DC Field | Value | Language |
---|---|---|
dc.contributor.advisor | Kang, Brent ByungHoon | - |
dc.contributor.advisor | 강병훈 | - |
dc.contributor.author | Noh, Jiseong | - |
dc.contributor.author | 노지성 | - |
dc.date.accessioned | 2017-03-29T02:41:10Z | - |
dc.date.available | 2017-03-29T02:41:10Z | - |
dc.date.issued | 2014 | - |
dc.identifier.uri | http://library.kaist.ac.kr/search/detail/view.do?bibCtrlNo=657510&flag=dissertation | en_US |
dc.identifier.uri | http://hdl.handle.net/10203/221938 | - |
dc.description | 학위논문(석사) - 한국과학기술원 : 정보보호대학원, 2014.8 ,[v, 43 p. :] | - |
dc.description.abstract | The advancement of Software Defined Networking (SDN) redefines traditional computer networking architecture. The role of control plane of SDN is so important that it is called network operating system. However, research on robustness or security issues of network operating system has been overlooked. In this thesis, we report three main issues on network operating system. First, we find vulnerabilities that can be exploited by malicious or buggy applications running on a network operating system. We have identified four major attack vectors that could undermine its operations: Denial of service, Global data manipulation, Control plane poisoning, and System shell execution. We also demonstrate real attacks on the widely used network operating systems without significant effort. Second, we present a method to address the attacks. We analyze network applications running on top of network operating systems, identify their behavioral features, and extract permission set for each network application. With the method, we introduce a permission based malicious network application detector, which examines the permission of each application and prevents its executions without permission. Our system shows almost no performance overhead. Third, we propose a way of security enhanced future network OS with our application analysis results. The results suggest i) separation of internal data among applications, ii) separation of privileges between network OS and user applications, iii) authentication mechanism to access internal database and management channel. | - |
dc.language | eng | - |
dc.publisher | 한국과학기술원 | - |
dc.subject | Software Defined Networking | - |
dc.subject | Network Operating System | - |
dc.subject | Network Security | - |
dc.subject | 소프트웨어 정의 네트워크 | - |
dc.subject | 네트워크 운영 체제 | - |
dc.subject | 네트워크 보안 | - |
dc.title | Attacking and defending network operating system in software-defined networking | - |
dc.title.alternative | 소프트웨어 정의 네트워크 운영 체제 공격 및 방어 | - |
dc.type | Thesis(Master) | - |
dc.identifier.CNRN | 325007 | - |
dc.description.department | 한국과학기술원 :정보보호대학원, | - |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.