Software-defined networking is a new paradigm that separates the network’s control plane from the data plane. Many SDN controllers have been implemented since this concept was first introduced. As with other network models, security becomes an important requirement because adversaries can launch various attacks to steal sen- sitive data, manipulate network’s state or cause denial of service to legitimate users.
In this work, we apply fuzzing techniques to discover vulnerabilities in implemen- tation of the OpenFlow protocol in SDN controllers such as OpenDaylight and ONOS. Careful planning and understanding of the system is crucial to improve testing efficiency. Threat modeling is an approach to identify and analyze risks and threats in the system under test. The list of threats is first constructed ap- plying the STRIDE methodology and extended using CAPEC Mitre attack libraries.
Testing revealed a considerable number of denial of service vulnerabilities and other bugs. An exploit of few lines of code written using scapy managed to crash the controller. Another important denial of service attack blocked legitimate applications to add flows to particular switches until the OpenDaylight controller is restarted. Moreover, fuzzing revealed several less important bugs, which affected both the OpenDaylight and ONOS controllers.
Testing presented a number of challenges. Measuring and improving test coverage poses a significant issue. Increasing the number of test case scenarios could help covering larger parts of the software.
Andi Bidaj (Aalto University): Security Testing SDN Controllers