SDN-Guard: Protecting SDN Controllers Against SDN Rootkits

Dennis Tatang, Florian Quinkert, Joel Frank, Christian Röpke, Thorsten Holz

IEEE Workshop on Security in NFV-SDN (SN-2017), Berlin, November 2017


Software-defined networking (SDN) addresses pressing networking problems such as network virtualization and data center complexity. By separating the control plane from the data plane, SDN introduces a new abstraction layer. This new abstraction layer is typically implemented by means of a so-called SDN controller. SDN applications can interact with the controller to ensure network functionality. This new paradigm has multiple advantages, particularly in the fields of network automation and security. Recent work, however, has shown that existing SDN solutions lack adequate security properties; in particular, SDN rootkits allow attackers to take over entire networks by compromising SDN controllers.

In this paper, we present SDN-Guard, a novel system for detecting and mitigating SDN rootkits. The basic idea is to perform a dual-view comparison that detects malicious network programming attempts. An evaluation of our system demonstrates both its effectiveness and its flexibility in terms of application, along with its relatively small performance overhead.


tags: SDN