Automated Discovery of Cross-Plane Event-Based Vulnerabilities in Software-Defined Networking (EventScope)

Software-definednetworking(SDN)achievesaprogrammablecontrolplanethroughtheuseoflogicallycentralized, event-drivencontrollersandthroughnetworkapplications(apps) that extendthecontrollers’ functionality.Ascontrolplanedecisionsareoftenbasedonthedataplane, itispossibleforcarefully craftedmaliciousdataplane inputs todirect the control plane towardsunwantedstatesthatbypassnetworksecurityrestrictions (i.e., cross-planeattacks).Unfortunately, becauseof thecomplex interplay among controllers, apps, and data plane inputs, at present it isdifficult tosystematicallyidentifyandanalyzethese cross-planevulnerabilities. WepresentEVENTSCOPE,avulnerabilitydetectiontool that automaticallyanalyzesSDNcontrolplaneeventusage,discovers candidate vulnerabilities basedonmissing event-handling routines, andvalidates vulnerabilitiesbasedondataplane effects. Toaccuratelydetectmissingeventhandlerswithoutgroundtruth ordeveloperaid,weclusterappsaccordingtosimilareventusage andmarkinconsistenciesascandidates.Wecreateaneventflow graphtoobserveaglobalviewofeventsandcontrolflowswithin thecontrolplaneanduseit tovalidatevulnerabilitiesthataffect the dataplane.We appliedEVENTSCOPE to theONOSSDN controlleranduncovered14newvulnerabilities.