Resilient SDN Controllers Arun Sood, PhD Prof Computer Science, Dir International Cyber Center, GMU Founder CEO SCIT Labs Shahid N. Shah CEO Netspective Communications All Rights Reserved - SCIT Labs Confidential and Proprietary

Application Application Application Application Controller Management Monitoring APIs SDN Devices Application Layer Control Layer Infrastructure Layer SDN Architecture 2

SDN Security Threat Vectors 3 • Insert forged traffic • Communication paths • Network device vulnerabilities • Device logs • Controller vulnerabilities

SDN Controllers 4 • Centralized or Distributed • Potential for single point of failure • Physical access • Static systems • Monitoring and remote access • Software driven - vulnerable to attack

Breaches in the News • South Carolina Department of Revenue: 33 malwares were used to attack 44 systems – 75 GB lost; 3.8 M individual and >699K business tax returns; remediation cost estimated at $19 million • Target: False positives overwhelmed the security team – 40 million credit debit card info stolen; $236 million in expenses • Home Depot: Zero day attack – customized malware was not detected – 56 M cards stolen over five months. Cost $62 million • Reactive Security works some of the time. Remediation costs are high

Cyber Threat Observations I. Intrusions are inevitable. Most breaches discovered by third parties II. Malware installed. Intruders stay in systems for days, weeks, months III. Current servers are “sitting ducks” 6

7 IDS, Firewall, IPS Monitoring High Losses Low High Intruder Residence Low Manual Reimage Resilience Automated Restoration Losses vs Intruder Residence 7 Perfect Software White Listing

Cyber Resilience 8 • Typical requirements – Continuity of operations – Meet mission requirements – Limited degradation of performance • Operational requirement for threat deterrence – Restoration to pristine uncontaminated state

Risk Management Approach Cyber Risk = Threats x Vulnerabilities x Consequences Focus on Consequence Management Resilience through seamless recovery User trade-off: compute cycles vs cyber risk (exposure)

10 Cyber Kill Chain

Resilience Approach: Self Cleansing Intrusion Tolerance Restoration & Moving Target Defense – How it works 11

Constantly Restore Server Integrity 12

Additional Advantages of Resilience & Restoration Approach 13 Security • Reduce data ex-filtration losses – Disconnect from malicious site – Rate modulation on outgoing data • IT Early warning • Respond to high threat intensity • Software whitelist on steroids • Reduce SOC ticket response time • Recovery • Forensic System & Network Management • Operational Resilience – No memory leaks – Apply hot patches – no server reboot required – Quick recovery from bad patch – Better manage the level of testing required • Configuration management • Automatically replace compromised VMs • Supports disaster recovery

Cyber Security Solution Properties 14 • Accuracy • Speed • Agility • Automation • Defender workload vs Attacker workload

Conclusion 15 • SDN security requires a resilience approach • SDN controller needs particular focus – Static implementations lead to asymmetric advantage for attacker – Successful persistent attacks can damage the network • SDN transactions are short – enables automated restoration • Cost of computer cycles is falling - supports a restoration strategy

PROACTIVE CYBER ATTACK DEFENSE 6 issued US patents (2009 – 2013) http://scitlabs.com/en/download/videos Arun Sood, Ph.D. [email protected] 16

Architects & Engineers for next generation networks http://www.Netspective.com Shahid N. Shah @ShahidNShah http://www.ShahidShah.com 17