Taking Control of SDN-based Cloud Systems via the Data Plane

Kashyap Thimmaraju, Bhargava Shastry, Tobias Fiebig, Felicitas Hetzelt, Jean-Pierre Seifert, Anja Feldmann, Stefan Schmid

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

20 Citations (Scopus)
272 Downloads (Pure)


Virtual switches are a crucial component of SDN-based cloud systems, enabling the interconnection of virtual machines in a flexible and “software-defined” manner. This paper raises the alarm on the security implications of virtual switches. In particular, we show that virtual switches not only increase the attack surface of the cloud, but virtual switch vulnerabilities can also lead to attacks of much higher impact compared to traditional switches. We present a systematic security analysis and identify four design decisions which introduce vulnerabilities. Our findings motivate us to revisit existing threat models for SDN-based cloud setups, and introduce a new attacker model for SDN-based cloud systems using virtual switches.
Original languageEnglish
Title of host publicationProceedings of ACM Symposium on SDN Research (SOSR)
PublisherAssociation for Computing Machinery (ACM)
Number of pages15
Publication statusPublished - 2018
EventACM Symposium on SDN Research (SOSR) - Los Angeles, United States
Duration: 28 Mar 201829 Mar 2018


ConferenceACM Symposium on SDN Research (SOSR)
CountryUnited States
CityLos Angeles


Dive into the research topics of 'Taking Control of SDN-based Cloud Systems via the Data Plane'. Together they form a unique fingerprint.

Cite this