| Software Defined Network is an innovative network architecture that separates the data and control layers of a network.Since this concept was first proposed so far,many SDN controllers have already been deployed.This is a newly proposed conceptual model,an adversary can launch various attacks to steal sensitive information and data,such as manipulating network status and denial of service attacks,and reject legitimate user requests.Therefore,compared with other network models,security issues,Become a top priority of SDN.Because the control plane in the SDN network is separate from the data plane,the data plane usually requires the control plane to acquire traffic rules when it finds new network data packets on the data plane that do not know how to handle.By taking advantage of this key attribute,our proposed attack can generate specific flow requests from the data plane to the control plane for devices that use SDN/Openflow switches.For example,malicious users and illegal users can attack controllers and switches,resulting in the denial of services of legitimate users,resulting in theft of sensitive information data of companies operating the network and financial losses.Despite some software testing and work to fix security vulnerabilities,as software becomes more complex,more bugs have emerged.Therefore,using effective,automated testing techniques,it is very important to discover vulnerabilities at minimal cost.In this article,we will apply the fuzzy detection method to detect defects and loopholes in the SDN controller.Fuzzing is a test technique that sends illegal or undefined data information to software and monitors it for abnormal behavior.Fuzzing technology is simple and powerful,it can find a large number of vulnerabilities,such as character overflow,SQL injection,denial of service attacks and format errors.Although these errors can be found in web applications and file formats,in this work,we will test the loopholes in the implementation of network protocols,specifically the Openflowprotocol.In this article,we use the Openflow protocol to implement SDN controllers Open Daylight and ONOS,and use Fuzzing technology to find some of these vulnerabilities.Therefore,understanding the work of the SDN system and building a reasonable test process will help improve the overall test efficiency.In testing,threat modeling is an effective method to identify and analyze risks and threats in the system.The list of threats was built using the STREC method and extensions using the CAPEC Mitre attack library.As mentioned above,we first analyze the SDN system and then use threat modeling to identify and analyze risks and vulnerabilities in the system.Then we use the Openflow protocol to implement SDN controllers:OpenDaylight and ONOS,and use Fuzzing technology to discover some of these vulnerabilities.A significant number of denial-of-service vulnerabilities and other bugs were discovered during the testing process.We used a few lines of code written by Scapy to try to crash the controller.After the crash until the OpenDaylight controller restarted,another major denial of service attack blocked legitimate applications from adding traffic to the designated switch.In addition,Fuzzing also shows some less important bugs that have affected OpenDaylight and ONOS controllers.At the end of this article,we summarized the hazard levels and triggering methods of the discovered vulnerabilities and described the impact of test case coverage on the entire testing process.Increasing the scope and number of test cases helps to cover the larger software.Range,which improves the test coverage,can find more loopholes,or design test cases based on the status of the controller and the switch,but also can increase the test coverage.So we only selected the number of test cases that cover more ranges.This also covers the larger part of the software. |
