Cross-App Poisoning in Software-Defined Networking
Association for Computing Machinery (ACM) via YouTube
Overview
Explore a critical class of SDN control plane integrity attacks called cross-app poisoning (CAP) in this 24-minute conference talk. Delve into how unprivileged apps can manipulate shared control plane states to deceive privileged apps into performing unauthorized actions. Examine the limitations of Role-Based Access Control (RBAC) in SDN environments, analyze the threat model, and understand CAP's implementation in ONOS. Learn about CAP gadgets, PROVSDN, and review both attack and performance evaluations. Gain valuable insights into SDN security challenges and potential mitigation strategies.
Syllabus
Intro
SDN Overview
State of SDN Security
RBAC in Control Plane
RBAC Limitations
Approach
Threat Model
Cross-App Poisoning (CAP)
CAP in ONOS
CAP Gadgets in ONOS
PROVSDN
Attack Evaluation
Performance Evaluation
Summary
Questions?
Taught by
Association for Computing Machinery (ACM)