policy. Following that two intuitive propositions with the corresponding proof are proposed.

Stefan Achleitner,Quinn Burke,Patrick McDaniel,Trent Jaeger,Thomas La Porta,Srikanth Krishnamurthy

DOI: https://doi.org/10.48550/arXiv.2009.10021

2020-09-22

Abstract:Ensuring that information flowing through a network is secure from manipulation and eavesdropping by unauthorized parties is an important task for network administrators. Many cyber attacks rely on a lack of network-level information flow controls to successfully compromise a victim network. Once an adversary exploits an initial entry point, they can eavesdrop and move laterally within the network (e.g., scan and penetrate internal nodes) to further their malicious goals. In this paper, we propose a novel multilevel security (MLS) framework to enforce a secure inter-node information flow policy within the network and therein vastly reduce the attack surface available to an adversary who has penetrated it. In contrast to prior work on multilevel security in computer networks which relied on enforcing the policy at network endpoints, we leverage the centralization of software-defined networks (SDNs) by moving the task to the controller and providing this service transparently to all nodes in the network. Our framework, MLSNet, formalizes the generation of a policy compliant network configuration (i.e., set of flow rules on the SDN switches) as network optimization problems, with the objectives of (1) maximizing the number of flows satisfying all security constraints and (2) minimizing the security cost of routing any remaining flows to guarantee availability. We demonstrate that MLSNet can securely route flows that satisfy the security constraints (e.g., >80% of flows in a performed benchmark) and route the remaining flows with a minimal security cost.

Networking and Internet Architecture

Ali Nadim Alhaj,Narottam Das Patel,Ajeet Singh,Rohit Kumar Bondugula,Mohsin Furkh Dar,Jameel Ahamed

DOI: https://doi.org/10.1504/ijsnet.2024.141613

2024-09-28

International Journal of Sensor Networks

Abstract:The rapid expansion of networks has given rise to numerous challenges and issues. In recent years, one idea that has captivated researchers is segregating the forwarding and control levels, which emerged with software-defined networking (SDN) frameworks. Despite centralised management and network administration advantages, SDN networks have encountered several issues, with safety and reliability being the most prominent. This paper proposes a comprehensive robust security architecture for SDN networks that consists of modular components. Each module addresses a specific security challenge, and by integrating these security solutions, we aim to establish a cohesive security framework for SDN. Furthermore, we propose a robust security algorithm capable of effectively mitigating critical security attacks such as DDoS, ARP, and MITM. Our approach involves developing a multi-level security algorithm to counteract most DDoS attacks, while also devising a real-time algorithm specifically designed to handle ARP attacks, including request-replay-ARP DoS attacks.

computer science, information systems,telecommunications

Jiaqiang Liu,Yong Li,Huandong Wang,Depeng Jin,Li Su,Lieguang Zeng,Thanos Vasilakos

DOI: https://doi.org/10.1016/j.ins.2015.08.019

IF: 8.1

2015-01-01

Information Sciences

Abstract:Network operators employ a variety of security policies for protecting the data and services. However, deploying these policies in traditional network is complicated and security vulnerable due to the distributed network control and lack of standard control protocol. Software-defined network provides an ideal paradigm to address these challenges by separating control plane and data plane, and exploiting the logically centralized control. In this paper, we focus on taking the advantage of software-defined networking for security policies enforcement. We propose a two layer OpenFlow switch topology designed to implement security policies, which considers the limitation of flow table size in a single switch, the complexity of configuring security policies to these switches, and load balance among these switches. Furthermore, we introduce a safe way to update the configuration of these switches one by one for better load balance when traffic distribution changes. Specifically, we model the update process as a path in a graph, in which each node represents a security policy satisfied configuration, and each edge represents a single step of safely update. Based on this model, we design a heuristic algorithm to find an optimal update path in real time. Simulations of the update scheme show that our proposed algorithm is effective and robust under an extensive range of conditions.

Kai Bu,Yutian Yang,Zixuan Guo,Yuanyuan Yang,Xing Li,Shigeng Zhang

DOI: https://doi.org/10.1016/j.comnet.2021.108099

IF: 5.493

2021-01-01

Computer Networks

Abstract:Software-Defined Networking (SDN) greatly simplifies middlebox policy enforcement. Middleboxes need tag packet headers to avoid forwarding ambiguity on SDN switches. In this paper, we present a new attack, called middlebox-bypass attack, to breach SDN-based middlebox policy enforcement. Such an attack manipulates a compromised switch to locally tag attacking packets without handing them over to the attached middlebox for inspection. Existing SDN security solutions, however, cannot detect the middlebox-bypass attack under practical constraints of efficiency, robustness, and applicability. We design and implement FlowCloak, the first protocol for per-packet real-time detection and prevention of middlebox-bypass attacks. FlowCloak enables middleboxes to generate tags that are probabilistically unknown to an attacker and confines it to only random guessing. We propose a multi-tag verification technique to address the tradeoff between FlowCloak robustness and TCAM usage by tag verification rules on the egress switch. Experiment results show that dozens of verification rules can confine the attacking probability under 0.1%. We further explore implementation techniques of packet looping and field swapping that can enable a flow table pipeline on a single TCAM and mitigate packet correlation, respectively. FlowCloak imposes only a 0.01 ms packet processing delay on middleboxes and no obvious delay on the egress switch.

WANG Zhu,DAI Yi-qi

2012-01-01

Abstract:With the development of computer network,there come a lot of security threats.LAN is a basic unit of network functionality,and its security is very important and significant.A Multi-level Security Local Area Network System(MSLANS) based on BLP model is proposed,which with transparent computing system as the platform,conforms with the requirements of security infrastructure.By introducing the security policy server and dynamic monitoring switch into the system,and embedding modules into terminal computers to monitor the user's operations and login procedures,the secure LAN system could thus accomplish the centralized control and protection of the operations within the terminal computers.

Yudong Zhao,Ke Xu,Rashid Mijumbi,Meng Shen

DOI: https://doi.org/10.1007/978-3-319-22047-5_15

2015-01-01

Abstract:In recent years, the world has been shocked by the increasing number of network attacks that take advantage of router vulnerabilities to perform data interceptions. Such attacks are generally based on low cost, unidirectional, concealed mechanisms, and are very difficult to recognize let alone restrain. This is especially so, because the most affected parties - the users and Internet Service Providers (ISPs) - have very little control, if any, on router vulnerabilities. In this paper, we design, implement and evaluate a policy-based security system aimed at stopping such attacks from both the routing and switching network functions, by detecting any violations in the set policies. We prove the system's security completeness to data interception attacks. Based on simulations, we show that 100% of normal packets can pass through the policy-based system, and about 99.92% of intercepting ones would be caught. In addition, the performance of the proposed system is acceptable with regard to current TCP/IP networks.

Qi Li,Yanyu Chen,Patrick P. C. Lee,Mingwei Xu,Kui Ren

DOI: https://doi.org/10.1109/tnet.2018.2853593

2018-01-01

IEEE/ACM Transactions on Networking

Abstract:Software-defined networking (SDN) utilizes a centralized controller to distribute packet processing rules to network switches. However, rules are often generated by the applications developed by different organizations, so they may conflict with each other in data plane and lead to violations with security rules. The problem is similar to firewall conflicts in IP networks. Rule conflict resolution should incur negligible process delay, such that all rules can he correctly and safely enforced in the data plane in real time. However, since SDN allows users to use more than 35 fields to specify rules (including field transition rules), it is much more complicated to prevent enforcement of SDN rules from violating with security rules than to resolve firewall rule violation, and in particular, field transition rules are enforced. Therefore, it is extremely difficult to resolve such rule conflicts in real time before the rules are installed in SDN data plane. In this paper, we investigate the rule conflict problem in SDN and identify new covert channel attacks due to rule conflicts. To the end, we propose the covert channel defender (CCD) that prevents covert channel attacks by verifying and resolving rule conflicts. Specifically, CCD tracks all rule insertion and modification messages from applications running on the controller. It analyzes the correlation among rules based on multiple packet header fields and resolves any identified rule conflict in real time before rule installation. We implement CCD with the Floodlight controller and evaluate its performance with the real-world Stanford topology. We show that CCD can efficiently detect and prevent rule conflicts in the data plane that may raise covert channels within hundreds of microseconds and brings small overhead to the packet delivery.

Kai Bu,Yutian Yang,Zixuan Guo,Yuanyuan Yang,Xing Li,Shigeng Zhang

DOI: https://doi.org/10.1109/infocom.2018.8486230

2018-01-01

Abstract:Software-Defined Networking (SDN) greatly simplifies middlebox policy enforcement. Middleboxes need tag packet headers to avoid forwarding ambiguity on SDN switches. In this paper, we present a new attack, called middlebox-bypass attack, to breach SDN-based middlebox policy enforcement. Such an attack manipulates a compromised switch to locally tag attacking packets without handing them over to the attached middlebox for inspection. Existing SDN security solutions, however, cannot detect the middlebox-bypass attack under practical constraints of efficiency, robustness, and applicability. We design and implement FlowCloak, the first protocol for per-packet real-time detection and prevention of middlebox-bypass attacks. FlowCloak enables middleboxes to generate tags that are probabilistically unknown to an attacker and confines it to only random guessing. We propose a multi-tag verification technique to address the tradeoff between FlowCloak robustness and TCAM usage by tag verification rules on the egress switch. Experiment results show that dozens of verification rules can confine the attacking probability under 0.1%. FlowCloak imposes only a 0.3 ms packet processing delay on middleboxes and no obvious delay on the egress switch.

Chao Qi,Jiangxing Wu,Hongchao Hu,Guozhen Cheng

DOI: https://doi.org/10.1049/el.2016.2670

2016-01-01

Electronics Letters

Abstract:Modifying flow rule attack posts a huge threat to controllers in network operating system (NOS) for software defined network (SDN) due to its concealment. Based on the previously proposed NOS architecture with multiple controllers which introduce heterogeneity and dynamic to defend above attack effectively, its dynamic segment about dynamically scheduling controllers is explicitly presented. A dynamic-scheduling method is put forward to maximise security gain of NOS during each switch. This algorithm is able to improve NOS security through altering its framework's diversity to maximum degree while considering switching cost and latency simultaneously. Theory analysis and simulation results prove validity and availability of the devised mechanism and its more effective security performance over traditional architectures.

Jiahao Cao,Kun Sun,Qi Li,Mingwei Xu,Zijie Yang,Kyung Joon Kwak,Jason Li

DOI: https://doi.org/10.1007/978-3-030-37228-6_21

2019-01-01

Abstract: Software-Defined Networking (SDN) enables diversified network functionalities with plentiful applications deployed on a logically-centralized controller. In order to work properly, applications are naturally provided with much information on SDN. However, this paper shows that malicious applications can exploit basic SDN mechanisms to build covert channels to stealthily leak out valuable information to end hosts, which can bypass network security policies and break physical network isolation. We design two types of covert channels with basic SDN mechanisms. The first type is a high-rate covert channel that exploits SDN proxy mechanisms to transmit covert messages to colluding hosts inside SDN. The second type is a low-rate covert channel that exploits SDN rule expiry mechanisms to transmit covert messages from SDN applications to any host on the Internet. We develop the prototypes of both covert channels in a real SDN testbed consisting of commercial hardware switches and an open source controller. Evaluations show that the covert channels successfully leak out a TLS private key from the controller to a host inside SDN at a rate of 200 bps with 0% bit error rate, or to a remote host on the Internet at a rate of 0.5 bps with less than 3% bit error rate. In addition, we discuss possible countermeasures to mitigate the covert channel attacks.

Haiwei Xue,Yunliang Zhang,Zhien Guo,Yiqi Dai

DOI: https://doi.org/10.4236/jsea.2013.63b012

2013-01-01

Journal of Software Engineering and Applications

Abstract:Sensitive data leak can cause significant loss for some organizations, especially for technology intensive companies and country security departments. Traditional mandatory access control (MAC) can only control whether the user can access the sensitive data or not, and cannot prevent the user to leak or spread the data. So even designed impeccable access control policies, we still cannot prevent inside leak. A nature solution is using physical isolation to prevent sensitive data from being leaked outside network; however inside the physical isolated network, data still can be spread from one subnet to another. We present Secure Subnet System, a BLP model base security system that can provide more strong access control, which is called mandatory action control. In our system after a user read sensitive data, system will dynamically change security policies to prevent the user to leak these data or spread the data outside to another subnet. We use a state machine model to describe our system, and use secure transfer equations to dynamically calculate the system policies for each new state. Our model can be proved to be secure by formal methods. We implemented a demon of our system. In this paper we also show the design details of the demon and evaluate the demon both from security and performance. The evaluation results show that the output of the security tests case are under expected; and the performance test case show that, for the 64KB IO chunk size, IO read loss can be improved to 6.6%, IO write loss can be improved to 1.2% after optimization.

Jiahao Cao,Renjie Xie,Kun Sun,Qi Li,Guofei Gu,Mingwei Xu

DOI: https://doi.org/10.14722/ndss.2020.23040

2020-01-01

Abstract:Software-Defined Networking (SDN) greatly meets the need in industry for programmable, agile, and dynamic networks by deploying diversified SDN applications on a centralized controller. However, SDN application ecosystem inevitably introduces new security threats since compromised or malicious applications can significantly disrupt network operations. Thus, a number of effective security enhancement systems have been developed to defend against potential attacks from SDN applications. In this paper, we identify a new vulnerability on flow rule installation in SDN, namely, buffered packet hijacking, which can be exploited by malicious applications to launch effective attacks bypassing all existing defense systems. The root cause of this vulnerability lies in that SDN systems do not check the inconsistency between buffer IDs and match fields when an application attempts to install flow rules. Thus, a malicious application can manipulate buffer IDs to hijack buffered packets even though they do not match any installed flow rules. We design effective attacks exploiting this vulnerability to disrupt all three SDN layers, i.e., application layer, data plane layer, and control layer. First, by modifying buffered packets and resending them to controllers, a malicious application can poison other applications. Second, by manipulating forwarding behaviors of buffered packets, a malicious application can not only disrupt TCP connections of flows but also make flows bypass network security policies. Third, by copying massive buffered packets to controllers, a malicious application can saturate the bandwidth of SDN control channels and their computing resources. We demonstrate the feasibility and effectiveness of these attacks with both theoretical analysis and experiments in a real SDN testbed. Finally, we develop a lightweight defense system that can be readily deployed in existing SDN controllers as a patch.

Duan Haixin,Wu Jianping,Li Xing

2001-01-01

Abstract:Efforts of this paper focus on the issues about management and throughput of firewalls (or screening routers) applied in transit networks. On the one hand, manual configuration of large amount of firewalls distributed in many access points can not meet the global security requirements in the open and dynamic environment. On the other hand, the ordinal lookup of filtering rules in each individual firewall results in great decrease of throughput. Aimed at a typical transit network and its security policy requirements, a policy-based access control framework (PACF) is proposed in this paper. This framework is based on three levels of abstract access control policy: organizational access control policy (OACP), global access control policy (GACP) and local access control policy (LACP). The GACP, which comes from the results of IDSes and search engines according to OACP, is automatically and dynamically distributed to firewalls as LACPs. Each LACP is then enforced by an individual firewall. Some key algorithms for distribution of GACP and enforcement of LACP are described. A hash-based algorithm is proposed, for lookup of filtering rules in LACP. Under the environment with policy requirements described in this paper, the new algorithm reduces the time complexity of lookup from O (N) of traditional sequential algorithm to O (1), which therefore increases largely the throughput of firewalls.

Xiang Chen,Chunming Wu,Xuan Liu,Qun Huang,Dong Zhang,Haifeng Zhou,Qiang Yang,Muhammad Khurram Khan

DOI: https://doi.org/10.1109/comst.2023.3265984

IF: 35.6

2023-01-01

IEEE Communications Surveys & Tutorials

Abstract:With the growth of network applications such as 5G and artificial intelligence, network security techniques, i.e., the techniques that detect various attacks (e.g., well-known denial-of service (DDoS) attacks) and prevent production networks (e.g., data center networks) from being attacked, become increasingly essential for network management and have gained great popularity in the networking community. Generally, these techniques are built on proprietary hardware appliances, i.e., middleboxes, or the paradigm that combines both software-defined networking (SDN) and network function virtualization (NFV) to implement security functions. However, the techniques built on middleboxes are proven to be hard-to-manage, costly, and inflexible, thereby making them an out-of-date choice in network security. For the techniques built on SDN and NFV, they virtualize and softwarize security functions on commodity servers, leading to non-trivial performance degradation. Fortunately, the recent emergence of programmable switches brings new opportunities of empowering network security techniques with the characteristics of easy-tomanage, low cost, high flexibility, and Tbps-level performance. In this survey, we focus on this promising trend in network security. More precisely, this survey first presents the preliminaries of programmable switches, which are the primary driver of next-generation network security techniques. Next, we comprehensively review existing techniques built on programmable switches, classify these techniques, and discuss their background, motivation, design, implementation, and limitations case-by-case. Finally, we summarize open issues and future research directions in this promising research topic of network security.

computer science, information systems,telecommunications

Yunfei Meng,Changbo Ke,Zhiqiu Huang

DOI: https://doi.org/10.1016/j.cose.2024.103850

IF: 5.105

2024-04-19

Computers & Security

Abstract:Software-defined networking (SDN) has been utilized to enforce the security of traditional networks. However, the existing SDN-based security enforcement mechanisms rely heavily on the security policies containing the underlying information of data plane, such as MAC address, IP address or switch ports. These security policies need to be specifically developed by network operators and loaded into the control plane manually. With increasing the scale of underlying network, the existing security policy management mechanisms confront more and more challenges. The security policy transformation for SDN networks is to research how to transform the high-level security policy without containing the underlying information into the practical flow entries used by Openflow switches automatically, thereby implementing the automatic management of security policies. To achieve this objective, we propose a model transformation based security policy automatic management framework for software-defined networking in this paper. Leveraging its functional modules, the framework can solve the problems of how to find a connected path for each access control rule of security policy model (SPM) in data plane, how to transform the connected path into the system model of flow entries, as well as how to generate the practical flow entries according to the system model of flow entries. In order to validate the effectiveness and performance of framework, we implement the framework by leveraging POX controller and Mininet emulator. The experimental results illustrate the framework can transform SPM into practical flow entries, synchronously perceive the modifications caused by cutting down one connected path or changing SPM, and continuously keep the data plane holding the security properties defined by SPM at runtime.

computer science, information systems

Chao Qi,Jiangxing Wu,Hongchao Hu,Guozhen Cheng,Wenyan Liu,Jianjian Ai,Chao Yang

DOI: https://doi.org/10.1109/INFCOMW.2016.7562109

2016-01-01

Abstract:Modifying flow rule attack is a type of attack against controllers in SDN, leading to severe influence on network. In this paper, we propose Mcad-SA, an aware decision-making security architecture with multi-controller, to deal with it. It schedules the controllers in a dynamic and random way and adopts the vote results from the majority of controllers to determine valid flow rules. Theory analysis proves its validity.

Xi Chen

DOI: https://doi.org/10.54254/2755-2721/38/20230530

2024-02-07

Abstract:With the widespread application of computer network technology, computer network security defense capability has become a focus of attention in various industries. The extensive use of computer information systems in various sectors has significantly improved work efficiency but has also introduced security risks and management issues. The deployment of network security detection and control systems allows for effective security monitoring and management of computer operations and real-time network information. This paper presents a computer network security detection and control system based on human-computer interaction, which enables users to handle daily key business processes. The work principles and overall architecture of the network security detection and control system are analyzed and demonstrated. It offers functions such as filtering options, address rules, network security detection, network unreachability, overall traffic analysis, subnet definition, fault diagnosis, and security analysis. Testing and analysis indicate that the systems design achieves the intended goals. In the application of network security features, it can effectively combine various forces to enhance the quality and efficiency of network security, making it widely applicable in various industry units.

REN Gaoming,YANG Tong,QIAO Xiangdong

DOI: https://doi.org/10.3969/j.issn.1002-8692.2011.09.023

2011-01-01

Abstract:First, four existing network border protection detection structures are listed, and the analysis of their strengths and weaknesses are made.Then, a structure called firewall + intrusion detection + honeypot + linkage is proposed, which can improve the shortage of current security structure, and then the proposed structure is improved again and the last structure is known as dual network defense system.Finally, a feasibility analysis of the dual-network defense is carried out, and it is concluded that the expected double defense system can effectively reduce false alarm and leakage alarm, and it has relatively low cost, practical, and has a strong and broad prospects for application.

Wenmao LIU,Xiaofeng QIU,Pengcheng CHEN,Xutao WEN,Xinxin HE,Dongsheng WANG,Jun LI

DOI: https://doi.org/10.3778/j.issn.1673-9418.1407061

2015-01-01

Abstract:Current OpenFlow specifications provide limited access to packet details, making it inefficient to deploy security applications. Moreover, current security solutions become less flexible as software defined-networking (SDN) develops. This paper proposes a distributed software-defined security architecture (SDSA), which offloads heavy security processing from SDN controller to a dedicated security controller and security APPs, providing both flow and packet level protections against various attacks in the SDN and virtual environment. This paper gives the global view and knowledge of flows, IaaS assets and devices, which can make accurate decisions and ensures devices to execute security rules instantly. The architecture simplifies security device logic greatly by separating security data and control planes, the detection and protection are automated with standardized control messages, making the secu-rity reaction fast. The experiments demonstrate that SDSA can detect DoS attack, port scan and abnormal high traffic with low cost and little overhead.