Software-Defined Networking (SDN) is now widely deployed in production environments with an ever-growing community. Though SDN's software-based architecture enables network programmability, it also introduces dangerous code vulnerabilities into SDN controllers. However, the decoupled SDN control plane and data plane only communicate with each other with pre-defined protocol interactions, which largely increases the difficulty of exploiting such security weaknesses from the data plane.

In this talk, we extend the attack surface and introduce Custom Attack, a novel attack against SDN controllers that leverages legitimate SDN protocol messages (i.e., the custom protocol field) to facilitate Java code vulnerability exploitation. Our research shows that it was possible for a weak adversary to execute arbitrary command or manipulate data in the SDN controller without accessing the SDN controller or any applications, but only controlling a host or a switch.

To the best of our knowledge, Custom Attack is the first attack that can remotely compromise SDN software stack to simultaneously cause multiple kinds of attack effects in SDN controllers. Till now we have tested 5 most popular SDN controllers and their applications and found all of them are vulnerable to Custom Attack in some degree. 14 serious vulnerabilities are discovered, all of which can be exploited remotely to launch advanced attacks against controllers (e.g., executing arbitrary commands, exfiltrating confidential files, crashing SDN service, etc.).

This presentation will include:

 - an overview of SDN security research and practices.
 - a new attack methodology for SDN that is capable of compromising the entire network.
 - our research process that leads to these discoveries, including technical specifics of exploits.
 - showcases of interesting Custom Attack chains in real-world SDN projects.


  • Feng Xiao, Hacker
  • Jianwei Huang, Hacker
  • Peng LiuRaymond G. Tronzo, M.D. Professor of Cybersecurity

Feng Xiao
Feng Xiao will be a Ph.D. student at The Pennsylvania State University soon. He enjoys hacking all kinds of systems as well as finding vulnerabilities. He received his B.S. in Computer Science from Wuhan University in 2018.

He has published three papers (including posters) in well-known security conferences like CCS, MobiCom, ICICS etc. He was also the recipient of First Prize in 2016 China Undergraduate Security Contest, First Prize of 2015 BCTF, and Third Prize of 2015 0CTF.

Jianwei Huang
Jianwei Huang is a researcher at Wuhan University. He is interested in finding and solving security related problems.

Peng Liu
Dr. Liu is a professor at The Pennsylvania State University. His research interests are in computer security. He has published a monograph and over 270 refereed technical papers.

Detailed Presentation:

(Source: DEF CON 26)
E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)