Industry 4.0 is a new strategic industrial development that is changing the way business develop communication and management protocols on their networks. Software-Defined Networking (SDN) can help this revolutionary process but to make the most of its potential, more abstract and customizable development paradigms are needed. In this work we present a toolkit whose scope is to allow a system network administrator to implement and verify in a formal way security policies, in the context of an industrial network. The prototype of our tool suite is based on four application plug-ins of the ONOS controller. Our SDN-based toolkit is able to detect compromised network boxes as a result of bogus injected flow-rules, inner loops and black-holes (notoriously difficult to detect via normal network scans), flow-rule replacements or removal and other SDN controller exploitations that may compromise the forwarding activities. We argue that our set of tools is already effective despite being at its development infancy, and its design easily extensible to other use cases.

A Policy Checker Approach for Secure Industrial SDN

Contoli, Chiara;
2018

Abstract

Industry 4.0 is a new strategic industrial development that is changing the way business develop communication and management protocols on their networks. Software-Defined Networking (SDN) can help this revolutionary process but to make the most of its potential, more abstract and customizable development paradigms are needed. In this work we present a toolkit whose scope is to allow a system network administrator to implement and verify in a formal way security policies, in the context of an industrial network. The prototype of our tool suite is based on four application plug-ins of the ONOS controller. Our SDN-based toolkit is able to detect compromised network boxes as a result of bogus injected flow-rules, inner loops and black-holes (notoriously difficult to detect via normal network scans), flow-rule replacements or removal and other SDN controller exploitations that may compromise the forwarding activities. We argue that our set of tools is already effective despite being at its development infancy, and its design easily extensible to other use cases.
2018
978-1-5386-7045-3
File in questo prodotto:
File Dimensione Formato  
NetSoft18.pdf

solo utenti autorizzati

Tipologia: Versione pre-print
Licenza: Copyright dell'editore
Dimensione 428.56 kB
Formato Adobe PDF
428.56 kB Adobe PDF   Visualizza/Apri   Richiedi una copia

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11576/2710135
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 13
  • ???jsp.display-item.citation.isi??? 16
social impact