RE-CHECKER: Towards Secure RESTful Service in Software-Defined Networking

Abstract

Over the years, Software-Defined Networking (SDN) has grown aggressively, and many SDN controller products have been released to date as not only open source projects but also commercial ones. Considering the adoption of SDN, the security of SDN components is an essential aspect that needs to be thoroughly investigated, so research in this area has been getting attention. However, despite growing interest in SDN security, SDN controllers are vulnerable to security vulnerabilities that have not yet been disclosed. Among them, we focus on RESTful services provided by SDN controllers because those services help users to implement useful network functions in a programmable way, so it can be a critical attack point to an adversary. Therefore, in this work, we try to find out vulnerabilities and bugs of the RESTful service implementation, which are powerful enough to jeopardize the entire network. To more efficiently detect those vulnerabilities and bugs, we introduce a framework called RE-CHECKER that can find the security holes of RESTful services in SDN controller. As a result, using RE-CHECKER, we found four bug types against three open source controllers: ONOS, Floodlight, and Ryu. To prove the feasibility and examine the potential impact of each vulnerability and bug, we demonstrate some vulnerable scenarios in the real SDN environments.