A survey on the verification of adversarial data planes in software-defined networks

Conor Black; Sandra Scott-Hayward

doi:10.1145/3445968.3452092

A survey on the verification of adversarial data planes in software-defined networks

Conor Black, Sandra Scott-Hayward

School of Electronics, Electrical Engineering and Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

8 Citations (Scopus)

284 Downloads (Pure)

Abstract

As network policies are becoming increasingly nuanced and complex, so too are the mechanisms required to ensure that the network is functioning as intended. In particular, since the dawn of software-defined networking and the shift towards high-level descriptions of intended network policy, traditional tools such as ping and traceroute have been insufficient to test that complex data plane configurations have been correctly implemented. As a result, novel data plane verification solutions have been proposed that use formal methods to ensure that network policies are adhered to and that the data plane is free of bugs. While the number of these verification solutions continues to grow, only a few are equipped to verify the data plane when a malicious adversary is present. As research continues to expand the remit of data plane functionality, these solutions may become key to securing an increasingly valuable attack target. In this survey, we review the work that has been dedicated to preventing and detecting attacks on data planes in software-defined networks and discuss some of the unsolved problems in this field that must be addressed in future adversarial verification solutions.

Original language	English
Title of host publication	Proceedings of the ACM International Workshop on Software Defined Networks & Network Function Virtualization Security, SDN-NFV Sec 2021
Publisher	Association for Computing Machinery
Pages	3-10
ISBN (Print)	9781450383189
DOIs	https://doi.org/10.1145/3445968.3452092
Publication status	Published - 28 Apr 2021
Event	ACM International Workshop on Software Defined Networks & Network Function Virtualization Security 2021 - Virtual, United States Duration: 28 Apr 2021 → 28 Apr 2021 https://dl.acm.org/doi/proceedings/10.1145/3445968

Workshop

Workshop	ACM International Workshop on Software Defined Networks & Network Function Virtualization Security 2021
Abbreviated title	SDN-NFV Sec 2021
Country/Territory	United States
Period	28/04/2021 → 28/04/2021
Internet address	https://dl.acm.org/doi/proceedings/10.1145/3445968

Access to Document

10.1145/3445968.3452092Licence: Unspecified

A survey on the verification of adversarial data planes in software-defined networks
Copyright 2021 ACM. This work is made available online in accordance with the publisher’s policies. Please refer to any applicable terms of use of the publisher.
Accepted author manuscript, 332 KBLicence: Unspecified

Mitigating data plane device compromise in programmable networks
Black, C. (Author), Scott-Hayward, S. (Supervisor) & Sezer, S. (Supervisor), Jul 2023
Student thesis: Doctoral Thesis › Doctor of Philosophy

File

8 Citations
1 Conference contribution

Investigating the vulnerability of programmable data planes to static analysis-guided attacks
Black, C. & Scott-Hayward, S., 03 Aug 2022, Proceedings of the 8th IEEE International Conference on Network Softwarization, NetSoft 2022. Milan: Institute of Electrical and Electronics Engineers Inc., (International Conference on Network Softwarization (NetSoft): Proceedings).
Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Open Access
File
1 Citation (Scopus)

194 Downloads (Pure)

Cite this

@inproceedings{7450ba86cf604e949cb418a6693f20dd,

title = "A survey on the verification of adversarial data planes in software-defined networks",

abstract = "As network policies are becoming increasingly nuanced and complex, so too are the mechanisms required to ensure that the network is functioning as intended. In particular, since the dawn of software-defined networking and the shift towards high-level descriptions of intended network policy, traditional tools such as ping and traceroute have been insufficient to test that complex data plane configurations have been correctly implemented. As a result, novel data plane verification solutions have been proposed that use formal methods to ensure that network policies are adhered to and that the data plane is free of bugs. While the number of these verification solutions continues to grow, only a few are equipped to verify the data plane when a malicious adversary is present. As research continues to expand the remit of data plane functionality, these solutions may become key to securing an increasingly valuable attack target. In this survey, we review the work that has been dedicated to preventing and detecting attacks on data planes in software-defined networks and discuss some of the unsolved problems in this field that must be addressed in future adversarial verification solutions.",

author = "Conor Black and Sandra Scott-Hayward",

year = "2021",

month = apr,

day = "28",

doi = "10.1145/3445968.3452092",

language = "English",

isbn = "9781450383189",

pages = "3--10",

booktitle = "Proceedings of the ACM International Workshop on Software Defined Networks & Network Function Virtualization Security, SDN-NFV Sec 2021",

publisher = "Association for Computing Machinery",

address = "United States",

note = "ACM International Workshop on Software Defined Networks & Network Function Virtualization Security 2021, SDN-NFV Sec 2021 ; Conference date: 28-04-2021 Through 28-04-2021",

url = "https://dl.acm.org/doi/proceedings/10.1145/3445968",

}

Black, C & Scott-Hayward, S 2021, A survey on the verification of adversarial data planes in software-defined networks. in Proceedings of the ACM International Workshop on Software Defined Networks & Network Function Virtualization Security, SDN-NFV Sec 2021. Association for Computing Machinery, pp. 3-10, ACM International Workshop on Software Defined Networks & Network Function Virtualization Security 2021, United States, 28/04/2021. https://doi.org/10.1145/3445968.3452092

A survey on the verification of adversarial data planes in software-defined networks. / Black, Conor; Scott-Hayward, Sandra.
Proceedings of the ACM International Workshop on Software Defined Networks & Network Function Virtualization Security, SDN-NFV Sec 2021. Association for Computing Machinery, 2021. p. 3-10.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - A survey on the verification of adversarial data planes in software-defined networks

AU - Black, Conor

AU - Scott-Hayward, Sandra

PY - 2021/4/28

Y1 - 2021/4/28

N2 - As network policies are becoming increasingly nuanced and complex, so too are the mechanisms required to ensure that the network is functioning as intended. In particular, since the dawn of software-defined networking and the shift towards high-level descriptions of intended network policy, traditional tools such as ping and traceroute have been insufficient to test that complex data plane configurations have been correctly implemented. As a result, novel data plane verification solutions have been proposed that use formal methods to ensure that network policies are adhered to and that the data plane is free of bugs. While the number of these verification solutions continues to grow, only a few are equipped to verify the data plane when a malicious adversary is present. As research continues to expand the remit of data plane functionality, these solutions may become key to securing an increasingly valuable attack target. In this survey, we review the work that has been dedicated to preventing and detecting attacks on data planes in software-defined networks and discuss some of the unsolved problems in this field that must be addressed in future adversarial verification solutions.

AB - As network policies are becoming increasingly nuanced and complex, so too are the mechanisms required to ensure that the network is functioning as intended. In particular, since the dawn of software-defined networking and the shift towards high-level descriptions of intended network policy, traditional tools such as ping and traceroute have been insufficient to test that complex data plane configurations have been correctly implemented. As a result, novel data plane verification solutions have been proposed that use formal methods to ensure that network policies are adhered to and that the data plane is free of bugs. While the number of these verification solutions continues to grow, only a few are equipped to verify the data plane when a malicious adversary is present. As research continues to expand the remit of data plane functionality, these solutions may become key to securing an increasingly valuable attack target. In this survey, we review the work that has been dedicated to preventing and detecting attacks on data planes in software-defined networks and discuss some of the unsolved problems in this field that must be addressed in future adversarial verification solutions.

U2 - 10.1145/3445968.3452092

DO - 10.1145/3445968.3452092

M3 - Conference contribution

SN - 9781450383189

SP - 3

EP - 10

BT - Proceedings of the ACM International Workshop on Software Defined Networks & Network Function Virtualization Security, SDN-NFV Sec 2021

PB - Association for Computing Machinery

T2 - ACM International Workshop on Software Defined Networks & Network Function Virtualization Security 2021

Y2 - 28 April 2021 through 28 April 2021

ER -

A survey on the verification of adversarial data planes in software-defined networks

Abstract

Workshop

Access to Document

Fingerprint

Student theses

Mitigating data plane device compromise in programmable networks

Research output

Investigating the vulnerability of programmable data planes to static analysis-guided attacks

Cite this