Atacando e defendendo redes definidas por software

Detalhes bibliográficos
Autor(a) principal: Pascoal, Túlio Albuquerque
Data de Publicação: 2018
Tipo de documento: Dissertação
Idioma: por
Título da fonte: Biblioteca Digital de Teses e Dissertações da UFPB
Texto Completo: https://repositorio.ufpb.br/jspui/handle/123456789/13342
Resumo: Software Defined Networks (SDN) facilitate network management by decoupling the data plane which forwards packets using efficient switches from the control plane by leaving the decisions on how packets should be forwarded to a (centralized) controller. However, due to limitations on the number of forwarding rules a switch can store in its Ternary Content-Addressable Memory (TCAM), SDN networks have been subject to saturation and TCAM exhaustion attacks where the attacker is able to deny service by forcing a target switch to install a great number of rules. An underlying assumption is that these attacks are carried out by sending a high rate of unique packets. This work shows that this assumption is not necessarily true and that SDNs are vulnerable to a novel attack, called Slow TCAM exhaustion attacks (Slow-TCAM) in which existing defenses for saturarion and TCAM exhaustion attacks are not able to mitigate it due to its relatively low traffic rate and similarity to legitimate clients. In this work is also proposed a novel defense called SIFT based on selective strategies demonstrating its effectivenes against the SlowTCAM attack in different scenarios, obtaining levels of availability above 92% (worst case scenario)when the network is under attack while having low memory and CPU consumption.
id UFPB_b63200305826344c28d2946e8e3651f8
oai_identifier_str oai:repositorio.ufpb.br:123456789/13342
network_acronym_str UFPB
network_name_str Biblioteca Digital de Teses e Dissertações da UFPB
repository_id_str
spelling Atacando e defendendo redes definidas por softwareRedes definidas por softwareAtaques de negação de serviçoAtaques low-rateDefesas seletivasSoftware defined networksDenial of service attacksLow-rate attacksSelective defensesCNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAOSoftware Defined Networks (SDN) facilitate network management by decoupling the data plane which forwards packets using efficient switches from the control plane by leaving the decisions on how packets should be forwarded to a (centralized) controller. However, due to limitations on the number of forwarding rules a switch can store in its Ternary Content-Addressable Memory (TCAM), SDN networks have been subject to saturation and TCAM exhaustion attacks where the attacker is able to deny service by forcing a target switch to install a great number of rules. An underlying assumption is that these attacks are carried out by sending a high rate of unique packets. This work shows that this assumption is not necessarily true and that SDNs are vulnerable to a novel attack, called Slow TCAM exhaustion attacks (Slow-TCAM) in which existing defenses for saturarion and TCAM exhaustion attacks are not able to mitigate it due to its relatively low traffic rate and similarity to legitimate clients. In this work is also proposed a novel defense called SIFT based on selective strategies demonstrating its effectivenes against the SlowTCAM attack in different scenarios, obtaining levels of availability above 92% (worst case scenario)when the network is under attack while having low memory and CPU consumption.Coordenação de Aperfeiçoamento de Pessoal de Nível Superior - CAPESRedes definidas por Software (SDN - Software Defined Networks) facilitam o gerenciamento de redes de computadores a partir da separação do plano de dados, que realiza o encaminhamento de pacotes utilizando switches SDN, e do plano de controle, que define regras (definidas por um controlador central) de como os pacotes devem ser encaminhados e tratados na rede. Contudo, devido à limitação do número de regras de encaminhamento que um switch pode armazenar em sua memória TCAM (Ternary Content-Addressable Memory), redes SDN vêm sendo sujeita a ataques de Saturação (Saturation Attacks) e Exaustão da Tabela TCAM (TCAM exhaustion attacks). Nesses ataques os atacantes são capazes de negar o serviço da rede forçando o switch alvo a instalar um grande número de regras a partir da criação de grande tráfego de pacotes únicos. Esse trabalho mostra que esse pressuposto não é necessariamente verdadeiro e que redes SDN são vulneráveis a um novo ataque, chamado Slow-TCAM (Slow TCAM Exhaustion Attack) em que defesas atuais contra ataques de Saturação e Exaustão da Tabela TCAM não são capazes de mitigá-lo por conta de seu tráfego relativamente baixo e sua similaridade com tráfego legítimo. Nesse trabalho também é proposta uma defesa inédita chamada SIFT, baseada em estratégias seletivas, demonstrando sua eficácia contra o ataque Slow-TCAM, obtendo uma disponibilidade acima de 92% para clientes legítimos (no pior caso) quando a rede está sob ataque com um baixo consumo de memória e CPU.Universidade Federal da ParaíbaBrasilInformáticaPrograma de Pós-Graduação em InformáticaUFPBFonseca, Iguatemi Eduardo dahttp://lattes.cnpq.br/4519016123693631Vivek, NiganPascoal, Túlio Albuquerque2019-02-07T17:52:21Z2019-02-072019-02-07T17:52:21Z2018-02-15info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesishttps://repositorio.ufpb.br/jspui/handle/123456789/13342porAttribution-NoDerivs 3.0 Brazilhttp://creativecommons.org/licenses/by-nd/3.0/br/info:eu-repo/semantics/openAccessreponame:Biblioteca Digital de Teses e Dissertações da UFPBinstname:Universidade Federal da Paraíba (UFPB)instacron:UFPB2019-02-08T06:03:59Zoai:repositorio.ufpb.br:123456789/13342Biblioteca Digital de Teses e Dissertaçõeshttps://repositorio.ufpb.br/PUBhttp://tede.biblioteca.ufpb.br:8080/oai/requestdiretoria@ufpb.br|| diretoria@ufpb.bropendoar:2019-02-08T06:03:59Biblioteca Digital de Teses e Dissertações da UFPB - Universidade Federal da Paraíba (UFPB)false
dc.title.none.fl_str_mv Atacando e defendendo redes definidas por software
title Atacando e defendendo redes definidas por software
spellingShingle Atacando e defendendo redes definidas por software
Pascoal, Túlio Albuquerque
Redes definidas por software
Ataques de negação de serviço
Ataques low-rate
Defesas seletivas
Software defined networks
Denial of service attacks
Low-rate attacks
Selective defenses
CNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO
title_short Atacando e defendendo redes definidas por software
title_full Atacando e defendendo redes definidas por software
title_fullStr Atacando e defendendo redes definidas por software
title_full_unstemmed Atacando e defendendo redes definidas por software
title_sort Atacando e defendendo redes definidas por software
author Pascoal, Túlio Albuquerque
author_facet Pascoal, Túlio Albuquerque
author_role author
dc.contributor.none.fl_str_mv Fonseca, Iguatemi Eduardo da
http://lattes.cnpq.br/4519016123693631
Vivek, Nigan
dc.contributor.author.fl_str_mv Pascoal, Túlio Albuquerque
dc.subject.por.fl_str_mv Redes definidas por software
Ataques de negação de serviço
Ataques low-rate
Defesas seletivas
Software defined networks
Denial of service attacks
Low-rate attacks
Selective defenses
CNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO
topic Redes definidas por software
Ataques de negação de serviço
Ataques low-rate
Defesas seletivas
Software defined networks
Denial of service attacks
Low-rate attacks
Selective defenses
CNPQ::CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO
description Software Defined Networks (SDN) facilitate network management by decoupling the data plane which forwards packets using efficient switches from the control plane by leaving the decisions on how packets should be forwarded to a (centralized) controller. However, due to limitations on the number of forwarding rules a switch can store in its Ternary Content-Addressable Memory (TCAM), SDN networks have been subject to saturation and TCAM exhaustion attacks where the attacker is able to deny service by forcing a target switch to install a great number of rules. An underlying assumption is that these attacks are carried out by sending a high rate of unique packets. This work shows that this assumption is not necessarily true and that SDNs are vulnerable to a novel attack, called Slow TCAM exhaustion attacks (Slow-TCAM) in which existing defenses for saturarion and TCAM exhaustion attacks are not able to mitigate it due to its relatively low traffic rate and similarity to legitimate clients. In this work is also proposed a novel defense called SIFT based on selective strategies demonstrating its effectivenes against the SlowTCAM attack in different scenarios, obtaining levels of availability above 92% (worst case scenario)when the network is under attack while having low memory and CPU consumption.
publishDate 2018
dc.date.none.fl_str_mv 2018-02-15
2019-02-07T17:52:21Z
2019-02-07
2019-02-07T17:52:21Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv https://repositorio.ufpb.br/jspui/handle/123456789/13342
url https://repositorio.ufpb.br/jspui/handle/123456789/13342
dc.language.iso.fl_str_mv por
language por
dc.rights.driver.fl_str_mv Attribution-NoDerivs 3.0 Brazil
http://creativecommons.org/licenses/by-nd/3.0/br/
info:eu-repo/semantics/openAccess
rights_invalid_str_mv Attribution-NoDerivs 3.0 Brazil
http://creativecommons.org/licenses/by-nd/3.0/br/
eu_rights_str_mv openAccess
dc.publisher.none.fl_str_mv Universidade Federal da Paraíba
Brasil
Informática
Programa de Pós-Graduação em Informática
UFPB
publisher.none.fl_str_mv Universidade Federal da Paraíba
Brasil
Informática
Programa de Pós-Graduação em Informática
UFPB
dc.source.none.fl_str_mv reponame:Biblioteca Digital de Teses e Dissertações da UFPB
instname:Universidade Federal da Paraíba (UFPB)
instacron:UFPB
instname_str Universidade Federal da Paraíba (UFPB)
instacron_str UFPB
institution UFPB
reponame_str Biblioteca Digital de Teses e Dissertações da UFPB
collection Biblioteca Digital de Teses e Dissertações da UFPB
repository.name.fl_str_mv Biblioteca Digital de Teses e Dissertações da UFPB - Universidade Federal da Paraíba (UFPB)
repository.mail.fl_str_mv diretoria@ufpb.br|| diretoria@ufpb.br
_version_ 1801842943972081664

Registros relacionados