'Know Your Enemy' scheme uses switch flow tables to design attacks
Software-defined networking SDN controllers respond to network conditions by pushing new flow rules to switches.
And that, say Italian researchers, creates an unexpected security problem.
The researchers were able to persuade their SDN environment to leak information that sysadmins probably don't want out in public, including network virtualisation setups, quality of service policies, and more importantly, security tool configuration information such as attack detection thresholds for network scanning .
Even a single switch's flow table, they write, can provide this kind of information, as well as serving as a side-channel for an attacker to exploit.
The three network boffins – Mauro Conti of the University of Padova, and Sapienza University's Fabio De Gaspari and Luigi Mancini – are particularly concerned about SDN being exploited to help an attacker build a profile of the target network, in what they call a Know Your Enemy KYE attack.