Research & Academic

Guardicore Labs is committed to innovation and collaboration. Together with our academy colleagues, we lead and participate in research projects in the fields of network security, analytics and fault tolerance.

Application Clustering: Machine Learning Approach to Datacenter Network Abstraction

Well defined and strict communication policies between applications reduce attack surface and restrict possible lateral movement across the network. However, companies often have very limited information about the applications running in their environments – where the applications are deployed, what their boundaries are and how they interact with each other. We introduce a novel machine learning approach that uses network flows to generate application-level representation of public and private cloud networks. This will greatly simplify the journey to a micro-segmented network.
Example of three applications (orange, grey and red)
Comparison of clustering algorithms score over data taken from 3 different datacenters
NetSlicer: Automated and Traffic-Pattern Based Application Clustering in Datacenters
Liron Schiff, Ofri Ziv (Guardicore, Israel), Manfred Jaeger (AAU, Denmark), and Stefan Schmid (AAU, Denmark and Univie, Austria) ACM SIGCOMM 2018 Workshop on Big Data Analytics and Machine Learning for Data Communication Networks (Big-DAMA), Budapest, Hungary, August 2018 Documents: [paper pdf], [bibtex bib], [datasets]

Teleportation Attacks: Vulnerability in the SDN Architecture

Software-defined networking (SDN) is considered a promising new paradigm, enabling more reliable and formally verifiable communication networks. Our research shows that what forms the basis for SDN – the separation of the control plane from the data plane – is vulnerable to an attack we are referring to as teleportation. An attacker, e.g., a malicious switch or a host, can transmit (“teleport”) information via the control plane, bypassing critical network functions in the data plane (e.g., a firewall), and violate security policies as well as logical and even physical separations.

Malicious switches abuse the control plane for hidden communication, possibly bypassing data plane security mechanisms such as a firewall
Message sequence pattern for indirect covert communication between two switches based on DPID collisions
Outsmarting Network Security with SDN Teleportation
Kashyap Thimmaraju (TU Berlin/T-Labs, Germany), Liron Schiff (Guardicore, Israel), and Stefan Schmid (AAU, Denmark and Univie, Austria) 2nd IEEE European Symposium on Security and Privacy (EuroS&P), Paris, France, April 2017 See also CVE-2015-7516 Documents: [paper pdf], [slides pdf], [demo video], [bibtex bib]
I DPID It My Way! A Covert Timing Channel in Software-Defined Networks
Robert Krösche, Kashyap Thimmaraju (TU Berlin, Germany), Liron Schiff (Guardicore, Israel), and Stefan Schmid (AAU, Denmark and Univie, Austria) IFIP Networking, Zurich, Switzerland, May 2018 See also CVE-2018-1000155 Documents: [paper pdf], [slides pdf], [bibtex bib]

SDN Robustness: Self Stabilization and Fault Tolerance

Software-defined network (SDN) architectures raise the question of how to deal with situations where the round trip via the control plane is not fast enough or not possible. In order to provide a high availability, connectivity, and robustness, dependable SDNs must support basic functionality also in the data plane. In our research we show how to extend SDNs with functionality for self-stabilizing in-band control and failover routing in the presence of link failures.

An abstract model for SDN switch and in-band control plane
Overview of the flow table configurations of switch i allowing DFS traversal of packets across the network
The Show Must Go On: Fundamental Data Plane Connectivity Services for Dependable SDNs
Michael Borokhovich (AT&T Labs, USA), Clement Rault (TU Berlin, Germany), Liron Schiff (Guardicore, Israel), and Stefan Schmid (AAU, Denmark and Univie, Austria) Computer Communications (COMCOM), Elsevier, 2018 Documents: [paper pdf], [bibtex bib]
Renaissance: A Self-Stabilizing Distributed SDN Control Plane
Marco Canini (UCL, Belgium), Iosif Salem (CUT, Sweden), Liron Schiff (Guardicore, Israel), Elad Michael Schiller (CUT, Sweden), and Stefan Schmid (AAU, Denmark and Univie, Austria) 38th IEEE International Conference on Distributed Computing Systems (ICDCS), Vienna, Austria, July 2018 Documents: [paper pdf], [bibtex bib], [tech. report]
Labs