poster

Defending lightweight virtual switches from cross-app poisoning attacks with vIFC

Authors:

Guilherme Bueno,

Mateus Saquetti,

José Rodrigo Azambuja,

Weverton CordeiroAuthors Info & Claims

SIGCOMM '20: Proceedings of the SIGCOMM '20 Poster and Demo Sessions

Pages 30 - 32

https://doi.org/10.1145/3405837.3411380

Published: 14 September 2021 Publication History

Get Access

Abstract

We present vIFC, a conceptual architecture for Information Flow Control (IFC) policy enforcement in lightweight programmable data planes (PDP) virtualization solutions. In contrast to existing solutions for preventing Cross-App Poisoning Attacks (CAP) like ProvSDN, our solution can monitor and prevent CAP attacks launched against lightweight virtual switches emulated by a general-purpose switch program or composed in a single switch program.

References

[1]

Aruba Networks. 2020. SDN Apps - Airheads Community. Retrieved July 24, 2020 from https://community.arubanetworks.com/t5/SDN-Apps/ct-p/SDN-Apps.

Google Scholar

[2]

Xiang Chen, Dong Zhang, Xiaojun Wang, Kai Zhu, and Haifeng Zhou. 2019. P4sc: Towards high-performance service function chain implementation on the p4-capable device. In 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM). IEEE, IEEE, New York, NY, USA, 1--9.

Google Scholar

[3]

Marc C Dacier, Hartmut König, Radoslaw Cwalinski, Frank Kargl, and Sven Dietrich. 2017. Security challenges and opportunities of software-defined networking. IEEE Security & Privacy 15, 2 (2017), 96--100.

Digital Library

Google Scholar

[4]

David Hancock and Jacobus van der Merwe. 2016. HyPer4: Using P4 to Virtualize the Programmable Data Plane. In Proceedings of the 12th International on Conference on Emerging Networking Experiments and Technologies (CoNEXT '16). Association for Computing Machinery, New York, NY, USA, 35--49.

Google Scholar

[5]

Shengru Li, Kai Han, Huibai Huang, Quanying Sun, Junjie Liu, Sicheng Zhao, and Zuqing Zhu. 2017. SR-PVX: A source routing based network virtualization hypervisor to enable POF-FIS programmability in vSDNs. IEEE Access 5 (2017), 7659--7666.

Crossref

Google Scholar

[6]

Paolo Missier, Khalid Belhajjame, and James Cheney. 2013. The W3C PROV family of specifications for modelling provenance metadata. In Proceedings of the 16th International Conference on Extending Database Technology. ACM, New York, NY, USA, 773--776.

Digital Library

Google Scholar

[7]

Open Network Operating System. 2020. Apps and Use Cases. Retrieved July 24, 2020 from https://wiki.onosproject.org/display/ONOS/Apps+and+Use+Cases.

Google Scholar

[8]

Mateus Saquetti, Guilherme Bueno, Weverton Cordeiro, and José Rodrigo Azambuja. 2019. Hard Virtualization of P4-Based Switches with VirtP4. In ACM SIGCOMM 2019 Conference Posters and Demos (SIGCOMM Posters and Demos '19). ACM, New York, NY, USA, 80--81.

Digital Library

Google Scholar

[9]

Mateus Saquetti, Guilherme Bueno, Weverton Cordeiro, and Jose Rodrigo Azambuja. 2020. P4VBox: Enabling P4-Based Switch Virtualization. IEEE Communications Letters 24, 1 Jan 2020), 146--149.

Crossref

Google Scholar

[10]

Benjamin E. Ujcich, Samuel Jero, Anne Edmundson, Qi Wang, Richard Skowyra, James Landry, Adam Bates, William H. Sanders, Cristina Nita-Rotaru, and Hamed Okhravi. 2018. Cross-App Poisoning in Software-Defined Networking. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (CCS '18). ACM, New York, NY, USA, 648--663.

Digital Library

Google Scholar

[11]

Changhoon Yoon, Seungwon Shin, Phillip Porras, Vinod Yegneswaran, Heedo Kang, Martin Fong, Brian O'Connor, and Thomas Vachuska. 2017. A Security-Mode for Carrier-Grade SDN Controllers. In Proceedings of the 33rd Annual Computer Security Applications Conference (ACSAC 2017). ACM, New York, NY, USA, 461--473.

Digital Library

Google Scholar

[12]

Peng Zheng, Theophilus Benson, and Chengchen Hu. 2018. P4Visor: Lightweight Virtualization and Composition Primitives for Building and Testing Modular Programs. In 14th Int' (CoNEXT '18). ACM, New York, NY, USA, 98--111.

Digital Library

Google Scholar

[13]

P. Zheng, T. A. Benson, and C. Hu. 2020. Building and Testing Modular Programs for Programmable Data Planes. IEEE Journal on Selected Areas in Communications 38, 7 (2020), 1432--1447.

Crossref

Google Scholar

Cited By

View all

Lamb ISaquetti Mde Oliveira GRodrigo Azambuja JCordeiro W(2022)Protecting Virtual Programmable Switches from Cross-App Poisoning (CAP) AttacksNOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium10.1109/NOMS54207.2022.9789775(1-9)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1109/NOMS54207.2022.9789775

Index Terms

Defending lightweight virtual switches from cross-app poisoning attacks with vIFC
1. Networks
  1. Network services
    1. Programmable networks
2. Security and privacy
  1. Formal methods and theory of security
    1. Formal security models

Recommendations

Cross-App Poisoning in Software-Defined Networking
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

Software-defined networking (SDN) continues to grow in popularity because of its programmable and extensible control plane realized through network applications (apps). However, apps introduce significant security challenges that can systemically ...
Protecting Virtual Programmable Switches from Cross-App Poisoning (CAP) Attacks
NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium
Cross-App Poisoning (CAP) is an emerging class of network integrity attacks against Software Defined Networking (SDN). In a CAP attack, a malicious app poison shared data objects maintained by the controller, thus co-opting legitimate apps into carrying ...
Defending Against Adversarial Denial-of-Service Data Poisoning Attacks
DYNAMICS '20: Proceedings of the 2020 Workshop on DYnamic and Novel Advances in Machine Learning and Intelligent Cyber Security

Data poisoning is one of the most relevant security threats against machine learning and data-driven technologies. Since many applications rely on untrusted training data, an attacker can easily craft malicious samples and inject them into the training ...

Comments

Information & Contributors

Information

Published In

SIGCOMM '20: Proceedings of the SIGCOMM '20 Poster and Demo Sessions

August 2020

96 pages

ISBN:9781450380485

DOI:10.1145/3405837

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 September 2021

Check for updates

Author Tags

Qualifiers

Poster

Funding Sources

Brazilian Education and Research Network (RNP)
National Science Foundation
Coordenação de Aperfeiçoamento de Pessoal de Nível Superior
Conselho Nacional de Desenvolvimento Científico e Tecnológico

Conference

SIGCOMM '20

Sponsor:

SIGCOMM

SIGCOMM '20: Annual conference of the ACM Special Interest Group on Data Communication on the applications, technologies, architectures, and protocols for computer communication

August 10 - 14, 2020

Virtual event

Acceptance Rates

Overall Acceptance Rate 92 of 158 submissions, 58%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
65
Total Downloads

Downloads (Last 12 months)8
Downloads (Last 6 weeks)0

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Lamb ISaquetti Mde Oliveira GRodrigo Azambuja JCordeiro W(2022)Protecting Virtual Programmable Switches from Cross-App Poisoning (CAP) AttacksNOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium10.1109/NOMS54207.2022.9789775(1-9)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1109/NOMS54207.2022.9789775

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Cross-App Poisoning in Software-Defined Networking

Protecting Virtual Programmable Switches from Cross-App Poisoning (CAP) Attacks

Defending Against Adversarial Denial-of-Service Data Poisoning Attacks

Comments

Information

Published In

Sponsors

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations