Security of Software-Defined Infrastrucure



Software-defined infrastructure (SDI) is a paradigm where the configuration and management of the infrastructure are controlled through software with limited (or no) manual intervention. It generalizes the concept of software-defined networking (SDN) to include application requirements from the infrastructure. Security is critical for SDI given the automated nature of its management and the numerous vulnerabilities introduced by many implementations. In this project, we focus on understanding the full spectrum of security and fault-tolerance requirements in SDI and propose practical solutions.



    Cross-App Poisoning in Software-Defined Networking. Benjamin E. Ujcich, Samuel Jero, Anne Edmundson, Qi Wang, Richard Skowyra, James Landry, Adam Bates, William H. Sanders, Cristina Nita-Rotaru, Hamed Okhravi. ACM CCS, 2018
    Identifier Binding Attacks and Defenses in Software-Defined Networks. Samuel Jero, William Koch, Richard Skowyra, Hamed Okhravi, Cristina Nita-Rotaru, David Bigelow. USENIX Security 2017, August 2017. [PDF]
    BEADS: Automated Attack Discovery in OpenFlow-based SDN Systems. Samuel Jero, Xiangyu Bu, Hamed Okhravi, Cristina Nita-Rotaru, Richard Skowyra, Sonia Fahmy. RAID 2017, September 2017. [PDF]


    Current Members

    • Daniel Kostecki

    Previous Members

    • Samuel Jero


  • Hamed Okhravi, MIT Lincoln Labs
  • Skowyra, Richard, MIT Lincoln Labs


This project is a collaboration with MIT Lincoln Labs.