Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Creating Resilient Software Defined Networks (SDN)

Creating Resilient Software Defined Networks (SDN)

Dr. Arun Sood and I presented a new approach for how to create reliable and resilient software defined networks.

Shahid N. Shah

December 10, 2014
Tweet

More Decks by Shahid N. Shah

Other Decks in Technology

Transcript

  1. Resilient SDN Controllers
    Arun Sood, PhD
    Prof Computer Science, Dir International Cyber Center, GMU
    Founder CEO SCIT Labs
    Shahid N. Shah
    CEO Netspective Communications
    All Rights Reserved - SCIT Labs Confidential
    and Proprietary

    View full-size slide

  2. Application Application
    Application Application
    Controller
    Management
    Monitoring
    APIs
    SDN
    Devices
    Application
    Layer
    Control
    Layer
    Infrastructure
    Layer
    SDN Architecture
    2

    View full-size slide

  3. SDN Security Threat Vectors
    3
    • Insert forged traffic
    • Communication paths
    • Network device vulnerabilities
    • Device logs
    • Controller vulnerabilities

    View full-size slide

  4. SDN Controllers
    4
    • Centralized or Distributed
    • Potential for single point of failure
    • Physical access
    • Static systems
    • Monitoring and remote access
    • Software driven - vulnerable to attack

    View full-size slide

  5. Breaches in the News
    • South Carolina Department of Revenue: 33 malwares were
    used to attack 44 systems
    – 75 GB lost; 3.8 M individual and >699K business tax
    returns; remediation cost estimated at $19 million
    • Target: False positives overwhelmed the security team
    – 40 million credit debit card info stolen; $236 million in
    expenses
    • Home Depot: Zero day attack – customized malware was not
    detected
    – 56 M cards stolen over five months. Cost $62 million
    • Reactive Security works some of the time. Remediation
    costs are high

    View full-size slide

  6. Cyber Threat Observations
    I. Intrusions are inevitable. Most breaches
    discovered by third parties
    II. Malware installed. Intruders stay in systems for
    days, weeks, months
    III. Current servers are “sitting ducks”
    6

    View full-size slide

  7. 7
    IDS,
    Firewall,
    IPS
    Monitoring
    High Losses Low
    High Intruder Residence Low
    Manual
    Reimage
    Resilience
    Automated
    Restoration
    Losses vs Intruder Residence
    7
    Perfect
    Software
    White Listing

    View full-size slide

  8. Cyber Resilience
    8
    • Typical requirements
    – Continuity of operations
    – Meet mission requirements
    – Limited degradation of performance
    • Operational requirement for threat deterrence
    – Restoration to pristine uncontaminated state

    View full-size slide

  9. Risk Management Approach
    Cyber Risk = Threats x Vulnerabilities x Consequences
    Focus on Consequence Management
    Resilience through seamless recovery
    User trade-off: compute cycles vs cyber risk (exposure)

    View full-size slide

  10. 10
    Cyber Kill Chain

    View full-size slide

  11. Resilience Approach: Self Cleansing Intrusion Tolerance
    Restoration & Moving Target Defense – How it works
    11

    View full-size slide

  12. Constantly Restore Server Integrity
    12

    View full-size slide

  13. Additional Advantages of
    Resilience & Restoration Approach
    13
    Security
    • Reduce data ex-filtration losses
    – Disconnect from malicious
    site
    – Rate modulation on outgoing
    data
    • IT Early warning
    • Respond to high threat intensity
    • Software whitelist on steroids
    • Reduce SOC ticket response time
    • Recovery
    • Forensic
    System & Network
    Management
    • Operational Resilience
    – No memory leaks
    – Apply hot patches – no server
    reboot required
    – Quick recovery from bad
    patch
    – Better manage the level of
    testing required
    • Configuration management
    • Automatically replace
    compromised VMs
    • Supports disaster recovery

    View full-size slide

  14. Cyber Security Solution Properties
    14
    • Accuracy
    • Speed
    • Agility
    • Automation
    • Defender workload vs Attacker workload

    View full-size slide

  15. Conclusion
    15
    • SDN security requires a resilience approach
    • SDN controller needs particular focus
    – Static implementations lead to asymmetric advantage
    for attacker
    – Successful persistent attacks can damage the network
    • SDN transactions are short – enables
    automated restoration
    • Cost of computer cycles is falling - supports a
    restoration strategy

    View full-size slide

  16. PROACTIVE CYBER ATTACK DEFENSE
    6 issued US patents (2009 – 2013)
    http://scitlabs.com/en/download/videos
    Arun Sood, Ph.D.
    [email protected]
    16

    View full-size slide

  17. Architects & Engineers for next generation networks
    http://www.Netspective.com
    Shahid N. Shah
    @ShahidNShah
    http://www.ShahidShah.com
    17

    View full-size slide