Research & Academic
Guardicore Labs is committed to innovation and collaboration. Together with our academy colleagues, we lead and participate in research projects in the fields of network security, analytics and fault tolerance.
Well defined and strict communication policies between applications reduce attack surface and restrict possible lateral movement across the network. However, companies often have very limited information about the applications running in their environments – where the applications are deployed, what their boundaries are and how they interact with each other. We introduce a novel machine learning approach that uses network flows to generate application-level representation of public and private cloud networks. This will greatly simplify the journey to a micro-segmented network.
NetSlicer: Automated and Traffic-Pattern Based Application Clustering in Datacenters
Liron Schiff, Ofri Ziv (Guardicore, Israel), Manfred Jaeger (AAU, Denmark), and Stefan Schmid (AAU, Denmark and Univie, Austria)
ACM SIGCOMM 2018 Workshop on Big Data Analytics and Machine Learning for Data Communication Networks (Big-DAMA), Budapest, Hungary, August 2018
Documents: [paper pdf], [bibtex bib], [datasets]
Software-defined networking (SDN) is considered a promising new paradigm, enabling more reliable and formally verifiable communication networks. Our research shows that what forms the basis for SDN – the separation of the control plane from the data plane – is vulnerable to an attack we are referring to as teleportation. An attacker, e.g., a malicious switch or a host, can transmit (“teleport”) information via the control plane, bypassing critical network functions in the data plane (e.g., a firewall), and violate security policies as well as logical and even physical separations.
Outsmarting Network Security with SDN Teleportation
Kashyap Thimmaraju (TU Berlin/T-Labs, Germany), Liron Schiff (GuardiCore, Israel), and Stefan Schmid (AAU, Denmark and Univie, Austria)
2nd IEEE European Symposium on Security and Privacy (EuroS&P), Paris, France, April 2017
See also CVE-2015-7516
Documents: [paper pdf], [slides pdf], [demo video], [bibtex bib]
I DPID It My Way! A Covert Timing Channel in Software-Defined Networks
Robert Krösche, Kashyap Thimmaraju (TU Berlin, Germany), Liron Schiff (GuardiCore, Israel), and Stefan Schmid (AAU, Denmark and Univie, Austria)
IFIP Networking, Zurich, Switzerland, May 2018
See also CVE-2018-1000155
Documents: [paper pdf], [slides pdf], [bibtex bib]
Software-defined network (SDN) architectures raise the question of how to deal with situations where the round trip via the control plane is not fast enough or not possible. In order to provide a high availability, connectivity, and robustness, dependable SDNs must support basic functionality also in the data plane. In our research we show how to extend SDNs with functionality for self-stabilizing in-band control and failover routing in the presence of link failures.
The Show Must Go On: Fundamental Data Plane Connectivity Services for Dependable SDNs
Michael Borokhovich (AT&T Labs, USA), Clement Rault (TU Berlin, Germany), Liron Schiff (GuardiCore, Israel), and Stefan Schmid (AAU, Denmark and Univie, Austria)
Computer Communications (COMCOM), Elsevier, 2018
Documents: [paper pdf], [bibtex bib]
Renaissance: A Self-Stabilizing Distributed SDN Control Plane
Marco Canini (UCL, Belgium), Iosif Salem (CUT, Sweden), Liron Schiff (GuardiCore, Israel), Elad Michael Schiller (CUT, Sweden), and Stefan Schmid (AAU, Denmark and Univie, Austria)
38th IEEE International Conference on Distributed Computing Systems (ICDCS), Vienna, Austria, July 2018
Documents: [paper pdf], [bibtex bib], [tech. report]