Delta – SDN Security Evaluation & Penetration Testing Framework

DELTA is a penetration testing framework that regenerates known attack scenarios for diverse test cases. This framework also provides the capability of discovering unknown security problems in SDN by employing a fuzzing technique.

1. Agent-Manager is the control tower. It takes full control over all the agents deployed to the target SDN network.
2. Application-Agent is a legitimate SDN application that conducts attack procedures and is controller-dependent. The known malicious functions are implemented as application-agent functions.
3. Channel-Agent is deployed between the controller and the OpenFlow-enabled switch. The agent sniffs and modifies the unencrypted control messages. It is controller-independent.
4. Host-Agent behaves as if it was a legitimate host participating in the target SDN network. The agent demonstrates an attack in which a host attempts to compromise the control plane.

Also Read whatweb – Tool to Discover Security Vulnerabilities With Your Web Application

Installing DELTA

Its installation depends on maven and ant build system. The mvn command is used to install the agent-manager and the agents. It can support an All-In-One Single Machine environment via containers as well as a real hardware SDN environment.

• STEP 1. Get the source code of DELTA on the agent manager machine

$ git clone https://github.com/OpenNetworkingFoundation/DELTA.git

• STEP 2. Install DELTA dependencies

$ cd <DELTA>/tools/dev/delta-setup/
$ ./delta-setup-devenv-ubuntu

• STEP 3. Install three containers using lxc

$ source ./<DELTA>/tools/dev/delta-setup/bash_profile
$ cd <DELTA>/tools/dev/lxc-setup
$ ./lxc-create

$ sudo vi /etc/default/lxc-net
Uncomment "LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf"
$ sudo service lxc-net restart
$ sudo lxc-start -n container-cp -d

$ sudo vi /etc/apparmor.d/abstractions/lxc/container-base
Uncomment "mount options=(rw, make-rprivate) -> **,"
$ sudo apparmor_parser -r /etc/apparmor.d/lxc-containers

$ cd ~
$ ssh-keygen -t rsa
(Press Enter)
$ ssh-copy-id -i ~/.ssh/id_rsa.pub $DELTA_CP
(ID: ubuntu, PW: ubuntu)

$ ssh $DELTA_CP
(DELTA_CP) $ sudo visudo
In the bottom of the file, type the follow:
ubuntu ALL=(ALL) NOPASSWD: ALL
(DELTA_CP) $ exit

$ cd <DELTA>/tools/dev/lxc-setup
$ ./lxc-setup
$ ssh-copy-id -i ~/.ssh/id_rsa.pub $DELTA_CH
$ ssh-copy-id -i ~/.ssh/id_rsa.pub $DELTA_DP

• In the case of all-in-one single machine, the test environment is automatically setup as below:

Running DELTA

• STEP 1. Distribute the executable files to Containers

$ cd <DELTA>
$ source ./tools/dev/delta-setup/bash_profile
$ ./tools/dev/delta-setup/delta-agents-scp

• STEP 2. Execute Agent-Manager first

$ cd <DELTA>
$ bin/run-delta tools/config/<configuration file> # e.g., manager_vm.cfg

 DELTA: A Penetration Testing Framework for Software-Defined Networks

 [pP] - Show all known attacks
 [cC] - Show configuration info
 [kK] - Replaying known attack(s)
 [uU] - Finding an unknown attack
 [qQ] - Quit

Command>_

• STEP 3. Connect Web-based UI (port number is 7070)

Main Contributors

• Seungsoo Lee (KAIST)
• Jinwoo Kim (KAIST)
• Seungwon Woo (KAIST)
• Changhoon Yoon (KAIST)
• Sandra Scott-Hayward (Queen’s University Belfast)
• Seungwon Shin (KAIST)