SDNShield: Reconciliating configurable application permissions for SDN App markets

Proceedings - 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2016

Volumn , Issue , 2016, Pages 121-132

  Wen, Xitao ^a   Yang, Bo ^b   Chen, Yan ^a   Hu, Chengchen ^c   Wang, Yi ^d   Liu, Bin ^e   Chen, Xiaolin ^f  

^a NORTHWEST UNIVERSITY   (China)

^b ZHEJIANG UNIVERSITY   (China)

^c XI'AN JIAOTONG UNIVERSITY   (China)

^d Theory Lab   (Hong Kong)

^e TSINGHUA UNIVERSITY   (China)

^f CHUXIONG NORMAL UNIVERSITY   (China)

Author keywords

Access control; SDN Security; Software defined networks

Indexed keywords

ACCESS CONTROL; CONTROLLERS; FLIGHT CONTROL SYSTEMS; SECURITY SYSTEMS; SOFTWARE DEFINED NETWORKING;

APPLICATION PERMISSIONS; BEHAVIOR BOUNDARIES; CONTROLLER ARCHITECTURES; NETWORK ADMINISTRATOR; PROTOTYPE IMPLEMENTATIONS; RUNTIME OVERHEADS; SDN SECURITY; THIRD-PARTY DEVELOPMENT;

NETWORK SECURITY;

EID: 84994324058     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/DSN.2016.20     Document Type: Conference Paper

References (43)

1. Cisco ios ftp server remote exploit by andy davis. http://bit.ly/Yj21sO. Accessed: 7/30/2015.
2. Mike lynn's 'exploit', in plain (non-technical) english. http://bit.ly/10zx5ou. Accessed: 7/30/2015.
3. A remote cisco ios exploit. http://bit.ly/WAYG2V. Accessed: 7/30/2015.
4. F. Lindner. Developments in cisco ios forensics. Recurity Labs, White Paper, 2008.
5. OpenDaylight Platform. http://bit.ly/1HJi57D. Accessed: 7/30/2015.
6. ONOS. http://bit.ly/1KrvSl9. Accessed: 7/30/2015.
7. HP SDN App Store. https://hpn.hpwsportal.com/catalog.html. Accessed: 7/30/2015.
8. SDN Security Attack Vectors and SDN Hardening. http://bit.ly/1KO0Zgc. Accessed: 7/30/2015.
9. Xitao Wen, Yan Chen, Chengchen Hu, Chao Shi, and Yi Wang. Towards a secure controller platform for openflow applications. In HotSDN'13.
10. Seungwon Shin, Yongjoo Song, Taekyung Lee, and etc. Rosemary: A robust, secure, and high-performance network operating system. In CCS '14.
11. Phillip Porras, Steven Cheung, et al. Securing the Software-Defined Network Control Layer. In NDSS, 2015.
12. S. Shin, P. Porras, V. Yegneswaran, M. Fong, G. Gu, and M. Tyson. Fresco: Modular composable security services for software-defined networks. In NDSS'13.
13. Xin Jin, Jennifer Gossels, Jennifer Rexford, and David Walker. CoVisor: A Compositional Hypervisor for Software-Defined Networks. In USENIX NSDI'15.
14. Flood Light Open Flow controller. http://bit.ly/UIL73z. Accessed: 7/30/2015.
15. M. Canini, D. Venzano, P. Peresini, D. Kostic, and J. Rexford. A nice way to test openflow applications. In USENIX NSDI'12.
16. P. Porras, S. Shin, V. Yegneswaran, M. Fong, M. Tyson, and G. Gu. A security enforcement kernel for openflow networks. In HotSDN'12.
17. Ryan Johnson, Zhaohui Wang, Corey Gagnon, and Angelos Stavrou. Analysis of android applications' permissions. In SERE-C 2012.
18. Kathy Wain Yee Au, Yi Fan Zhou, Zhen Huang, and David Lie. Pscout: analyzing the android permission specification. In CCS 2012. ACM.
19. Wei Xu, Fangfang Zhang, and Sencun Zhu. Permlyzer: Analyzing permission usage in android applications. In ISSRE 2013. IEEE.
20. AirWatch. http://www.air-watch.com/. Accessed: 7/30/2015.
21. Citrix XenMobile. https://www.citrix.com/xenmobile/. Accessed: 7/30/2015.
22. Andreas Voellmy and Paul Hudak. Nettle: Taking the sting out of programming network routers. In PADL, pages 235-249, 2011.
23. Andreas Voellmy, Hyojoon Kim, and Nick Feamster. Procera: a language for high-level reactive network control. In Proceedings of HotSDN 2012.
24. Andreas Voellmy, Junchang Wang, Y Richard Yang, Bryan Ford, and Paul Hudak. Maple: simplifying sdn programming using algorithmic policies. In Proceedings of the ACM SIGCOMM 2013.
25. Nate Foster, Arjun Guha, et al. Languages for software-defined networks. Communications Magazine, IEEE, 51(2):128-134, 2013.
26. Joshua Reich, Christopher Monsanto, Nate Foster, Jennifer Rexford, and David Walker. Composing software defined networks. In USENIX NSDI'13.
27. Carolyn Jane Anderson, Nate Foster, et al. Netkat: Semantic foundations for networks. In POPL '14.
28. Cbench controller benchmarker. http://bit.ly/YyICCs. Accessed: 7/30/2015.
29. Rob Sherwood, Glen Gibb, et al. Can the production network be the testbed?
30. Ali Al-Shabibi, Marc De Leenheer, et al. OpenVirteX: Make Your Virtual SDNs Programmable. HotSDN '14.
31. Teemu Koponen, Keith Amidon, et al. Network virtualization in multi-tenant datacenters. In NSDI, 2014.
32. Roberto Doriguzzi Corin, Matteo Gerola, et al. Vertigo: network virtualization and beyond. In EWSDN. IEEE, 2012.
33. Ahmed Khurshid, Xuan Zou, Wenxuan Zhou, Matthew Caesar, and P Godfrey. Veriflow: verifying network-wide invariants in real time. In USENIX NSDI'13.
34. Peyman Kazemian, Michael Chan, and etc. Real time network policy checking using header space analysis. In NSDI, pages 99-111, 2013.
35. Peter A Loscocco, Stephen D Smalley, and etc. The inevitability of failure: The flawed assumption of security in modern computing environments. In NISSC, 1998.
36. Ravi S Sandhu and Pierangela Samarati. Access control: principle and practice. Communications Magazine, IEEE, 32(9):40-48, 1994.
37. Pierangela Samarati and Sabrina Capitani de Vimercati. Access control: Policies, models, and mechanisms. In Foundations of Security Analysis and Design. Springer.
38. Stephen Smalley and Robert Craig. Security Enhanced (SE) Android: Bringing Flexible MAC to Android. In NDSS, volume 310, pages 20-38, 2013.
39. Jinseong Jeon, Kristopher K Micinski, et al. Dr. android and mr. hide: fine-grained permissions in android applications. In SPSM 2012. ACM.
40. Soteris Demetriou, Xiaoyong Zhou, et al. What's in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources. In NDSS, 2015.
41. A.P. Felt, K Greenwood, and D. Wagner. The effectiveness of application permissions. In WebApps, 2011.
42. A.P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner. Android permissions: User attention, comprehension, and behavior. In SOUPS, 2012.
43. Christopher Monsanto, Nate Foster, Rob Harrison, and David Walker. A compiler and run-time system for network programming languages. In ACM SIGPLAN Notices, volume 47, pages 217-230. ACM, 2012.