Vulnerabilities of network OS and mitigation with state-based permission system

Noh, Jiseong; Lee, Seunghyeon; Park, Jaehyun; Shin, Seungwon; Kang, Brent Byunghoon
September 2016
Security & Communication Networks;Sep2016, Vol. 9 Issue 13, p1971
Academic Journal
The advancement of software defined networking (SDN) is redefining traditional computer networking architecture. The role of the control plane of SDN is of such importance that SDNs are referred to as network operating systems (OSs). However, the robustness and security of the network OS has been overlooked. In this paper, we report three main issues pertaining to network OSs. First, we identified vulnerabilities that could be exploited by malicious or buggy applications running on network OSs. We also identified four major attack vectors that could undermine network OS operations: denial of service, global data manipulation, control plane poisoning, and system shell execution. Further, it was demonstrated that real-world attacks can be launched on commonly used network OSs without significant effort. Second, we present a method to address the attacks by analyzing network applications running on network OSs to identify their behavioral features, which enabled the extraction of a permission set for each network application. Based on this work, a permission-based malicious network application detector was introduced, which examines the permission set of each application and prevents it from executing without permission. Our system shows almost no performance overhead. Copyright © 2015 John Wiley & Sons, Ltd.


Related Articles

  • Virtually secure? [virtual machine]. Bradbury, Dan // Engineering & Technology (17509637);11/8/2008, Vol. 3 Issue 19, p54 

    The argument for virtualisation as a security tool makes perfect sense: however it is delivered, malware generally attacks the underlying operating system. It installs software to carry out a malware writer's goals, which are largely criminal, consisting of spam distribution, password stealing,...

  • The phantom menace: Security. Sequeira, Allwyn // Communications News;May2007, Vol. 44 Issue 5, p22 

    The article focuses on methods of providing computer network security on virtualized networks, a platform that allows multiple operating systems to run on a host computer at the same time. This software, however, now exposes the network on the server, creating a new target for hackers. Virtual...

  • One size only: XXXL.  // Accountancy;Oct2001, Vol. 128 Issue 1298, p56 

    This article introduces the Windows XP operating software from Microsoft Corp. Microsoft announces that Windows XP operating software is the best operating system the company has ever built. Hence, on October 25, 2001, the operating software will be available worldwide. Windows XP demands huge...

  • Untitled. Kamath, John-paul // Computer Weekly;12/4/2007, p87 

    The article focuses on the sale of Microsoft Corp.'s operating system Vista. The sale of Vista have hit 88 million and the company highlighted a number of customer migrations it says show that users are gearing up to switch to the year-old operating system. In addition to the 88 million copies...

  • WEBLOG. Brooks, Jason // eWeek;8/7/2006, Vol. 23 Issue 31, p39 

    The article reports on the Fedora Legacy Project. It also reports the termination of the Fedora Core 1, Fedora Core 2 and Red Hat Linux versions 7.3 and 9. Fedora Legacy, the project that charged itself with maintaining support updates for Fedora releases will stop supporting the first two...

  • Virtual machines go mobile.  // Communications News;May2007, Vol. 44 Issue 5, p16 

    The article focuses on software to improve the performance of virtual machines, computers within a computer that allow different operating systems to function on the same computer. Business travelers in the computer and communications industries often employ multiple virtual machines that can be...

  • Libjit Linear Scan: a Model for Fast and Efficient Compilation. Kononenko, K. // International Review on Modelling & Simulations;Oct2010, Vol. 3 Issue 5, p1035 

    We present a software package for advanced just-in-time compilation. We solve this task using a new model. The efficiency of the model has been demonstrated in an experiment where a problem has been solved using three different algorithms. All three algorithms have shown that only this model...

  • Taming transitive permission attack via bytecode rewriting on Android application. Wang, Daibin; Jin, Hai; Zou, Deqing; Xu, Peng; Zhu, Tianqing; Chen, Gang // Security & Communication Networks;Sep2016, Vol. 9 Issue 13, p2100 

    Google Android is popular for mobile devices in recent years. The openness and popularity of Android make it a primary target for malware. Even though Android's security mechanisms could defend most malware, its permission model is vulnerable to transitive permission attack, a type of privilege...

  • Trusted OS to the rescue.  // eWeek;4/18/2005, Vol. 22 Issue 16, p32 

    The article focuses on IT systems security. Trusted operating systems and the compartmentalization are built on the assumption that attackers may find a way into an operating system function but that any damage they do can be limited to that function and prevented from spreading to other...


Read the Article


Sorry, but this item is not currently available from your library.

Try another library?
Sign out of this library

Other Topics