Translated Abstract
With the fast development and deployment of the SDN and its underlying technology OpenFlow, the corresponding security problem has become the focus of the industry. As the brain of the whole network, the security of SDN controller becomes increasingly important. As long as the controller is crashed, the whole network will be a mess. Aiming at this problem, this paper studies the security of SDN controller, implements fuzz test to dicover its vulnerability points, and performs some security testing.
Firstly, this paper introduces the basic conception of fuzz testing along with its detailed methods and procedures. According to the architecture of SDN network and the principle of controller’s operation, this paper selects the north and south interfaces of the SDN controller as the fuzz testing object; in order to discover the SDN controller’s vulnerability more effectively and inspect the exception handling ability of the SDN controller, this paper has developed two ways to do fuzz testing. One is to fuzz the field of the messages based on the existing fuzzing framework Sulley, the other is to fuzz the messages based on finite state machine. In addition, this paper develops the OpenFlow protocol interaction state analytic tool and the OpenFlow protocol message static library which make it easy to test different controllers. Then, we test the REST API exposed by the controller. Lastly, this paper has carried on some aggressive tests against SDN controllers.
Finally, this paper tests several SDN controllers including Floodlight, POX and NOX and successfully finds some potential vulnerabilities.
Corresponding authors email
