Publications

Intent-based networking (IBN) enables network administrators to express high-level goals and network policies without needing to specify low-level forwarding configurations, topologies, or protocols. Administrators can define intents that capture the overall behavior they want from the network, and an IBN controller compiles such intents into low-level configurations that get installed in the network and implement the desired behavior. We discovered that current IBN specifications and implementations do not specify that flow rule installation orderings should be enforced, which leads to temporal vulnerabilities where, for a limited time, attackers can exploit indeterminate connectivity behavior to gain unauthorized network access. In this paper, we analyze the causes of such temporal vulnerabilities and their security impacts with a representative case study via the ONOS IBN implementation.We devise the Phantom Link attack and demonstrate a working exploit to highlight the security impacts. To defend against such attacks, we propose Spotlight, a detection method that can alert a system administrator of risky intent updates prone to exploitable temporal vulnerabilities. Spotlight is effective in identifying risky updates using realistic network topologies and policies. We show that Spotlight can detect risky updates in a mean time of 0.65 seconds for topologies of over 1,300 nodes.

Intent-based networking (IBN) offers advantages and opportunities compared with SDN, but IBN also poses new and unique security challenges that must be overcome.