OpenFlow vulnerability assessment

Authors:
Kevin Benton;L. Jean Camp;Chris Small
Affiliations:
Indiana University, Bloomington, IN, USA;Indiana University, Bloomington, IN, USA;Indiana University, Bloomington, IN, USA
Venue:
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
Year:
2013

Citing 2
Cited 1

Onix: a distributed control platform for large-scale production networks

OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
A security enforcement kernel for OpenFlow networks

Proceedings of the first workshop on Hot topics in software defined networks

AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

We provide a brief overview of the vulnerabilities present in the OpenFlow protocol as it is currently deployed by hardware and software vendors. We identify a widespread failure to adopt TLS for the OpenFlow control channel by both controller and switch vendors, leaving OpenFlow vulnerable to man-in-the-middle attacks. We also highlight the classes of vulnerabilities that emerge from the separation and centralization of the control plane in OpenFlow network designs. Finally, we offer suggestions for future work to address these vulnerabilities in a systematic fashion.