Title of Talk: Denial of Service Attacks on Software-Defined Networks

 

Biography: Dr. Rajendra Boppana is a Professor in the Department of Computer Science at the University of Texas at San Antonio (UTSA). Dr. Boppana’s research interests include computer networks security and performance and high-performance computing. Dr. Boppana is currently working on the analysis, visualization, and mitigation of denial of service attacks on software-defined networks. He published 75 peer-reviewed conference papers and journal articles, in addition to several book chapters on these topics. Dr. Boppana served as the principal investigator (PI) or co-PI for over 12 research grants from United States’ federal funding agencies and is the sole or lead inventor for three patents. Dr. Boppana received his Ph.D. degree in computer engineering from the University of Southern California, Los Angeles, USA. Dr. Boppana directed the UTSA’s Quantitative Literacy Program (QLP), which is a university-wide curriculum enhancement program, 2011-16. Dr. Boppana served as the chair of the Department of Computer Science from 2012 to 2018.

 

Abstract: Software defined networking facilitates better network management by decoupling the data and control planes of legacy routers and switches and is widely adopted in data center and production networks. The decoupling of control and data planes facilitates more optimal network management and deployment of elaborate security mechanisms, but also introduces new vulnerabilities which could be exploited using distributed denial of service (DDoS) attacks. This talk presents several protocol vulnerabilities and resource limitations that are exploited by DDoS attacks. Often, techniques mitigate these attacks change the attack surface, which can lead to new vulnerabilities exploitable by new DDoS attacks. Several examples of new vulnerabilities introduced by DDoS mitigation schemes are presented with potential attacks to exploit them. The talk concludes with some guidelines on designing DDoS attack mitigation schemes that minimize introduction of new vulnerabilities.

---