IEEE Access (Jan 2019)

WhiteRabbit: Scalable Software-Defined Network Data-Plane Verification Method Through Time Scheduling

  • Takahiro Shimizu,
  • Naoya Kitagawa,
  • Kohta Ohshima,
  • Nariyoshi Yamai

DOI
https://doi.org/10.1109/ACCESS.2019.2929958
Journal volume & issue
Vol. 7
pp. 97296 – 97306

Abstract

Read online

Software-defined networks are vulnerable to attacks by compromised switches because commonly used programmable software switches are risky than traditional hardware ones. Although several countermeasures have been proposed to address compromised switches, the accuracy of detecting a malicious behavior depends on the performance of network statistics gathering by a controller. In this paper, we propose that WhiteRabbit is an approach to verify the consistency of the forwarding state by gathering real-time network statistics gathering from switches with accurate time scheduling. WhiteRabbit can detect attacks by compromised switches without being influenced by the performance of statistics gathering of a controller. Given that the proposed utilizes moving average, it mitigates the effect on the verification accuracy from the impact of the switch performance, such as scheduling error. In our previous work, we demonstrated the feasibility of WhiteRabbit using a prototype system. However, we could not evaluate the impact of the difference between the scheduled and actual execution times in our previous work, because we performed the experiment in a minimal setup using Mininet. Thus, we measured the scheduling error and time required to gather statistics in a large-scale environment. We also confirmed that the scheduling error is lower than the time required to gather statistics. Additionally, considering that WhiteRabbit only depends on the scheduling error, we verified that the accuracy of WhiteRabbit is higher than prior arts on the tree topology constructed with 15 switches.

Keywords