Discussion: Researching SDN and zero-day network attacks

The area surrounding SDN and zero-day network attacks is almost limitless, in regards its scope for future developments and improvements. Research to date only scratches the surface of this technology and its possibilities for the world’s future networks. It is my belief that creating a technology that would solve such issues would also have a significant market value. Bringing a project of developing this concept to the next stage would require a team of both researchers and software developers, along with full access to an adequate functional test bed.

To justify this it must be considered that in order to develop this software it must be fully understood, and extensively tested. The threat surface in our network infrastructures is constantly changing and to defend against an unknown threat quantity such as a zero day network attack many different approaches and attack methods need to be examined. It is my belief that SDN has all of the qualities needed to maintain and protect the networks of the future. It is also my belief that after researching the technology SDN also poses many new security obstacles that need to be further addressed.

The centralized controller architecture in my belief is an architecture that may need to be reexamined, as a single point of failure in a corporate network is not an acceptable risk factor. This however, should not be something to deter anyone from SDN it is simply an area that requires more attention in regards securing the environment and creating redundancy were the controller to go down.  During the course of this studying this technology it also came to my attention that the area of zero day attacks could not be defined to a specific attack method and therefore this area alone requires extensive research. It is proposed future projects should be split into three defined research modules.

  

 1)  The first module would be to extensively research past and present zero-day network attacks and endeavor to discover small similarities. There is already an active community carrying out this research in the form of HP’s zero-day initiative which was established in 2005. This community actively reports, records and researches zero-day attacks. In understanding the many different types of zero-day network attacks, similarities in code may not be found but it may uncover similarities in construct. It would then be possible to match these similarities to normal network activity data and it may be possible to identify early warning methods for such attacks.

This type of approach would still not be enough to ensure that zero-day exploits would be discovered in real-time, in fact potential attackers would certainly change their exploits to avoid this detection. This research would however, lead researchers to learn more about how potential hackers operate and therefore give an insight into how they construct and target attacks. All of this information may be useless by itself but combined may paint a picture of attack locations, unique signatures, hardware weakness and possibly many more unforeseen traits. This type of data gathering may unearth a larger scope and highlight unseen trends.

This type of data gathering however will only be of use if gathered on a massive scale, this would require mass collaborating across the board among all parties involved in various research across this area. This type of open collaboration can only lead to more positive outcomes and would also help kindle the open source collaboration that the SDN platform is currently being built on. It is our belief that the only way to fight an unknown threat such as a zero-day network attack is to take such an approach, and by doing so in a shared forum, opens the door for many different outlooks and opinions on the best ways and methods to combat this.

2)      The second module of research would be to extensively test not the capabilities of SDN but its weaknesses. It is not possible to have a technology that will defend and protect against the threats of the future if its own weakness are not first exposed and reinforced. In my opinion the capabilities of SDN far extend the scope of current networking capabilities, however, new threat surfaces are also presented, these new threat surfaces need to be examined and challenged thoroughly before SDN can be extensively rolled out. By first securing the weakness of the technology its strengths can then be accessed. It is my opinion that the open source communities such as the OpenDaylight project will have a far greater chance to conquer these vulnerabilities through mass collaboration and innovation.

The unique way that SDN is designed will allows for much more fluid networking platforms. Corporations and Governments will be able to tailor their networks to meet the demands of their environments both in quality of service and security. Custom applications can be written to meet specific demands for data centers, and cities such as Bristol as it endeavors to make history as the world’s first SDN city. In my opinion the Open Bristol project will be the most interesting project as regards a live research bed especially in regards to security. This project alone may very well test the weaknesses and capabilities of SDN in ways that have not previously been considered and should be closely monitored and heavily documented. It is projects like this that will give researchers an opportunity to test the capabilities of SDN to defend against not only zero-day network attacks but all network related intrusions. In my opinion security professionals and researchers should be allowed full access to this project in a collaborative effort to create the most efficient and powerful networking tools and architectures for the future. To expose these weaknesses now will only allow for a stronger implementation of the architecture as it becomes more mainstream.             

3)      The third and final module for research should be a combination of both modules 1 & 2. Meaning that in order to utilize software defined networking to automate the defense against zero-day network attacks, the two areas must be thoroughly tested and examined first. It is my belief that SDN will provide the answers that are needed in this area, but the path that will lead to this solution must first be thoroughly examined. As previously stated, before SDN can protect the networks of the future it must first gain the ability to protect itself. This ability will only be gained by continuous research and testing in the area. It is my hope that this blog and other articles and papers on the area have opened the door for a more heated and wide spread discussion around the area of zero-day network attacks and SDN. It is also my hope that any future work in the area is carried out in an open and collaborative fashion allowing for many ideas and concepts to be exchanged in order to find fitting solutions.

It is very important to remember that with SDN the world is not limited to a one network fits all implementation, as every architecture can be custom tailored to the needs of that network. This flexibility alone will go a long way to mitigate attacks that were once exploited by attacking set network infrastructures and hardware. By diversifying these future networks there is a layer of complication added that is currently not present. Researchers need to focus on these changing elements to creatively implement and innovative solutions that can be fitted into future networks defense mechanisms. It is my belief that the capabilities of SDN may far exceed what was originally thought of this new architecture, and only future developments will show exactly what the power of SDN has to offer.

After identifying zero-day network attacks as a potential area that can theoretically be irradiated by the arrival of software defined networking, it is hoped that this blog and other discussions and papers on the are have highlighted this topic. It is my hope that if anything this type of discussion and research will open a debate surrounding SDN and zero-day network attacks. It is also my hope that this will highlight the need for more discussion about the vulnerabilities that exist in current SDN architectures. It is vitally important that these weaknesses first be addressed and amended before SDN can be considered as a mainstream opponent to current network infrastructures. A project like Bristol is Open marks a vital keystone in the growth of this area and will be of keen interest as it evolves and take its place in the history books of networking. It will only be as project like this one emerge and are tested by the threats of the outside world, will the true capabilities and weaknesses of SDN will be understood.

It has been identified that this technology has only evolved so quick because of the open source communities that have nurtured and contributed to its development. It is my opinion that this collaboration will be the best way to create sustainable security solutions into the future, as once quoted the journalist Mark Shields, “There is always strength in numbers. The more individuals or organizations that you can rally to your cause, the better”.  This is the type of mentality that needs to be adapted when approaching SDN as the only way to maintain reliability and security is to constantly challenge the capabilities of the technology. It is our belief that there is no better way of doing this than leaving this technology in the hands of open source communities such as the OpenDaylight Project or project Floodlight. These open communities will allow for the innovation and creative thinking that may otherwise be curtailed in a more profit driven environment.

If you would like to add to this discussion feel free to share your opinions below.