Title

Path Verification in Software-defined Networks Using Programmable Data Planes

Abstract

Abstract

Software Defined Networks (SDNs) revamp the traditional network
architectures by segregating the data plane and control plane and introducing
a programmable and logically centralized control plane. Although SDNs bring
along extensive improvements, as well as solutions to some of the network
security problems, the security of SDN itself is often overlooked. Especially
the security of the data plane is often overlooked because of the wide-spread
assumption that the data plane devices are trusted. However, an adversary can
compromise data plane devices and change their behavior. Due to a lack of
verification mechanisms, the controller cannot verify that the forwarding
behavior has not been altered and packets follow their intended paths.
Solutions for traditional IP networks cannot be readily applied to SDN
deployments. Moreover, solutions in SDN domain are held back by the
limitations of the broadly used OpenFlow devices on the data plane. In this
thesis, we present the path verification problem and propose a controller design,
P4thV, that provides path verification and packet integrity verification by
leveraging the benefits of SDNs and the programmable data planes using P4.
P4thV works by analyzing the packets entering and exiting the network to
detect packet integrity violations as well as abnormal forwarding behaviors.
Additionally, P4thV collects flow statistics from switches to verify
the forwarding behavior of the switches further and detect attacks against the data
plane. We prototype P4thV using Python, and P4 enabled open source BMv2
software switch. We then evaluate its performance using Mininet emulations and
present our results. Further, we compare P4thV against recent studies FOCES
and SPHINX. Our experiments show that P4thV outperforms FOCES by achieving
over 97% verification accuracy and almost two times faster anomaly detection
while requiring 50% less control channel messages than SPHINX and causing
negligible additional forwarding delays and 10% throughput degradation.
Join Zoom Meeting
https://zoom.us/j/95397404016?pwd=WW5VMVNhSGNQaDRrZi9UL3lIeG9Ndz09
Meeting ID: 953 9740 4016
Passcode: hakan

Supervisor(s)

Supervisor(s)

HAKAN BOSTAN

Date and Location

Date and Location

2022-01-24 11:00:00

Category

Category

MSc_Thesis