Skip to main content

SDN Rootkits: Subverting Network Operating Systems of Software-Defined Networks

  • Conference paper
  • First Online:
Research in Attacks, Intrusions, and Defenses (RAID 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9404))

Included in the following conference series:

  • 3451 Accesses

Abstract

The new paradigm of Software-Defined Networking (SDN) enables exciting new functionality for building networks. Its core component is the so called SDN controller (also termed network operating system). An SDN controller is logically centralized and crucially important, thus, exploiting it can significantly harm SDN-based networks. As recent work considers only flaws and rudimentary malicious logic inside SDN applications, we focus on rootkit techniques which enable attackers to subvert network operating systems. We present two prototype implementations: a SDN rootkit for the industry’s leading open source controller OpenDaylight as well as a version with basic rootkit functions for the commercial and non-OpenDaylight-based HP controller. Our SDN rootkit is capable of actively hiding itself and malicious network programming as well as providing remote access. Since OpenDaylight intends to establish a reference framework for network operating systems (both open source and commercial), our work demonstrates potential threats for a wide range of network operating systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Ali, S.T., Sivaraman, V., Radford, A., Jha, S.: A Survey of Securing Networks using Software Defined Networking. To appear in IEEE Transactions on Reliability

    Google Scholar 

  2. Bodden, E., Sewe, A., Sinschek, J., Oueslati, H., Mezini, M.: Taming reflection: aiding static analysis in the presence of reflection and custom class loaders. In: International Conference on Software Engineering, ICSE (2011)

    Google Scholar 

  3. Canini, M., Venzano, D., Peresini, P., Kostic, D., Rexford, J.: A NICE way to test openflow applications. In: USENIX Symposium on Networked Systems Design and Implementation (2012)

    Google Scholar 

  4. Cisco. Extensible Network Controller. www.cisco.com/c/en/us/products/collateral/cloud-systems-management/extensible-network-controller-xnc/data_sheet_c78-729453.html

  5. Dhawan, M., Poddar, R., Mahajan, K., Mann, V.: SPHINX: detecting security attacks in software-defined networks. In: Symposium on Network and Distributed System Security (2015)

    Google Scholar 

  6. Feamster, N., Rexford, J., Zegura, E.: The Road to SDN. In: ACM Queue: Tomorrow’s Computing Today (2013)

    Google Scholar 

  7. Floodlight. www.floodlight.openflowhub.org

  8. Gude, N., Koponen, T., Pettit, J., Pfaff, B., Casado, M., McKeown, N., Shenker, S.: NOX: towards an operating system for networks. In: ACM SIGCOMM Computer Communication Review (2008)

    Google Scholar 

  9. Hewlett-Packard. HP VAN SDN Controller. www.hp.com

  10. Hewlett-Packard: HP Open Ecosystem Breaks Down Barriers to Software-Defined Networking (2013). www.hp.com

  11. Hölzle, U.: OpenFlow @ Google. Open Networking Summit (2012)

    Google Scholar 

  12. Hong, S., Xu, L., Wang, H., Gu, G.: Poisoning network visibility in software-defined networks: new attacks and countermeasures. In: Symposium on Network and Distributed System Security (2015)

    Google Scholar 

  13. Kazemian, P., Chang, M., Zeng, H., Varghese, G., McKeown, N., Whyte, S.: Real time network policy checking using header space analysis. In: USENIX Symposium on Networked Systems Design and Implementation (2013)

    Google Scholar 

  14. Khurshid, A., Zhou, W., Caesar, M., Godfrey, P.: VeriFlow: verifying network-wide invariants in real time. In: USENIX Symposium on Networked Systems Design and Implementation (2013)

    Google Scholar 

  15. Kreutz, D., Ramos, F., Verissimo, P.: Towards secure and dependable software-defined networks. In: ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking (2013)

    Google Scholar 

  16. Kreutz, D., Ramos, F.M., Verissimo, P., Rothenberg, C.E., Azodolmolky, S., Uhlig, S.: Software-defined networking: a comprehensive survey. In: Proceedings of the IEEE (2015)

    Google Scholar 

  17. Lantz, B., Heller, B., McKeown, N.: A network in a laptop: rapid prototyping for software-defined networks. In: ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking (2010)

    Google Scholar 

  18. Livshits, B., Whaley, J., Lam, M.S.: Reflection analysis for java. In: Yi, K. (ed.) APLAS 2005. LNCS, vol. 3780, pp. 139–160. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  19. McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S.,Turner, J.: OpenFlow: enabling innovation in campus networks. In: ACM SIGCOMM Computer Communication Review (2008)

    Google Scholar 

  20. Networks, J.: Whats behind network downtime? (2008). www-935.ibm.com/services/au/gts/pdf/200249.pdf

  21. McKeown, N.: How SDN will shape networking. Open Networking Summit (2011)

    Google Scholar 

  22. Nunes, B.A.A., Mendonca, M., Nguyen, X.-N., Obraczka, K., Turletti, T.: A survey of software-defined networking: past, present, and future of programmable networks. In: IEEE Communications Surveys & Tutorials (2014)

    Google Scholar 

  23. ONF. Open Networking Foundation. www.opennetworking.org

  24. ONOS. Open Network Operating System. http://onosproject.org/

  25. Open Networking Foundation: Software-Defined Networking: The New Norm for Networks. White paper, Open Networking Foundation (2012)

    Google Scholar 

  26. Oracle. Sun Alert 1000560.1. www.oracle.com (last update in 2008)

  27. Oracle. Sun Alert 1000148.1. www.oracle.com, (last update in 2010)

  28. Porras, P., Cheung, S., Fong, M., Skinner, K., Yegneswaran, V.: Securing the software-defined network control layer. In: Symposium on Network and Distributed System Security (2015)

    Google Scholar 

  29. Porras, P., Shin, S., Yegneswaran, V., Fong, M., Tyson, M., Gu, G.: A security enforcement kernel for openflow networks. In: ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking (2012)

    Google Scholar 

  30. Röpke, C., Holz, T.: Retaining control over sdn network services. In: International Conference on Networked Systems (2015)

    Google Scholar 

  31. Shin, S., Porras, P., Yegneswaran, V., Fong, M., Gu, G., Tyson, M.: FRESCO: modular composable security services for software-defined networks. In: Symposium on Network and Distributed System Security (2013)

    Google Scholar 

  32. Shin, S., Song, Y., Lee, T., Lee, S., Chung, J., Porras, P., Yegneswaran, V., Noh, J., Kang, B.B.: Rosemary: a robust, secure, and high-performance network operating system. In: ACM SIGSAC Conference on Computer and Communications Security (2014)

    Google Scholar 

  33. Shin, S., Yegneswaran, V., Porras, P., Gu, G.: AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks. In: ACM Conference on Computer and Communications Security (2013)

    Google Scholar 

  34. Vogl, S., Gawlik, R., Garmany, B., Kittel, T., Pfoh, J., Eckert, C., Holz, T.: Dynamic hooks: hiding control flow changes within non-control data. In: USENIX Security Symposium (2014)

    Google Scholar 

  35. Wen, X., Chen, Y., Hu, C., Shi, C., Wang, Y.: Towards a secure controller platform for OpenFlow applications. In: ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking (2013)

    Google Scholar 

Download references

Acknowledgments

This work has been supported by the German Federal Ministry of Education and Research (BMBF) under support code 01BP12300A; EUREKA-Project SASER.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Christian Röpke .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Röpke, C., Holz, T. (2015). SDN Rootkits: Subverting Network Operating Systems of Software-Defined Networks. In: Bos, H., Monrose, F., Blanc, G. (eds) Research in Attacks, Intrusions, and Defenses. RAID 2015. Lecture Notes in Computer Science(), vol 9404. Springer, Cham. https://doi.org/10.1007/978-3-319-26362-5_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-26362-5_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-26361-8

  • Online ISBN: 978-3-319-26362-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics