TY - GEN
T1 - A survey on the verification of adversarial data planes in software-defined networks
AU - Black, Conor
AU - Scott-Hayward, Sandra
PY - 2021/4/28
Y1 - 2021/4/28
N2 - As network policies are becoming increasingly nuanced and complex, so too are the mechanisms required to ensure that the network is functioning as intended. In particular, since the dawn of software-defined networking and the shift towards high-level descriptions of intended network policy, traditional tools such as ping and traceroute have been insufficient to test that complex data plane configurations have been correctly implemented. As a result, novel data plane verification solutions have been proposed that use formal methods to ensure that network policies are adhered to and that the data plane is free of bugs. While the number of these verification solutions continues to grow, only a few are equipped to verify the data plane when a malicious adversary is present. As research continues to expand the remit of data plane functionality, these solutions may become key to securing an increasingly valuable attack target. In this survey, we review the work that has been dedicated to preventing and detecting attacks on data planes in software-defined networks and discuss some of the unsolved problems in this field that must be addressed in future adversarial verification solutions.
AB - As network policies are becoming increasingly nuanced and complex, so too are the mechanisms required to ensure that the network is functioning as intended. In particular, since the dawn of software-defined networking and the shift towards high-level descriptions of intended network policy, traditional tools such as ping and traceroute have been insufficient to test that complex data plane configurations have been correctly implemented. As a result, novel data plane verification solutions have been proposed that use formal methods to ensure that network policies are adhered to and that the data plane is free of bugs. While the number of these verification solutions continues to grow, only a few are equipped to verify the data plane when a malicious adversary is present. As research continues to expand the remit of data plane functionality, these solutions may become key to securing an increasingly valuable attack target. In this survey, we review the work that has been dedicated to preventing and detecting attacks on data planes in software-defined networks and discuss some of the unsolved problems in this field that must be addressed in future adversarial verification solutions.
U2 - 10.1145/3445968.3452092
DO - 10.1145/3445968.3452092
M3 - Conference contribution
SN - 9781450383189
SP - 3
EP - 10
BT - Proceedings of the ACM International Workshop on Software Defined Networks & Network Function Virtualization Security, SDN-NFV Sec 2021
PB - ACM
T2 - ACM International Workshop on Software Defined Networks & Network Function Virtualization Security 2021
Y2 - 28 April 2021 through 28 April 2021
ER -