taxonomic modeling of security threats in software … threats in software defined networking ......
TRANSCRIPT
![Page 1: Taxonomic Modeling of Security Threats in Software … Threats in Software Defined Networking ... Security of SDN ... us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pptx](https://reader034.vdocuments.site/reader034/viewer/2022051602/5afd72707f8b9a444f8d7d48/html5/thumbnails/1.jpg)
Taxonomic Modeling of
Security Threats in
Software Defined Networking
Jennia HizverPhD in Computer Science
![Page 2: Taxonomic Modeling of Security Threats in Software … Threats in Software Defined Networking ... Security of SDN ... us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pptx](https://reader034.vdocuments.site/reader034/viewer/2022051602/5afd72707f8b9a444f8d7d48/html5/thumbnails/2.jpg)
Agenda
• SDN Adoption Rates
• SDN Attack Surface
• SDN Threat Model
• Attack Examples
• Threat Mitigation
![Page 3: Taxonomic Modeling of Security Threats in Software … Threats in Software Defined Networking ... Security of SDN ... us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pptx](https://reader034.vdocuments.site/reader034/viewer/2022051602/5afd72707f8b9a444f8d7d48/html5/thumbnails/3.jpg)
SDN Adoption Rates
• By the end of 2016, more than 10,000 enterprises worldwide will
have deployed SDN in their networks (Gartner, 2014)
• 75% of the surveyed companies planned on SDN deployments in
the next 5 years (Gartner, 2014)
• The worldwide SDN market will reach $8 billion by 2018
(International Data Corporation, 2014)(International Data Corporation, 2014)
![Page 4: Taxonomic Modeling of Security Threats in Software … Threats in Software Defined Networking ... Security of SDN ... us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pptx](https://reader034.vdocuments.site/reader034/viewer/2022051602/5afd72707f8b9a444f8d7d48/html5/thumbnails/4.jpg)
Security of SDN
• Limited knowledge on SDN vulnerabilities, threats, and attacks
• Increased architecture complexity => increased risk
• Vendors jumping on the SDN bandwagon => no time for secure
SDLC
• No existing SDN threat identification framework
![Page 5: Taxonomic Modeling of Security Threats in Software … Threats in Software Defined Networking ... Security of SDN ... us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pptx](https://reader034.vdocuments.site/reader034/viewer/2022051602/5afd72707f8b9a444f8d7d48/html5/thumbnails/5.jpg)
SDN Attack Surface
APP APP APP
CTRL CTRL CTRLMGR
NBI
Application
Plane
Controller
Management
APP: application
CTRL: controller
NE: network element
MGR: manager
CTRL CTRL CTRL
NE NE NE
MGR
SBI
EWBI
Controller
Plane
Data
Plane
MGISBI: Southbound interface
EWI: east/westbound interface
NBI: northbound interface
MGI: management interface
![Page 6: Taxonomic Modeling of Security Threats in Software … Threats in Software Defined Networking ... Security of SDN ... us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pptx](https://reader034.vdocuments.site/reader034/viewer/2022051602/5afd72707f8b9a444f8d7d48/html5/thumbnails/6.jpg)
SDN Threat Characterization
• Threat source - source triggering the vulnerability
• Vulnerability source - a SDN component where the vulnerability
arises
• Threat action - by which a threat is carried out
Threat SourceVulnerability
SourceThreat Action
![Page 7: Taxonomic Modeling of Security Threats in Software … Threats in Software Defined Networking ... Security of SDN ... us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pptx](https://reader034.vdocuments.site/reader034/viewer/2022051602/5afd72707f8b9a444f8d7d48/html5/thumbnails/7.jpg)
Threat Sources
Non-SDNAPP APP APP
CTRL CTRL CTRLMGR CTRL
ROGUE
CTRL CTRL CTRL
NE NE NE
MGR CTRL
NE
APP: application
CTRL: controller
NE: network element
MGR: manager
![Page 8: Taxonomic Modeling of Security Threats in Software … Threats in Software Defined Networking ... Security of SDN ... us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pptx](https://reader034.vdocuments.site/reader034/viewer/2022051602/5afd72707f8b9a444f8d7d48/html5/thumbnails/8.jpg)
Vulnerability Sources
APP APP APP
CTRL CTRL CTRLMGR
NE NE NE
APP: application
CTRL: controller
NE: network element
MGR: manager
![Page 9: Taxonomic Modeling of Security Threats in Software … Threats in Software Defined Networking ... Security of SDN ... us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pptx](https://reader034.vdocuments.site/reader034/viewer/2022051602/5afd72707f8b9a444f8d7d48/html5/thumbnails/9.jpg)
Threat Actions
• “A threat is any event with the potential to adversely impact
organizational operations and assets … through an information
system via unauthorized access, destruction, disclosure, or
modification of information, and/or denial of service.” - NIST
Special Publication 800-30
• Threat Actions:• Threat Actions:
• Unauthorized access (ACC)
• Unauthorized disclosure (DISC)
• Unauthorized modification (MOD)
• Disruption of service (DISR)
• Unauthorized destruction (DEST)
![Page 10: Taxonomic Modeling of Security Threats in Software … Threats in Software Defined Networking ... Security of SDN ... us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pptx](https://reader034.vdocuments.site/reader034/viewer/2022051602/5afd72707f8b9a444f8d7d48/html5/thumbnails/10.jpg)
Many-To-Many Relationships
Vulnerability SourceThreat Source Threat Action
EXTAPP
ACC
APP
NBI
CTRLDISC
CTRL
MOD
NE
EWI
DISRMGR
SBI
DESTROG
NE
MGR
MGI
![Page 11: Taxonomic Modeling of Security Threats in Software … Threats in Software Defined Networking ... Security of SDN ... us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pptx](https://reader034.vdocuments.site/reader034/viewer/2022051602/5afd72707f8b9a444f8d7d48/html5/thumbnails/11.jpg)
Unauthorized Access
EXT ACC MGR
An attacker conducts a password brute-forcing or
password guessing attack
Non-SDNAPP APP APP
CTRL CTRL CTRL
NE NE NE
MGR
![Page 12: Taxonomic Modeling of Security Threats in Software … Threats in Software Defined Networking ... Security of SDN ... us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pptx](https://reader034.vdocuments.site/reader034/viewer/2022051602/5afd72707f8b9a444f8d7d48/html5/thumbnails/12.jpg)
Unauthorized Access
MGR ACC APP
An attacker exploits a software vulnerability to achieve
unauthorized access
APP APP APP
CTRL CTRL CTRL
NE NE NE
MGR
![Page 13: Taxonomic Modeling of Security Threats in Software … Threats in Software Defined Networking ... Security of SDN ... us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pptx](https://reader034.vdocuments.site/reader034/viewer/2022051602/5afd72707f8b9a444f8d7d48/html5/thumbnails/13.jpg)
Disclosure of Information
APP DISC APP
An attacker scans the physical memory to extract flow
rules
APP APP APP
CTRLCTRLCTRL
NE NE NE
MGR
![Page 14: Taxonomic Modeling of Security Threats in Software … Threats in Software Defined Networking ... Security of SDN ... us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pptx](https://reader034.vdocuments.site/reader034/viewer/2022051602/5afd72707f8b9a444f8d7d48/html5/thumbnails/14.jpg)
Disclosure of Information
NBIDISCAPP
An attacker exploits an API vulnerability to harvest
information about flow rules
APPAPPAPP
CTRL CTRL CTRL
NE NE NE
MGR
![Page 15: Taxonomic Modeling of Security Threats in Software … Threats in Software Defined Networking ... Security of SDN ... us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pptx](https://reader034.vdocuments.site/reader034/viewer/2022051602/5afd72707f8b9a444f8d7d48/html5/thumbnails/15.jpg)
Unauthorized Destruction
NBIDESTAPP
An attacker exploits an API vulnerability to delete flows
APPAPPAPP
CTRL CTRL CTRL
NE NE NE
MGR
![Page 16: Taxonomic Modeling of Security Threats in Software … Threats in Software Defined Networking ... Security of SDN ... us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pptx](https://reader034.vdocuments.site/reader034/viewer/2022051602/5afd72707f8b9a444f8d7d48/html5/thumbnails/16.jpg)
Unauthorized Access
APPAPP ACC
An attacker with limited privileges exploits a software
vulnerability to escalate her privileges
APP APP APP
CTRLCTRLCTRL
NE NE NE
MGR
![Page 17: Taxonomic Modeling of Security Threats in Software … Threats in Software Defined Networking ... Security of SDN ... us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pptx](https://reader034.vdocuments.site/reader034/viewer/2022051602/5afd72707f8b9a444f8d7d48/html5/thumbnails/17.jpg)
Disclosure of Information
APP DISC EWBI
An attacker intercepts communications to gain access to
transmitted information
APP APP APP
CTRL CTRL CTRL
NE NE NE
MGR
![Page 18: Taxonomic Modeling of Security Threats in Software … Threats in Software Defined Networking ... Security of SDN ... us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pptx](https://reader034.vdocuments.site/reader034/viewer/2022051602/5afd72707f8b9a444f8d7d48/html5/thumbnails/18.jpg)
Unauthorized Modification
NEMODROG
ROGUE
An attacker conducts an identity spoofing attack
APP APP APP
CTRL CTRL CTRL
NE NE NE
MGR
ROGUE
CTRL
![Page 19: Taxonomic Modeling of Security Threats in Software … Threats in Software Defined Networking ... Security of SDN ... us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pptx](https://reader034.vdocuments.site/reader034/viewer/2022051602/5afd72707f8b9a444f8d7d48/html5/thumbnails/19.jpg)
Disruption of Service
MGR DISR
NE
CTRL
An attacker exploits a software vulnerability to cause DoS
APP APP APP
CTRL CTRL CTRL
NE NE NE
MGR
![Page 20: Taxonomic Modeling of Security Threats in Software … Threats in Software Defined Networking ... Security of SDN ... us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pptx](https://reader034.vdocuments.site/reader034/viewer/2022051602/5afd72707f8b9a444f8d7d48/html5/thumbnails/20.jpg)
Disclosure of Information
NEMGR DISC
A attacker tries to determine if a flow rule exists using a
side channel attack
APP APP APP
CTRL CTRL CTRL
NE NE NE
MGR
![Page 21: Taxonomic Modeling of Security Threats in Software … Threats in Software Defined Networking ... Security of SDN ... us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pptx](https://reader034.vdocuments.site/reader034/viewer/2022051602/5afd72707f8b9a444f8d7d48/html5/thumbnails/21.jpg)
Disruption of Service
CTRLDISRNE
The attacker leverages a compromised network element to flood
a controller
APP APP APP
CTRL CTRL CTRL
NE NE NE
MGR
![Page 22: Taxonomic Modeling of Security Threats in Software … Threats in Software Defined Networking ... Security of SDN ... us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pptx](https://reader034.vdocuments.site/reader034/viewer/2022051602/5afd72707f8b9a444f8d7d48/html5/thumbnails/22.jpg)
Unauthorized Modification
CTRLMODNE
A malicious user attempts to poison the controller’s view of
the network topology
APP APP APP
CTRL CTRL CTRL
NE NE NE
MGR
![Page 23: Taxonomic Modeling of Security Threats in Software … Threats in Software Defined Networking ... Security of SDN ... us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pptx](https://reader034.vdocuments.site/reader034/viewer/2022051602/5afd72707f8b9a444f8d7d48/html5/thumbnails/23.jpg)
Threat Mitigation
• Determine what threats have to be mitigated
• Specify security requirements to address the threats
• Implement the mitigation measures
![Page 24: Taxonomic Modeling of Security Threats in Software … Threats in Software Defined Networking ... Security of SDN ... us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pptx](https://reader034.vdocuments.site/reader034/viewer/2022051602/5afd72707f8b9a444f8d7d48/html5/thumbnails/24.jpg)
Threat Mitigation Examples
TH: Conduct brute force login attempts/password guessing attacks against the
management console
SR: A management console shall not allow any user to successfully use a
password guessing attack to gain unauthorized access
MM: All vendor default passwords for management consoles should be
changed
TH: Exploit a known information disclosure vulnerability in the NBITH: Exploit a known information disclosure vulnerability in the NBI
SR: An application shall not allow any user to successfully exploit a
vulnerability to access information which the user is not authorized to
access
MM: All application server patches should be applied in a timely manner
.
![Page 25: Taxonomic Modeling of Security Threats in Software … Threats in Software Defined Networking ... Security of SDN ... us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pptx](https://reader034.vdocuments.site/reader034/viewer/2022051602/5afd72707f8b9a444f8d7d48/html5/thumbnails/25.jpg)
Threat Mitigation Examples
TH: Conduct communications interception attack against the EWI
SR: The east/west bound interface shall not allow unauthorized users to
eavesdrop on network communications between the controllers
MM: The east/west bound communication channels should be protected using
strong cryptography
TH: Cause a denial of service on a controller
SR: A controller shall not allow any network element to successfully use a SR: A controller shall not allow any network element to successfully use a
denial of service attack to reduce its availability
MM: Rate limiting and packet dropping at the controller plane to avoid denial
of service attacks. Specific rules should be installed on the network
elements where the attack is being originated.
![Page 26: Taxonomic Modeling of Security Threats in Software … Threats in Software Defined Networking ... Security of SDN ... us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pptx](https://reader034.vdocuments.site/reader034/viewer/2022051602/5afd72707f8b9a444f8d7d48/html5/thumbnails/26.jpg)
High-Level Recommendations
• Allow only required ports and services in the controller
• Limit the number of accounts requiring direct access to the controller
• Implement HA controller architecture
• Integrate the SDN specific user accounts with the enterprise IM infrastructure
• Place the management interfaces in a dedicated virtual network segment
• Implement SDN patch management practices• Implement SDN patch management practices
• Use strong encryption to protect SDN communication channels
• Follow secure coding practices for all applications
• Validate NE flow tables against the controller to identify discrepancies
• Implement integrity checks on controllers
• Implement security monitoring and security policy enforcement of SDN
elements
• Enable logging and audit trails
![Page 27: Taxonomic Modeling of Security Threats in Software … Threats in Software Defined Networking ... Security of SDN ... us-15-Hizver-Taxonomic-Modeling-Of-Security-Threats-In-Software-Defined-Networking.pptx](https://reader034.vdocuments.site/reader034/viewer/2022051602/5afd72707f8b9a444f8d7d48/html5/thumbnails/27.jpg)
BlackHat Sound Bytes
• Our current knowledge on SDN threats and attacks is limited. To
better anticipate potential SDN threats at the early design stage,
enterprises could use the presented SDN threat model
• The proposed framework could be further extended by
incorporating the details of specific SDN designs. It could also serve
as a foundation for planning and carrying out SDN penetration as a foundation for planning and carrying out SDN penetration
tests
• The model enables comprehensive development of security
requirements and mitigation measures to increase the state of
preparedness in the event of attacks on SDN