Print Email Facebook Twitter Taking Control of SDN-based Cloud Systems via the Data Plane Title Taking Control of SDN-based Cloud Systems via the Data Plane Author Thimmaraju, Kashyap (Technical University of Berlin) Shastry, Bhargava (Technical University of Berlin) Fiebig, T. (TU Delft Information and Communication Technology) Hetzelt, Felicitas (Technical University of Berlin) Seifert, Jean-Pierre (Technical University of Berlin) Feldmann, Anja (Max Planck Institut für Informatik) Schmid, Stefan (University of Vienna) Date 2018 Abstract Virtual switches are a crucial component of SDN-based cloud systems, enabling the interconnection of virtual machines in a flexible and “software-defined” manner. This paper raises the alarm on the security implications of virtual switches. In particular, we show that virtual switches not only increase the attack surface of the cloud, but virtual switch vulnerabilities can also lead to attacks of much higher impact compared to traditional switches. We present a systematic security analysis and identify four design decisions which introduce vulnerabilities. Our findings motivate us to revisit existing threat models for SDN-based cloud setups, and introduce a new attacker model for SDN-based cloud systems using virtual switches. To reference this document use: http://resolver.tudelft.nl/uuid:8b24d59f-daeb-4663-a1b8-c41c22abd880 DOI https://doi.org/10.1145/3185467.3185468 Publisher Association for Computing Machinery (ACM) Source Proceedings of ACM Symposium on SDN Research (SOSR) Event ACM Symposium on SDN Research (SOSR), 2018-03-28 → 2018-03-29, Los Angeles, United States Part of collection Institutional Repository Document type conference paper Rights © 2018 Kashyap Thimmaraju, Bhargava Shastry, T. Fiebig, Felicitas Hetzelt, Jean-Pierre Seifert, Anja Feldmann, Stefan Schmid Files PDF sosr18.pdf 1.05 MB Close viewer /islandora/object/uuid:8b24d59f-daeb-4663-a1b8-c41c22abd880/datastream/OBJ/view