FlowFuzz - A Framework for Fuzzing OpenFlow-Enabled Software and Hardware Switches

Presented at Black Hat USA 2017, July 26, 2017, 11:15 a.m. (50 minutes).

Software-defined Networking (SDN) is a new networking paradigm which aims for increasing the flexibility of current network deployments by separating the data from the control plane and by providing programmable interfaces to configure the network. Resulting in a more agile and eased network management and therefore in cost savings, SDN is already deployed in live networks i.e. Google's B4 backbone and NOKIA's cloud infrastructure. Despite these benefits, SDN broadens the attack surface as additional networking devices and protocols are deployed. Due their critical role within the softwarized management of the network, these devices and protocols are high ranked targets for potential attackers and thus require extensive testing and hardening.

In this work, we present FlowFuzz a fuzzing framework for SDN-enabled software and hardware switches. In particular we focus on the OpenFlow protocol which is currently the de facto standard communication protocol between SDN-enabled switches and the central controlling instance. Whereas the framework utilizes the output of conventional tools such as AddressSanitizer for investigating software switches, it also evaluates data obtained from side channels, i.e., processing times and power consumption to identify unique code execution paths within hardware switches to optimize the fuzzing process. Furthermore, we use our framework implementation to perform a first evaluation of the OpenVSwitch and a total of four SDN-enabled hardware switches. We conclude by presenting our findings and outline future extensions of the fuzzing framework.


Presenters:

  • Nicholas Gray - Computer Science M. Sc., University of Würzburg/ Chair of Communication Networks
    Nicholas Gray is PhD student at the University of Würzburg, Germany, where he also completed his Master's thesis in 2015. Here, his research interests include SDN/NFV architectures and their impact on network security.
  • Phuoc Tran-Gia - Professor and Director of the Chair of Communication Networks, University of Wurzburg
    Phuoc Tran-Gia is a Professor and Director of the Chair of Communication Networks, University of Wurzburg, Germany. He is also a member of the Advisory Board of Infosim (Germany) specialized in IP network management products and services. He has published more than 100 research papers in major conferences and journals. He was a recipient of the Fred W. Ellersick Prize 2013 from the IEEE Communications Society.
  • Thomas Zinner - Research Group Director, University of Wurzburg
    Thomas Zinner received his Diploma and Ph.D degrees in computer science from the University of Wurzburg, Germany, in 2007 and 2012, respectively. He is heading the research group on "Next Generation Networks" at the Chair of Communication Networks, University of Würzburg. His main research interests cover video streaming techniques, implementation of QoE awareness within networks, software defined networking (SDN) and network function virtualization, as well as the performance assessment of these technologies and architectures.
  • Manuel Sommer - Graduate Student, University of Wurzburg
    Manuel Sommer received his bachelor's degree in computer science from the University of Wurzburg, Germany in 2014 and is currently enrolled in the final stages of his master thesis. During an internship he gathered first experiences in software testing and ever since his research interests include software quality management and IT security.

Links:

Similar Presentations: