Return to search

Cyber Attacks Against SDN Controllers And Protecting The Control Plane With A Formally Verified Microkernel / Cyberattacker Mot SDN Kontroller Och Att Skydda Kontrollplanet Med En Formellt Verifierad Mikrokärna

Software-Defined Networking (SDN) is a technology that is increasing in popularity. However, with increased prevalence comes increased opportunity to exploit vulnerabilities that exist within the technology. In this thesis, several attack vectors that can be used to attack SDN controllers were identified through a literature review. Among these vectors there is one that is concerned with the vulnerabilities present on the host of the SDN controller. One promising method that could be used to mitigate this attack vector is to deploy the SDN controller on a microkernel. The microkernel chosen in this thesis is the formally verified microkernel seL4®. This thesis investigate the possible ways of deploying an SDN controller on seL4. A deployment of an SDN controller is also performed in this thesis in order to assess the difficulties and possible performance tradeoffs present in adapting an SDN controller for seL4. The deployment of the SDN controller uses seL4’s virtualization capabilities and leaves the majority of the controller running in a virtual machine on seL4. A small part of the controller is moved to a separate and isolated component in order to showcase how the isolation capabilities of seL4 can be utilized. The performances of the unmodified and the modified controller are then compared. A significant increase in execution time when communicating between the VM and the separate component was discovered. However, such increases may also be attributed to dynamic binary translation used when simulating seL4 using QEMU. Thus, properly quantifying these overheads would require a different setup, either without simulation or with hardware-assisted virtualization.

Identiferoai:union.ndltd.org:UPSALLA1/oai:DiVA.org:liu-181553
Date January 2021
CreatorsHolmberg, Olof
PublisherLinköpings universitet, Programvara och system
Source SetsDiVA Archive at Upsalla University
LanguageEnglish
Detected LanguageEnglish
TypeStudent thesis, info:eu-repo/semantics/bachelorThesis, text
Formatapplication/pdf
Rightsinfo:eu-repo/semantics/openAccess

Page generated in 0.0021 seconds