Archivio Istituzionale della RicercaNetwork topology verification in Software-Defined Networks (SDN) poses a significant challenge, as vulnerabilities can allow attackers to deceive the controller and manipulate the data plane into incorrect topologies, thereby endangering the entire network's security. Current solutions fail to guarantee both security and efficiency in the verification process, often resulting in damaging user traffic. With the aim of solving joint objectives, in this paper, we introduce PathSafe, a novel tool constructed on top of the existing controller frameworks designed for secure path verification in SDN environments. It enables the verification of all available paths between two points in the network and ensures a secure process. Our approach requires a data plane component for real-time packet monitoring at line speed and a control plane verification step. Our research demonstrates that PathSafe effectively mitigates security risks in compromised switches and host scenarios. Alongside a theoretical exploration of this challenge, we present a proof of concept implemented in P4, a common language for programmable data planes. Results obtained in Mininet underscore the practical applicability of PathSafe that, compared to alternatives, reduces overhead in the verification process while maintaining a limited execution time.
PathSafe: Secure Path Verification in Software-Defined Networks / Monaco, Doriana; Antonijevi´c, Nikola; Duttagupta, Sayon; Singel´ee, Dave; Sacco, Alessio; Marin, Eduard; Preneel, Bart. - (2025). (Intervento presentato al convegno NOMS 2025-2025 IEEE Network Operations and Management Symposium tenutosi a Honolulu (USA) nel 12–16 May 2025) [10.1109/NOMS57970.2025.11073644].
PathSafe: Secure Path Verification in Software-Defined Networks
Doriana Monaco;Alessio Sacco;
2025
Abstract
Network topology verification in Software-Defined Networks (SDN) poses a significant challenge, as vulnerabilities can allow attackers to deceive the controller and manipulate the data plane into incorrect topologies, thereby endangering the entire network's security. Current solutions fail to guarantee both security and efficiency in the verification process, often resulting in damaging user traffic. With the aim of solving joint objectives, in this paper, we introduce PathSafe, a novel tool constructed on top of the existing controller frameworks designed for secure path verification in SDN environments. It enables the verification of all available paths between two points in the network and ensures a secure process. Our approach requires a data plane component for real-time packet monitoring at line speed and a control plane verification step. Our research demonstrates that PathSafe effectively mitigates security risks in compromised switches and host scenarios. Alongside a theoretical exploration of this challenge, we present a proof of concept implemented in P4, a common language for programmable data planes. Results obtained in Mininet underscore the practical applicability of PathSafe that, compared to alternatives, reduces overhead in the verification process while maintaining a limited execution time.
| File | Dimensione | Formato | |
|---|---|---|---|
|
PathSafe_NOMS_2025-2.pdf
accesso aperto
Tipologia:
2. Post-print / Author's Accepted Manuscript
Licenza:
Pubblico - Tutti i diritti riservati
Dimensione
468.7 kB
Formato
Adobe PDF
|
468.7 kB | Adobe PDF | Visualizza/Apri |
|
PathSafe_Secure_Path_Verification_in_Software-Defined_Networks.pdf
accesso riservato
Tipologia:
2a Post-print versione editoriale / Version of Record
Licenza:
Non Pubblico - Accesso privato/ristretto
Dimensione
538.87 kB
Formato
Adobe PDF
|
538.87 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/11583/3001634