Personal tools
You are here: Home Events LFCS seminar: Vivek Nigam: Slow TCAM exhaustion DDoS attack

LFCS seminar: Vivek Nigam: Slow TCAM exhaustion DDoS attack

— filed under: ,

What
  • LFCS Seminar
  • Upcoming events
When Aug 22, 2017
from 04:00 PM to 05:00 PM
Where IF 4.31/4.33
Add event to calendar vCal
iCal

Software Defined Networks (SDN) facilitate network management by
decoupling the data plane which forwards packets using efficient
switches from the control plane by leaving the decisions on how packets
should be forwarded to a (centralized) controller. However, due to
limitations on the number of forwarding rules a switch can store in its
TCAM memory, SDN networks have been subject to saturation and TCAM
exhaustion attacks where the attacker is able to deny service by forcing
a target switch to install a great number of rules. An underlying
assumption is that these attacks are carried out by sending a high rate
of unique packets. This paper shows that this assumption is not
necessarily true and that SDNs are vulnerable to Slow TCAM exhaustion
attacks (Slow-TCAM). We analyse this attack arguing that existing
defenses for saturation and TCAM exhaustion attacks are not able to
mitigate SlowTCAM due to its relatively low traffic rate. We then
propose a novel defense called SIFT based on selective strategies
demonstrating its effectiveness against the Slow-TCAM attack. If time
permits, I will also discuss how formal methods can be used to find such
attacks.

Document Actions