Offensive ONOS
My experiments in weaponizing ONOS applications.
This is a part of research activity for my Cybersecurity M.Sc. Thesis (link), focused on detection of Cross App Poisoning Attacks in Software Defined Networks.
This research also led to discovery of CVE-2023-24279 and CVE-2023-30093.
Useful papers to get context:
- Cross-App Poisoning in Software-Defined Networking
- My Master's Degree Thesis
- Protecting Virtual Programmable Switches from Cross-App Poisoning (CAP) Attacks
- Classifying Poisoning Attacks in Software Defined Networking
- A Survey on Software Defined Networking: Architecture for Next Generation Network
Requirements
- JVM 11+ (https://www.oracle.com/java/technologies/downloads/)
- Maven (https://maven.apache.org/)
- ONOS 2.7.0 (https://wiki.onosproject.org/display/ONOS/Downloads)
In order to test the applications I've used Mininet to virtualize the data-plane, but it's optional (https://github.com/mininet/mininet/releases/).
Get Started
Compile an ONOS application ready to be installed and activated
make -C apps/APP-NAME compileSearch for .oar (ONOS archive) files
make oarSee this GitHub Gist to understand how to connect ONOS and a Mininet VM.
Links
- ONOS Wiki
- ONOS 2.7.0 API Documentation
- Thomas Vachuska - Creating and deploying ONOS app (Youtube)
- Introduction to Mininet
Changelog
Detailed changes for each release are documented in the release notes.
Contributing
Just open an issue / pull request.
edoardoottavianelli.it to contact me.