首页 > 最新文献

Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization最新文献

英文 中文
SHIELD: An Automated Framework for Static Analysis of SDN Applications SHIELD:用于SDN应用静态分析的自动化框架
Chanhee Lee, Seungwon Shin
Software-Defined Network (SDN) is getting popular and increasingly deployed in both of academia and industry. As a result of which, its security issue is being magnified as a critical controversy, and some pioneering researchers have investigated the vulnerabilities of SDN to discover the feasibility of compromising SDN networks. Especially, they prove that a simple malicious/buggy SDN application running on an SDN controller can kill an SDN control plane because it usually has a right to access the resources of SDN controller. To address this issue, we focus on the malicious SDN application themselves (i.e., how to understand if an SDN application is malicious). In this context, we consider analyzing SDN applications before running in a static manner. We present SHIELD, a new automated framework for static analysis of SDN applications carefully considering SDN abilities. SHIELD provides the Control-Flow Graph (CFG) and critical flows of SDN applications. We evaluate the effectiveness of SHIELD with 33 real world applications (both benign and malicious applications), and from the results, we define 10 malicious behaviors of SDN applications.
软件定义网络(SDN)在学术界和工业界都得到了广泛的应用。因此,其安全问题被放大为一个关键的争议,一些开创性的研究人员对SDN的漏洞进行了研究,以发现破坏SDN网络的可行性。特别是,他们证明了运行在SDN控制器上的一个简单的恶意/错误的SDN应用程序可以杀死SDN控制平面,因为它通常有权访问SDN控制器的资源。为了解决这个问题,我们将重点放在恶意SDN应用程序本身(即,如何理解SDN应用程序是否恶意)。在这种情况下,我们考虑在以静态方式运行之前分析SDN应用程序。我们提出SHIELD,一个新的自动化框架,用于静态分析SDN应用程序,仔细考虑SDN功能。SHIELD提供SDN应用的控制流图(CFG)和关键流。我们用33个实际应用(包括良性和恶意应用)评估了SHIELD的有效性,并从结果中定义了SDN应用的10种恶意行为。
{"title":"SHIELD: An Automated Framework for Static Analysis of SDN Applications","authors":"Chanhee Lee, Seungwon Shin","doi":"10.1145/2876019.2876026","DOIUrl":"https://doi.org/10.1145/2876019.2876026","url":null,"abstract":"Software-Defined Network (SDN) is getting popular and increasingly deployed in both of academia and industry. As a result of which, its security issue is being magnified as a critical controversy, and some pioneering researchers have investigated the vulnerabilities of SDN to discover the feasibility of compromising SDN networks. Especially, they prove that a simple malicious/buggy SDN application running on an SDN controller can kill an SDN control plane because it usually has a right to access the resources of SDN controller. To address this issue, we focus on the malicious SDN application themselves (i.e., how to understand if an SDN application is malicious). In this context, we consider analyzing SDN applications before running in a static manner. We present SHIELD, a new automated framework for static analysis of SDN applications carefully considering SDN abilities. SHIELD provides the Control-Flow Graph (CFG) and critical flows of SDN applications. We evaluate the effectiveness of SHIELD with 33 real world applications (both benign and malicious applications), and from the results, we define 10 malicious behaviors of SDN applications.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127261699","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 22
Taking the Surprise out of Changes to a Bro Setup 从兄弟设置的变化中获得惊喜
Matthew Monaco, Alex Tsankov, Eric Keller
With network functions virtualization, an organization gains an ability to provide a much more agile security infrastructure. In this paper we focus on vulnerabilities and challenges created by this new flexibility itself. In particular, using Bro as a case study, we present i) a framework for testing Bro scripts using a packet traces, ii) a complementary framework for testing the performance impact of Bro scripts, iii) a continuous integration system for triggering automatic testing in response to code changes. With this system, security administrators are protected against logic errors in new and modified scripts as well as performance degradation.
通过网络功能虚拟化,组织获得了提供更加敏捷的安全基础设施的能力。在本文中,我们将重点讨论这种新的灵活性本身所带来的脆弱性和挑战。特别是,使用Bro作为案例研究,我们提出i)一个使用包跟踪测试Bro脚本的框架,ii)一个用于测试Bro脚本的性能影响的补充框架,iii)一个用于触发响应代码更改的自动测试的持续集成系统。使用此系统,安全管理员可以避免新脚本和修改脚本中的逻辑错误以及性能下降。
{"title":"Taking the Surprise out of Changes to a Bro Setup","authors":"Matthew Monaco, Alex Tsankov, Eric Keller","doi":"10.1145/2876019.2876031","DOIUrl":"https://doi.org/10.1145/2876019.2876031","url":null,"abstract":"With network functions virtualization, an organization gains an ability to provide a much more agile security infrastructure. In this paper we focus on vulnerabilities and challenges created by this new flexibility itself. In particular, using Bro as a case study, we present i) a framework for testing Bro scripts using a packet traces, ii) a complementary framework for testing the performance impact of Bro scripts, iii) a continuous integration system for triggering automatic testing in response to code changes. With this system, security administrators are protected against logic errors in new and modified scripts as well as performance degradation.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130909552","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
vTC: Machine Learning Based Traffic Classification as a Virtual Network Function 基于机器学习的流量分类作为虚拟网络功能
Lu He, Chen Xu, Yan Luo
Network flow classification is fundamental to network management and network security. However, it is challenging to classify network flows at very high line rates while simultaneously preserving user privacy. Machine learning based classification techniques utilize only meta-information of a flow and have been shown to be effective in identifying network flows. We analyze a group of widely used machine learning classifiers, and observe that the effectiveness of different classification models depends highly upon the protocol types as well as the flow features collected from network data.We propose vTC, a design of virtual network functions to flexibly select and apply the best suitable machine learning classifiers at run time. The experimental results show that the proposed NFV for flow classification can improve the accuracy of classification by up to 13%.
网络流分类是网络管理和网络安全的基础。然而,在保持用户隐私的同时,以非常高的线路速率对网络流进行分类是具有挑战性的。基于机器学习的分类技术仅利用流的元信息,并且已被证明在识别网络流方面是有效的。我们分析了一组广泛使用的机器学习分类器,并观察到不同分类模型的有效性在很大程度上取决于协议类型以及从网络数据中收集的流特征。为了在运行时灵活地选择和应用最适合的机器学习分类器,我们提出了虚拟网络函数的vTC设计。实验结果表明,该方法可将流量分类的准确率提高13%。
{"title":"vTC: Machine Learning Based Traffic Classification as a Virtual Network Function","authors":"Lu He, Chen Xu, Yan Luo","doi":"10.1145/2876019.2876029","DOIUrl":"https://doi.org/10.1145/2876019.2876029","url":null,"abstract":"Network flow classification is fundamental to network management and network security. However, it is challenging to classify network flows at very high line rates while simultaneously preserving user privacy. Machine learning based classification techniques utilize only meta-information of a flow and have been shown to be effective in identifying network flows. We analyze a group of widely used machine learning classifiers, and observe that the effectiveness of different classification models depends highly upon the protocol types as well as the flow features collected from network data.We propose vTC, a design of virtual network functions to flexibly select and apply the best suitable machine learning classifiers at run time. The experimental results show that the proposed NFV for flow classification can improve the accuracy of classification by up to 13%.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123697218","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 30
The Smaller, the Shrewder: A Simple Malicious Application Can Kill an Entire SDN Environment 越小越精明:一个简单的恶意应用程序可以杀死整个SDN环境
Seungsoo Lee, Changhoon Yoon, Seungwon Shin
Security vulnerability assessment is an important process that must be conducted against any system before the deployment, and emerging technologies are no exceptions. Software-Defined Networking (SDN) has aggressively evolved in the past few years and is now almost at the early adoption stage. At this stage, the attack surface of SDN should be thoroughly investigated and assessed in order to mitigate possible security breaches against SDN. Inspired by the necessity, we reveal three attack scenarios that leverage SDN application to attack SDNs, and test the attack scenarios against three of the most popular SDN controllers available today. In addition, we discuss the possible defense mechanisms against such application-originated attacks.
安全漏洞评估是一个重要的过程,必须在部署之前针对任何系统进行,新兴技术也不例外。软件定义网络(SDN)在过去几年中迅猛发展,现在几乎处于早期采用阶段。在这个阶段,应该彻底调查和评估SDN的攻击面,以减轻对SDN可能存在的安全漏洞。受必要性的启发,我们揭示了利用SDN应用程序攻击SDN的三种攻击场景,并针对当今最流行的三种SDN控制器测试了攻击场景。此外,我们还讨论了针对此类应用程序发起的攻击的可能防御机制。
{"title":"The Smaller, the Shrewder: A Simple Malicious Application Can Kill an Entire SDN Environment","authors":"Seungsoo Lee, Changhoon Yoon, Seungwon Shin","doi":"10.1145/2876019.2876024","DOIUrl":"https://doi.org/10.1145/2876019.2876024","url":null,"abstract":"Security vulnerability assessment is an important process that must be conducted against any system before the deployment, and emerging technologies are no exceptions. Software-Defined Networking (SDN) has aggressively evolved in the past few years and is now almost at the early adoption stage. At this stage, the attack surface of SDN should be thoroughly investigated and assessed in order to mitigate possible security breaches against SDN. Inspired by the necessity, we reveal three attack scenarios that leverage SDN application to attack SDNs, and test the attack scenarios against three of the most popular SDN controllers available today. In addition, we discuss the possible defense mechanisms against such application-originated attacks.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121789942","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 45
Leveraging SDN to Improve the Security of DHCP 利用SDN提高DHCP的安全性
Jacob H. Cox, R. Clark, H. Owen
Current State of the art technologies for detecting and neutralizing rogue DHCP servers are tediously complex and prone to error. Network operators can spend hours (even days) before realizing that a rogue server is affecting their network. Additionally, once network operators suspect that a rogue server is active on their network, even more hours can be spent finding the server's MAC address and preventing it from affecting other clients. Not only are such methods slow to eliminate rogue servers, they are also likely to affect other clients as network operators shutdown services while attempting to locate the server. In this paper, we present Network Flow Guard (NFG), a simple security application that utilizes the software defined networking (SDN) paradigm of programmable networks to detect and disable rogue servers before they are able to affect network clients. Consequently, the key contributions of NFG are its modular approach and its automated detection/prevention of rogue DHCP servers, which is accomplished with little impact to network architecture, protocols, and network operators.
目前用于检测和消除非法DHCP服务器的技术非常复杂,而且容易出错。网络运营商可能要花几个小时(甚至几天)才能意识到恶意服务器正在影响他们的网络。此外,一旦网络运营商怀疑恶意服务器在他们的网络上活跃,甚至可以花费更多的时间来查找服务器的MAC地址并防止它影响其他客户端。这种方法不仅无法消除恶意服务器,而且还可能影响其他客户端,因为网络运营商在试图定位服务器时关闭了服务。在本文中,我们介绍了网络流防护(NFG),这是一个简单的安全应用程序,它利用可编程网络的软件定义网络(SDN)范例,在流氓服务器能够影响网络客户端之前检测和禁用它们。因此,NFG的主要贡献在于它的模块化方法和自动检测/预防非法DHCP服务器,这对网络架构、协议和网络运营商的影响很小。
{"title":"Leveraging SDN to Improve the Security of DHCP","authors":"Jacob H. Cox, R. Clark, H. Owen","doi":"10.1145/2876019.2876028","DOIUrl":"https://doi.org/10.1145/2876019.2876028","url":null,"abstract":"Current State of the art technologies for detecting and neutralizing rogue DHCP servers are tediously complex and prone to error. Network operators can spend hours (even days) before realizing that a rogue server is affecting their network. Additionally, once network operators suspect that a rogue server is active on their network, even more hours can be spent finding the server's MAC address and preventing it from affecting other clients. Not only are such methods slow to eliminate rogue servers, they are also likely to affect other clients as network operators shutdown services while attempting to locate the server. In this paper, we present Network Flow Guard (NFG), a simple security application that utilizes the software defined networking (SDN) paradigm of programmable networks to detect and disable rogue servers before they are able to affect network clients. Consequently, the key contributions of NFG are its modular approach and its automated detection/prevention of rogue DHCP servers, which is accomplished with little impact to network architecture, protocols, and network operators.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"2013 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125674645","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 16
HoneyMix: Toward SDN-based Intelligent Honeynet HoneyMix:迈向基于sdn的智能蜜网
Wonkyu Han, Ziming Zhao, Adam Doupé, Gail-Joon Ahn
Honeynet is a collection of honeypots that are set up to attract as many attackers as possible to learn about their patterns, tactics, and behaviors. However, existing honeypots suffer from a variety of fingerprinting techniques, and the current honeynet architecture does not fully utilize features of residing honeypots due to its coarse-grained data control mechanisms. To address these challenges, we propose an SDN-based intelligent honeynet called HoneyMix. HoneyMix leverages the rich programmability of SDN to circumvent attackers' detection mechanisms and enables fine-grained data control for honeynet. To do this, HoneyMix simultaneously establishes multiple connections with a set of honeypots and selects the most desirable connection to inspire attackers to remain connected. In this paper, we present the HoneyMix architecture and a description of its core components.
Honeynet是一个蜜罐的集合,旨在吸引尽可能多的攻击者了解他们的模式、策略和行为。然而,现有的蜜罐受到各种指纹识别技术的影响,目前的蜜网架构由于其粗粒度的数据控制机制而没有充分利用驻留蜜罐的特性。为了应对这些挑战,我们提出了一个基于sdn的智能蜜网,称为HoneyMix。HoneyMix利用SDN丰富的可编程性来规避攻击者的检测机制,并为蜜网提供细粒度的数据控制。为此,HoneyMix同时与一组蜜罐建立多个连接,并选择最理想的连接来激励攻击者保持连接。在本文中,我们介绍了HoneyMix架构及其核心组件的描述。
{"title":"HoneyMix: Toward SDN-based Intelligent Honeynet","authors":"Wonkyu Han, Ziming Zhao, Adam Doupé, Gail-Joon Ahn","doi":"10.1145/2876019.2876022","DOIUrl":"https://doi.org/10.1145/2876019.2876022","url":null,"abstract":"Honeynet is a collection of honeypots that are set up to attract as many attackers as possible to learn about their patterns, tactics, and behaviors. However, existing honeypots suffer from a variety of fingerprinting techniques, and the current honeynet architecture does not fully utilize features of residing honeypots due to its coarse-grained data control mechanisms. To address these challenges, we propose an SDN-based intelligent honeynet called HoneyMix. HoneyMix leverages the rich programmability of SDN to circumvent attackers' detection mechanisms and enables fine-grained data control for honeynet. To do this, HoneyMix simultaneously establishes multiple connections with a set of honeypots and selects the most desirable connection to inspire attackers to remain connected. In this paper, we present the HoneyMix architecture and a description of its core components.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124305816","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 52
Timing SDN Control Planes to Infer Network Configurations 定时SDN控制平面来推断网络配置
J. Sonchack, Adam J. Aviv, Eric Keller
In this paper, we study information leakage by control planes of Software Defined Networks. We find that the response time of an OpenFlow control plane depends on its workload, and we develop an inference attack that an adversary with control of a single host could use to learn about network configurations without needing to compromise any network infrastructure (i.e. switches or controller servers). We also demonstrate that our inference attack works on real OpenFlow hardware. To our knowledge, no previous work has evaluated OpenFlow inference attacks outside of simulation.
本文研究了软件定义网络控制平面的信息泄漏问题。我们发现OpenFlow控制平面的响应时间取决于其工作负载,并且我们开发了一种推理攻击,具有单个主机控制的对手可以使用该攻击来了解网络配置,而无需损害任何网络基础设施(即交换机或控制器服务器)。我们还证明了我们的推理攻击可以在真实的OpenFlow硬件上工作。据我们所知,之前没有工作评估过模拟之外的OpenFlow推理攻击。
{"title":"Timing SDN Control Planes to Infer Network Configurations","authors":"J. Sonchack, Adam J. Aviv, Eric Keller","doi":"10.1145/2876019.2876030","DOIUrl":"https://doi.org/10.1145/2876019.2876030","url":null,"abstract":"In this paper, we study information leakage by control planes of Software Defined Networks. We find that the response time of an OpenFlow control plane depends on its workload, and we develop an inference attack that an adversary with control of a single host could use to learn about network configurations without needing to compromise any network infrastructure (i.e. switches or controller servers). We also demonstrate that our inference attack works on real OpenFlow hardware. To our knowledge, no previous work has evaluated OpenFlow inference attacks outside of simulation.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126656677","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 26
S-NFV: Securing NFV states by using SGX S-NFV:通过使用SGX保护NFV状态
Ming-Wei Shih, Mohan Kumar, Taesoo Kim, Ada Gavrilovska
Network Function Virtualization (NFV) applications are stateful. For example, a Content Distribution Network (CDN) caches web contents from remote servers and serves them to clients. Similarly, an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS) have both per-flow and multi-flow (shared) states to properly react to intrusions. On today's NFV infrastructures, security vulnerabilities many allow attackers to steal and manipulate the internal states of NFV applications that share a physical resource. In this paper, we propose a new protection scheme, S-NFV that incorporates Intel Software Guard Extensions (Intel SGX) to securely isolate the states of NFV applications.
NFV (Network Function Virtualization)应用是有状态的。例如,CDN (Content Distribution Network)缓存来自远程服务器的web内容,并将其提供给客户端。类似地,入侵检测系统(IDS)和入侵防御系统(IPS)同时具有单流和多流(共享)状态,以正确响应入侵。在当今的NFV基础设施中,许多安全漏洞允许攻击者窃取和操纵共享物理资源的NFV应用程序的内部状态。在本文中,我们提出了一种新的保护方案,S-NFV,它结合了英特尔软件保护扩展(英特尔SGX)来安全隔离NFV应用程序的状态。
{"title":"S-NFV: Securing NFV states by using SGX","authors":"Ming-Wei Shih, Mohan Kumar, Taesoo Kim, Ada Gavrilovska","doi":"10.1145/2876019.2876032","DOIUrl":"https://doi.org/10.1145/2876019.2876032","url":null,"abstract":"Network Function Virtualization (NFV) applications are stateful. For example, a Content Distribution Network (CDN) caches web contents from remote servers and serves them to clients. Similarly, an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS) have both per-flow and multi-flow (shared) states to properly react to intrusions. On today's NFV infrastructures, security vulnerabilities many allow attackers to steal and manipulate the internal states of NFV applications that share a physical resource. In this paper, we propose a new protection scheme, S-NFV that incorporates Intel Software Guard Extensions (Intel SGX) to securely isolate the states of NFV applications.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122014615","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 108
HogMap: Using SDNs to Incentivize Collaborative Security Monitoring HogMap:使用sdn激励协同安全监控
Xiang Pan, V. Yegneswaran, Yan Chen, Phillip A. Porras, Seungwon Shin
Cyber Threat Intelligence (CTI) sharing facilitates a comprehensive understanding of adversary activity and enables enterprise networks to prioritize their cyber defense technologies. To that end, we introduce HogMap, a novel software-defined infrastructure that simplifies and incentivizes collaborative measurement and monitoring of cyber-threat activity. HogMap proposes to transform the cyber-threat monitoring landscape by integrating several novel SDN-enabled capabilities: (i) intelligent in-place filtering of malicious traffic, (ii) dynamic migration of interesting and extraordinary traffic and (iii) a software-defined marketplace where various parties can opportunistically subscribe to and publish cyber-threat intelligence services in a flexible manner. We present the architectural vision and summarize our preliminary experience in developing and operating an SDN-based HoneyGrid, which spans three enterprises and implements several of the enabling capabilities (e.g., traffic filtering, traffic forwarding and connection migration). We find that SDN technologies greatly simplify the design and deployment of such globally distributed and elastic HoneyGrids.
网络威胁情报(CTI)共享有助于全面了解对手的活动,使企业网络能够优先考虑其网络防御技术。为此,我们介绍了HogMap,这是一种新的软件定义的基础设施,可以简化和激励对网络威胁活动的协作测量和监测。HogMap提议通过集成几种新颖的sdn功能来改变网络威胁监控格局:(i)恶意流量的智能就地过滤,(ii)有趣和特殊流量的动态迁移,以及(iii)一个软件定义的市场,各方可以机会主义地以灵活的方式订阅和发布网络威胁情报服务。我们提出了架构愿景,并总结了我们在开发和运营基于sdn的HoneyGrid方面的初步经验,它跨越了三个企业,并实现了一些使能功能(例如,流量过滤、流量转发和连接迁移)。我们发现,SDN技术极大地简化了这种全球分布式和弹性蜂蜜网格的设计和部署。
{"title":"HogMap: Using SDNs to Incentivize Collaborative Security Monitoring","authors":"Xiang Pan, V. Yegneswaran, Yan Chen, Phillip A. Porras, Seungwon Shin","doi":"10.1145/2876019.2876023","DOIUrl":"https://doi.org/10.1145/2876019.2876023","url":null,"abstract":"Cyber Threat Intelligence (CTI) sharing facilitates a comprehensive understanding of adversary activity and enables enterprise networks to prioritize their cyber defense technologies. To that end, we introduce HogMap, a novel software-defined infrastructure that simplifies and incentivizes collaborative measurement and monitoring of cyber-threat activity. HogMap proposes to transform the cyber-threat monitoring landscape by integrating several novel SDN-enabled capabilities: (i) intelligent in-place filtering of malicious traffic, (ii) dynamic migration of interesting and extraordinary traffic and (iii) a software-defined marketplace where various parties can opportunistically subscribe to and publish cyber-threat intelligence services in a flexible manner. We present the architectural vision and summarize our preliminary experience in developing and operating an SDN-based HoneyGrid, which spans three enterprises and implements several of the enabling capabilities (e.g., traffic filtering, traffic forwarding and connection migration). We find that SDN technologies greatly simplify the design and deployment of such globally distributed and elastic HoneyGrids.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"44 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132920169","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
UNISAFE: A Union of Security Actions for Software Switches UNISAFE:软件交换机的安全行动联盟
Taejune Park, Yeonkeun Kim, Seungwon Shin
As Software-defined architectures, such as Software-Defined Networking (SDN) and Network Function Virtualization (NFV), are getting popular, the necessity of software-based switch (a.k.a., software switch) is also increasing because it can adopt new functions/features without much difficulty compared with hardware-based switches. Nowadays we can easily observe that researchers devise new network functions and embed them into a software switch. However, most those proposals are highly biased at network communities, and thus it is hard to find some trials of leveraging the abilities of a software switch for security. In this paper, we consider that how we can enrich security functions/features in software-defined environments, and in this context we propose a new software switch architecture - with the name of UNISAFE - that can enable diverse security actions. Furthermore, UNISAFE provides action clustering which joins UNISAFE actions of multiple-flows together. It makes that UNISAFE can check flows synthetically, and thus a user can establish effective security policies and save system resources. In addition, we describe the design and implementation of UNISAFE and suggest some use-cases for how UNISAFE works.
随着软件定义网络(SDN)和网络功能虚拟化(NFV)等软件定义架构的流行,基于软件的交换机(又称软件交换机)的必要性也在增加,因为与基于硬件的交换机相比,它可以轻松地采用新的功能/特性。现在我们很容易看到研究人员设计新的网络功能并将其嵌入到软件交换机中。然而,大多数这些建议在网络社区中都有很大的偏见,因此很难找到一些利用软件交换机的能力来提高安全性的试验。在本文中,我们考虑了如何在软件定义环境中丰富安全功能/特性,在此背景下,我们提出了一种新的软件交换机架构-名称为UNISAFE -可以实现多种安全操作。此外,UNISAFE提供动作集群,将多个流的UNISAFE动作连接在一起。使得UNISAFE能够对流量进行综合检测,从而帮助用户建立有效的安全策略,节约系统资源。此外,我们描述了UNISAFE的设计和实现,并提出了UNISAFE如何工作的一些用例。
{"title":"UNISAFE: A Union of Security Actions for Software Switches","authors":"Taejune Park, Yeonkeun Kim, Seungwon Shin","doi":"10.1145/2876019.2876025","DOIUrl":"https://doi.org/10.1145/2876019.2876025","url":null,"abstract":"As Software-defined architectures, such as Software-Defined Networking (SDN) and Network Function Virtualization (NFV), are getting popular, the necessity of software-based switch (a.k.a., software switch) is also increasing because it can adopt new functions/features without much difficulty compared with hardware-based switches. Nowadays we can easily observe that researchers devise new network functions and embed them into a software switch. However, most those proposals are highly biased at network communities, and thus it is hard to find some trials of leveraging the abilities of a software switch for security. In this paper, we consider that how we can enrich security functions/features in software-defined environments, and in this context we propose a new software switch architecture - with the name of UNISAFE - that can enable diverse security actions. Furthermore, UNISAFE provides action clustering which joins UNISAFE actions of multiple-flows together. It makes that UNISAFE can check flows synthetically, and thus a user can establish effective security policies and save system resources. In addition, we describe the design and implementation of UNISAFE and suggest some use-cases for how UNISAFE works.","PeriodicalId":107409,"journal":{"name":"Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131356046","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
期刊
Proceedings of the 2016 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1