Automação e Cibersegurança: Criando uma Ferramenta de Testes para Redes SDN
Resumo
Com a ampla adoção das redes SDN (SDN Software Defined Networks) em diversas aplicações atuais, mais métodos de exploração de vulnerabilidades têm sido criados tendo como alvos os planos de dados, controle e aplicação. Devido a sua característica de centralização da lógica de controle, as redes SDN se mostram mais vulneráveis a ataques de negação de serviço, aumentando a necessidade de aperfeiçoamento dos métodos de proteção das redes. Visando contribuir com o aprendizado de cyberataques em redes SDN, o presente trabalho demonstra o desenvolvimento de uma ferramenta de execução de testes automatizada e modularizada, permitindo a personalização dos testes e facilidade nas rotinas de gerenciamento de redes SDN.Referências
Contributors, M. P. (2022). Mininet - an instant virtual network on your laptop (or other pc). [link] [Acessado: 05 de Junho de 2024].
Foundation, O. (2023). Top 10 web application security risks. [link] [Accessado: 10 de Junho de 2024].
Foundation, O. N. (2024). Open network operating system (onos) sdn controller. [link] [Accessado: 15 de Junho de 2024].
Georgiev, S. and Nikolova, K. (2023). Implementation of an agile sdlc ci/cd pipeline for managing a sdn vxlan-evpn fabric. In 2023 31st National Conference with International Participation (TELECOM), pages 1–4.
Gopi, D., Cheng, S., and Huck, R. (2017). Comparative analysis of sdn and conventional networks using routing protocols. In 2017 International Conference on Computer, Information and Telecommunication Systems (CITS), pages 108–112.
Guo, C., Xie, D., Han, Y., Guo, J., and Wei, Z. (2020). Survey of software-defined network security issues. In Sun, X., Wang, J., and Bertino, E., editors, Artificial Intelligence and Security, pages 503–514, Singapore. Springer Singapore.
Liatifis, A., Sarigiannidis, P., Argyriou, V., and Lagkas, T. (2023). Advancing sdn from openflow to p4: A survey. ACM Comput. Surv., 55(9).
Nsafoa-Yeboah, K., Tchao, E. T., Yeboah-Akowuah, B., Kommey, B., Agbemenu, A. S., Keelson, E., and Monirujjaman Khan, M. (2022). Software-defined networks for optical networks using flexible orchestration: Advances, challenges, and opportunities. Journal of Computer Networks and Communications, 2022(1):5037702.
Pascoal, T. A., Dantas, Y. G., Fonseca, I. E., and Nigam, V. (2017). Slow TCAM exhaustion DDoS attack. In IFIP International Conference on ICT Systems Security and Privacy Protection, pages 17–31. Springer.
Pascoal, T. A., Fonseca, I. E., and Nigam, V. (2020). Slow denial-of-service attacks on software defined networks. Comput. Networks, 173:107223.
Qiu, X. and Tang, Z. (2022). Research advanced in the security defence of software defined network. In 2022 International Conference on Electronics and Devices, Computational Science (ICEDCS), pages 380–384.
Rios, V. D. M., Inácio, P. R. M., Magoni, D., and Freire, M. M. (2022). Detection and mitigation of low-rate denial-of-service attacks: A survey. IEEE Access, 10:76648–76668.
Smith-perrone, J. and Sims, J. (2017). Securing cloud, sdn and large data network environments from emerging ddos attacks. In 2017 7th International Conference on Cloud Computing, Data Science & Engineering - Confluence, pages 466–469.
Sokappadu, B., Hardin, A., Mungur, A., and Armoogum, S. (2019). Software defined networks: Issues and challenges. In 2019 Conference on Next Generation Computing Applications (NextComp), pages 1–5.
Wen, X., Yang, B., Chen, Y., Li, L. E., Bu, K., Zheng, P., Yang, Y., and Hu, C. (2016). Ruletris: Minimizing rule update latency for tcam-based sdn switches. In 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pages 179–188.
Xia, W., Wen, Y., Foh, C. H., Niyato, D., and Xie, H. (2015). A survey on software-defined networking. IEEE Communications Surveys & Tutorials, 17(1):27–51.
Yao, J., Han, Z., Sohail, M., and Wang, L. (2019). A robust security architecture for sdn-based 5g networks. Future Internet, 11(4).
Yuan, B., Zhang, C., Ren, J., Chen, Q., Xu, B., Zhang, Q., Li, Z., Zou, D., Zhang, F., and Jin, H. (2024). Toward automated attack discovery in sdn controllers through formal verification. IEEE Transactions on Network and Service Management, 21(3):3636–3655.
Yungaicela-Naula, N. M., Vargas-Rosales, C., Pérez-Díaz, J. A., and Zareei, M. (2022). Towards security automation in software defined networks. Computer Communications, 183:64–82.
Zhang, M., Bi, J., Bai, J., and Li, G. (2018). Floodshield: Securing the sdn infrastructure against denial-of-service attacks. In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), pages 687–698.
Foundation, O. (2023). Top 10 web application security risks. [link] [Accessado: 10 de Junho de 2024].
Foundation, O. N. (2024). Open network operating system (onos) sdn controller. [link] [Accessado: 15 de Junho de 2024].
Georgiev, S. and Nikolova, K. (2023). Implementation of an agile sdlc ci/cd pipeline for managing a sdn vxlan-evpn fabric. In 2023 31st National Conference with International Participation (TELECOM), pages 1–4.
Gopi, D., Cheng, S., and Huck, R. (2017). Comparative analysis of sdn and conventional networks using routing protocols. In 2017 International Conference on Computer, Information and Telecommunication Systems (CITS), pages 108–112.
Guo, C., Xie, D., Han, Y., Guo, J., and Wei, Z. (2020). Survey of software-defined network security issues. In Sun, X., Wang, J., and Bertino, E., editors, Artificial Intelligence and Security, pages 503–514, Singapore. Springer Singapore.
Liatifis, A., Sarigiannidis, P., Argyriou, V., and Lagkas, T. (2023). Advancing sdn from openflow to p4: A survey. ACM Comput. Surv., 55(9).
Nsafoa-Yeboah, K., Tchao, E. T., Yeboah-Akowuah, B., Kommey, B., Agbemenu, A. S., Keelson, E., and Monirujjaman Khan, M. (2022). Software-defined networks for optical networks using flexible orchestration: Advances, challenges, and opportunities. Journal of Computer Networks and Communications, 2022(1):5037702.
Pascoal, T. A., Dantas, Y. G., Fonseca, I. E., and Nigam, V. (2017). Slow TCAM exhaustion DDoS attack. In IFIP International Conference on ICT Systems Security and Privacy Protection, pages 17–31. Springer.
Pascoal, T. A., Fonseca, I. E., and Nigam, V. (2020). Slow denial-of-service attacks on software defined networks. Comput. Networks, 173:107223.
Qiu, X. and Tang, Z. (2022). Research advanced in the security defence of software defined network. In 2022 International Conference on Electronics and Devices, Computational Science (ICEDCS), pages 380–384.
Rios, V. D. M., Inácio, P. R. M., Magoni, D., and Freire, M. M. (2022). Detection and mitigation of low-rate denial-of-service attacks: A survey. IEEE Access, 10:76648–76668.
Smith-perrone, J. and Sims, J. (2017). Securing cloud, sdn and large data network environments from emerging ddos attacks. In 2017 7th International Conference on Cloud Computing, Data Science & Engineering - Confluence, pages 466–469.
Sokappadu, B., Hardin, A., Mungur, A., and Armoogum, S. (2019). Software defined networks: Issues and challenges. In 2019 Conference on Next Generation Computing Applications (NextComp), pages 1–5.
Wen, X., Yang, B., Chen, Y., Li, L. E., Bu, K., Zheng, P., Yang, Y., and Hu, C. (2016). Ruletris: Minimizing rule update latency for tcam-based sdn switches. In 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS), pages 179–188.
Xia, W., Wen, Y., Foh, C. H., Niyato, D., and Xie, H. (2015). A survey on software-defined networking. IEEE Communications Surveys & Tutorials, 17(1):27–51.
Yao, J., Han, Z., Sohail, M., and Wang, L. (2019). A robust security architecture for sdn-based 5g networks. Future Internet, 11(4).
Yuan, B., Zhang, C., Ren, J., Chen, Q., Xu, B., Zhang, Q., Li, Z., Zou, D., Zhang, F., and Jin, H. (2024). Toward automated attack discovery in sdn controllers through formal verification. IEEE Transactions on Network and Service Management, 21(3):3636–3655.
Yungaicela-Naula, N. M., Vargas-Rosales, C., Pérez-Díaz, J. A., and Zareei, M. (2022). Towards security automation in software defined networks. Computer Communications, 183:64–82.
Zhang, M., Bi, J., Bai, J., and Li, G. (2018). Floodshield: Securing the sdn infrastructure against denial-of-service attacks. In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), pages 687–698.
Publicado
16/09/2024
Como Citar
LEAL, Ryan M. S.; FREITAS, Johan K. E.; ALBUQUERQUE JÚNIOR, Francisco A. C.; LOPES, Waslon T. A.; CARVALHO, Fabrício B. S.; FONSECA, Iguatemi E..
Automação e Cibersegurança: Criando uma Ferramenta de Testes para Redes SDN. In: WORKSHOP DE TRABALHOS DE INICIAÇÃO CIENTÍFICA E DE GRADUAÇÃO - SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 209-218.
DOI: https://doi.org/10.5753/sbseg_estendido.2024.241892.
