Taking Control of SDN-based Cloud Systems via the Data Plane

Kashyap Thimmaraju; Bhargava Shastry; Tobias Fiebig; Felicitas Hetzelt; Jean-Pierre Seifert; Anja Feldmann; Stefan Schmid

doi:10.1145/3185467.3185468

Taking Control of SDN-based Cloud Systems via the Data Plane

Kashyap Thimmaraju, Bhargava Shastry, Tobias Fiebig, Felicitas Hetzelt, Jean-Pierre Seifert, Anja Feldmann, Stefan Schmid

Information and Communication Technology

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

31 Citations (Scopus)

488 Downloads (Pure)

Abstract

Virtual switches are a crucial component of SDN-based cloud systems, enabling the interconnection of virtual machines in a flexible and “software-defined” manner. This paper raises the alarm on the security implications of virtual switches. In particular, we show that virtual switches not only increase the attack surface of the cloud, but virtual switch vulnerabilities can also lead to attacks of much higher impact compared to traditional switches. We present a systematic security analysis and identify four design decisions which introduce vulnerabilities. Our findings motivate us to revisit existing threat models for SDN-based cloud setups, and introduce a new attacker model for SDN-based cloud systems using virtual switches.

Original language	English
Title of host publication	Proceedings of ACM Symposium on SDN Research (SOSR)
Publisher	Association for Computing Machinery (ACM)
Pages	1-15
Number of pages	15
DOIs	https://doi.org/10.1145/3185467.3185468
Publication status	Published - 2018
Event	ACM Symposium on SDN Research (SOSR) - Los Angeles, United States Duration: 28 Mar 2018 → 29 Mar 2018

Conference

Conference	ACM Symposium on SDN Research (SOSR)
Country/Territory	United States
City	Los Angeles
Period	28/03/18 → 29/03/18

Access to Document

10.1145/3185467.3185468

sosr18Accepted author manuscript, 915 KBLicence: Unspecified

Cite this

@inproceedings{8b24d59fdaeb4663a1b8c41c22abd880,

title = "Taking Control of SDN-based Cloud Systems via the Data Plane",

abstract = "Virtual switches are a crucial component of SDN-based cloud systems, enabling the interconnection of virtual machines in a flexible and “software-defined” manner. This paper raises the alarm on the security implications of virtual switches. In particular, we show that virtual switches not only increase the attack surface of the cloud, but virtual switch vulnerabilities can also lead to attacks of much higher impact compared to traditional switches. We present a systematic security analysis and identify four design decisions which introduce vulnerabilities. Our findings motivate us to revisit existing threat models for SDN-based cloud setups, and introduce a new attacker model for SDN-based cloud systems using virtual switches. ",

author = "Kashyap Thimmaraju and Bhargava Shastry and Tobias Fiebig and Felicitas Hetzelt and Jean-Pierre Seifert and Anja Feldmann and Stefan Schmid",

year = "2018",

doi = "10.1145/3185467.3185468",

language = "English",

pages = "1--15",

booktitle = "Proceedings of ACM Symposium on SDN Research (SOSR)",

publisher = "Association for Computing Machinery (ACM)",

address = "United States",

note = "ACM Symposium on SDN Research (SOSR) ; Conference date: 28-03-2018 Through 29-03-2018",

}

Thimmaraju, K, Shastry, B, Fiebig, T, Hetzelt, F, Seifert, J-P, Feldmann, A & Schmid, S 2018, Taking Control of SDN-based Cloud Systems via the Data Plane. in Proceedings of ACM Symposium on SDN Research (SOSR). Association for Computing Machinery (ACM), pp. 1-15, ACM Symposium on SDN Research (SOSR), Los Angeles, United States, 28/03/18. https://doi.org/10.1145/3185467.3185468

TY - GEN

T1 - Taking Control of SDN-based Cloud Systems via the Data Plane

AU - Thimmaraju, Kashyap

AU - Shastry, Bhargava

AU - Fiebig, Tobias

AU - Hetzelt, Felicitas

AU - Seifert, Jean-Pierre

AU - Feldmann, Anja

AU - Schmid, Stefan

PY - 2018

Y1 - 2018

N2 - Virtual switches are a crucial component of SDN-based cloud systems, enabling the interconnection of virtual machines in a flexible and “software-defined” manner. This paper raises the alarm on the security implications of virtual switches. In particular, we show that virtual switches not only increase the attack surface of the cloud, but virtual switch vulnerabilities can also lead to attacks of much higher impact compared to traditional switches. We present a systematic security analysis and identify four design decisions which introduce vulnerabilities. Our findings motivate us to revisit existing threat models for SDN-based cloud setups, and introduce a new attacker model for SDN-based cloud systems using virtual switches.

AB - Virtual switches are a crucial component of SDN-based cloud systems, enabling the interconnection of virtual machines in a flexible and “software-defined” manner. This paper raises the alarm on the security implications of virtual switches. In particular, we show that virtual switches not only increase the attack surface of the cloud, but virtual switch vulnerabilities can also lead to attacks of much higher impact compared to traditional switches. We present a systematic security analysis and identify four design decisions which introduce vulnerabilities. Our findings motivate us to revisit existing threat models for SDN-based cloud setups, and introduce a new attacker model for SDN-based cloud systems using virtual switches.

UR - http://resolver.tudelft.nl/uuid:8b24d59f-daeb-4663-a1b8-c41c22abd880

U2 - 10.1145/3185467.3185468

DO - 10.1145/3185467.3185468

M3 - Conference contribution

SP - 1

EP - 15

BT - Proceedings of ACM Symposium on SDN Research (SOSR)

PB - Association for Computing Machinery (ACM)

T2 - ACM Symposium on SDN Research (SOSR)

Y2 - 28 March 2018 through 29 March 2018

ER -

Taking Control of SDN-based Cloud Systems via the Data Plane

Abstract

Conference

Access to Document

Other files and links

Fingerprint

Cybersecurity (TPM)

Cite this

Taking Control of SDN-based Cloud Systems via the Data Plane

Abstract

Conference

Access to Document

Other files and links

Fingerprint

Projects

Cybersecurity (TPM)

Cite this