TY - GEN
T1 - Modeling and verifying topoguard in openflow-based software defined networks
AU - Xiang, Shuangqing
AU - Zhu, Huibiao
AU - Xiao, Lili
AU - Xie, Wanling
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2018/12/4
Y1 - 2018/12/4
N2 - Software Defined Networking (SDN) is an emerging networking paradigm, which provides flexible network programmability and eases the complexity of network control and management. The OpenFlow protocol is the best-known southbound interface of SDN. As the core of a software-defined network, a controller collects topology information of the entire network in order to manage the network as well as provide services to topology-dependent applications. The accuracy of topology information gained by a controller is utmost important. However, most of the mainstream OpenFlow controllers suffer from two kinds of topology poisoning attacks: Link Fabrication Attack and Host Hijacking Attack. TopoGuard is the most famous security extension to traditional OpenFlow controllers, providing detection of the two attacks. In this paper, we model TopoGuard, OpenFlow switches, hosts and two kinds of attackers using Communication Sequential Processes (CSP). Moreover, we encode the proposed model into Process Analysis Toolkit (PAT), a model checker. Finally, we use PAT to verify whether TopoGuard is able to detect the two attacks in some specific scenarios.
AB - Software Defined Networking (SDN) is an emerging networking paradigm, which provides flexible network programmability and eases the complexity of network control and management. The OpenFlow protocol is the best-known southbound interface of SDN. As the core of a software-defined network, a controller collects topology information of the entire network in order to manage the network as well as provide services to topology-dependent applications. The accuracy of topology information gained by a controller is utmost important. However, most of the mainstream OpenFlow controllers suffer from two kinds of topology poisoning attacks: Link Fabrication Attack and Host Hijacking Attack. TopoGuard is the most famous security extension to traditional OpenFlow controllers, providing detection of the two attacks. In this paper, we model TopoGuard, OpenFlow switches, hosts and two kinds of attackers using Communication Sequential Processes (CSP). Moreover, we encode the proposed model into Process Analysis Toolkit (PAT), a model checker. Finally, we use PAT to verify whether TopoGuard is able to detect the two attacks in some specific scenarios.
KW - Formal Verifying
KW - Modeling
KW - SDN
KW - TopoGuard
UR - https://www.scopus.com/pages/publications/85062325148
U2 - 10.1109/TASE.2018.00019
DO - 10.1109/TASE.2018.00019
M3 - 会议稿件
AN - SCOPUS:85062325148
T3 - Proceedings - 2018 12th International Symposium on Theoretical Aspects of Software Engineering, TASE 2018
SP - 84
EP - 91
BT - Proceedings - 2018 12th International Symposium on Theoretical Aspects of Software Engineering, TASE 2018
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 12th International Symposium on Theoretical Aspects of Software Engineering, TASE 2018
Y2 - 29 August 2018 through 31 August 2018
ER -