Software-Defined Network (SDN) radically changes the network architecture by decoupling the network logic from the underlying forwarding devices. From a security perspective, SDN separates security concerns into control and data plane, where the data plane is composed of networking equipment such as switches and routers specialized in packet forwarding interacting with SDN controllers using the Southbound APIs. This architectural re-composition brings up exciting opportunities and challenges. The overall perception is that SDN capabilities will ultimately result in improved security. However, in its raw form, SDN could potentially make networks more vulnerable to attacks and harder to protect.This research will focus on identifying challenges faced in securing the data plane of SDN – one of the least explored but most critical components of this technology by formalising potential attack scenarios. For instance recently, it has been shown that attackers could use performance metrics (Input buffer and/or packet processing time) as side channels to infer forwarding policies. Similarly, vulnerabilities include potential exploits of software vulnerabilities (e.g. TCAM memory attacks) to compromise switches or to infer network topologies, or protocol attacks that consist of exploiting network protocol vulnerabilities to craft “fake” flow rules that override the existing rules.In addition, with the increased adoption of Software defined systems paradigm abstracting the actual hardware at different layers with software components, emerging technologies including Software Defined Cloud (SDCloud) for cloud management are equally vulnerable to compromised forwarding devices threats. This project aims then at establishing the set of requirements to protect the data plane of Software defined systems in a holistic and generic approach.
This opportunity is open to all registered Australian Universities and Australian Publicly Funded Research Agencies.
- Successful applicants must be able to meet the milestones and timelines outlined in their submission.
- Successful applicants must enter into a Data61 University Collaboration Agreement.
- Successful applicants will enter into the appropriate contracting arrangement within 3 weeks of announcement.
Terms and Conditions
Proposals submitted will be assessed equally on the following criteria:
- Alignment to Defence strategy and the project priorities articulated in this document
- Future science criticality
- Collaboration depth (e.g. Collaboration with DST staff, Data61 staff, other universities, an industry partner, etc.)
- Delivery of outcomes (e.g. the ability of the proposal to deliver the agreed outcomes and milestones).
- Game changing potential to Defence
Please limit submissions to no more than 2000 words. Ensure that all contact details, current and potential DST, Data61 collaborators and/or research partner details are on a separate page/covering sheet. The proposals will be de-identified during the selection process to eliminate any potential conflicts of interest.
Defence and Data61 reserves the right to fund all, some or none of the proposals received under this Call for Applications.
Contracts and Intellectual Property
Successful applicants will be required to enter into a Data61 University Collaboration Agreement and a subsidiary Collaborative Research Project Agreement with Data61 in order to access project funding. Data61 will enter into contracts with the lead party in each proposal.
Any IP generated as part of the projects will vest in Data61 unless otherwise agreed, and Defence will receive a license for Commonwealth purposes only.
Any Commonwealth funding contributed to the projects will be paid in accordance with successful completion of milestones and as negotiated by the parties. Where circumstances necessitate it is possible for a small payment to be made upon execution of the agreement and in accordance with Defence procurement rules.
How to Apply
Please submit via the DST portal.
Proposals are to be submitted by 4.30pm Australian Eastern Daylight Time (AEDT), 15 August 2018. Only projects submitted via email to Cyber-NGTF@dst.defence.gov.au by the above deadline will be considered in this round.
For further information or assistance, please contact: