The purpose of introducing a graduate course for SDN Security is to draw a comparison between the range of issues addressed by cybersecurity courses at graduate level with their potential adaptations in the domain of Software-defined Networking. This course tries to address these issues alongside a set of novel security issues that the paradigm of SDN exclusively brings to the table in consultation with the published solution(s) suggested in relevant academic papers. The course is designed to help students understand the security implications across the control and data planes in SDN.
Course Description
The security issues addressed in this course are inspired from a range of attack scenarios that have been broadly categorized into:
1. Interception Attacks
2. Interruption Attacks
3. Hijack Attacks
To learn more about the course or get access to the course material, please email us.
1. Interception Attacks
Interception attacks allow unauthorized users to access our data, applications, or environments, and are primarily an attack against confidentiality. Interception might take the form of unauthorized access to network configurations and policies, eavesdropping on network conversations, or scanning/exploring the identity and/or location of network hosts and/or devices. Properly executed, interception attacks can be difficult to detect.
2. Interruption Attacks
Interruption attacks cause our assets to become unusable or unavailable for our use, on a temporary or permanent basis. They often affect availability but can be an attack on integrity as well. In the case of a DoS attack on a file server, we would classify this as an availability attack. If we generate spurious network messages like ARP or link-discovery (LLDP) to interrupt network behavior or applications, we might consider this an integrity attack. These attacks don’t necessarily require malicious intent and can sometimes be simply a result of poor network configuration/policies.
3. Hijack Attacks
Hijack attacks could be thought of as a combination of Interception and Interruption Attacks. These attacks are not only difficult to detect but can have catastrophic effect on businesses. These attacks are often carried out in multiple phases. These attacks often involve multiple compromised actors across both control-plane and data-plane in SDN. (Flow) modification attacks, (API) repudiation attacks, replaying attacks and man-in-the-middle attacks are examples of these attacks.