-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathepisode-42.xml
77 lines (72 loc) · 4.05 KB
/
episode-42.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
<?xml version="1.0" encoding="utf-8"?>
<item xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd">
<title>FlowFuzz</title>
<guests>Nicholas Gray and Thomas Zinner from University of Würzburg</guests>
<description>
<p>
Nicholas Gray is a PhD student at the University of Würzburg, Germany,
where he also completed his Master's thesis in 2015. His research
interests include SDN/NFV architectures and their impact on network
security. Thomas Zinner received his Diploma and Ph.D degrees in
computer science from the University of Wurzburg, Germany, in 2007 and
2012, respectively. Nicholas is a member of the research group headed by
Thomas on ``Next Generation Networks'' at the Chair of Communication
Networks, University of Würzburg.
</p>
<p>
This episode is about FlowFuzz, a framework for fuzzing OpenFlow-enabled
software and hardware switches. It covers the <a
href="https://www.blackhat.com/us-17/briefings/schedule/#flowfuzz---a-framework-for-fuzzing-openflow-enabled-software-and-hardware-switches-7642">material
presented</a> by Nicholas at Black Hat Briefings on July 26, in a session
with the following abstract:
</p>
<blockquote>
<p>
Software-defined Networking (SDN) is a new networking paradigm which
aims for increasing the flexibility of current network deployments by
separating the data from the control plane and by providing
programmable interfaces to configure the network. Resulting in a more
agile and eased network management and therefore in cost savings, SDN
is already deployed in live networks i.e. Google's B4 backbone and
NOKIA's cloud infrastructure. Despite these benefits, SDN broadens the
attack surface as additional networking devices and protocols are
deployed. Due their critical role within the softwarized management of
the network, these devices and protocols are high ranked targets for
potential attackers and thus require extensive testing and hardening.
</p>
<p>
In this work, we present FlowFuzz a fuzzing framework for SDN-enabled
software and hardware switches. In particular we focus on the OpenFlow
protocol which is currently the de facto standard communication
protocol between SDN-enabled switches and the central controlling
instance. Whereas the framework utilizes the output of conventional
tools such as AddressSanitizer for investigating software switches, it
also evaluates data obtained from side channels, i.e., processing times
and power consumption to identify unique code execution paths within
hardware switches to optimize the fuzzing process. Furthermore, we use
our framework implementation to perform a first evaluation of the Open
vSwitch and a total of four SDN-enabled hardware switches. We conclude
by presenting our findings and outline future extensions of the fuzzing
framework.
</p>
</blockquote>
<p>
For more information on the group that produced this research, please
visit <a href="http://sardine-project.org/">sardine-project.org</a>.
</p>
<p class="attribution">
OVS Orbit is produced by <a href="mailto:[email protected]">Ben Pfaff</a>. The
intro music in this episode is <a
href="http://dig.ccmixter.org/files/AlexBeroza/43098">Drive</a>,
featuring cdk and DarrylJ, copyright 2013, 2016 by Alex. The bumper
music is <a href="http://dig.ccmixter.org/files/speck/42100">Yeah Ant</a>
featuring Wired Ant and Javolenus, copyright 2013 by Speck. The outro
music is <a href="http://dig.ccmixter.org/files/Kirkoid/43005">Space
Bazooka</a> featuring Doxen Zsigmond, copyright 2013 by Kirkoid. All
content is licensed under a Creative Commons <a
href="http://creativecommons.org/licenses/by/3.0/">Attribution 3.0
Unported (CC BY 3.0)</a> license.
</p>
</description>
<pubDate>Fri, 22 Sep 2017 02:58:21 GMT</pubDate>
</item>