{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,9]],"date-time":"2026-04-09T11:28:31Z","timestamp":1775734111524,"version":"3.50.1"},"reference-count":36,"publisher":"Association for Computing Machinery (ACM)","issue":"7","license":[{"start":{"date-parts":[[2024,7,1]],"date-time":"2024-07-01T00:00:00Z","timestamp":1719792000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Commun. ACM"],"published-print":{"date-parts":[[2024,7]]},"abstract":"<jats:p>Intent-based networking (IBN) offers advantages and opportunities compared with SDN, but IBN also poses new and unique security challenges that must be overcome.<\/jats:p>","DOI":"10.1145\/3639702","type":"journal-article","created":{"date-parts":[[2024,6,21]],"date-time":"2024-06-21T20:22:08Z","timestamp":1719001328000},"page":"56-65","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Security Challenges of Intent-Based Networking"],"prefix":"10.1145","volume":"67","author":[{"given":"Jiwon","family":"Kim","sequence":"first","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}]},{"given":"Hamed","family":"Okhravi","sequence":"additional","affiliation":[{"name":"MIT Lincoln Laboratory, Lexington, MA, USA"}]},{"given":"Dave (Jing)","family":"Tian","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}]},{"given":"Benjamin E.","family":"Ujcich","sequence":"additional","affiliation":[{"name":"Georgetown University, Washington, D.C., USA"}]}],"member":"320","published-online":{"date-parts":[[2024,7,2]]},"reference":[{"key":"e_1_3_1_2_2","unstructured":"3GPP. Study on scenarios for Intent driven management services for mobile networks (Release 17) 2020;\u00a0https:\/\/bit.ly\/3K2ICqS."},{"key":"e_1_3_1_3_2","unstructured":"Abhashkumar A. Gember-Jacobson A. and Akella A. Tiramisu: Fast multilayer network verification. In Proceedings of the 17th USENIX Symp. on Networked Systems Design and Implementation (2020) 201\u2013219."},{"key":"e_1_3_1_4_2","doi-asserted-by":"crossref","unstructured":"Abhashkumar A. et al. Supporting diverse dynamic intent-based policies using Janus. In Proceedings of the 13th Intern. Conf. on Emerging Networking Experiments and Technologies (2017) 296\u2013309.","DOI":"10.1145\/3143361.3143380"},{"key":"e_1_3_1_5_2","doi-asserted-by":"crossref","unstructured":"Alcock P. et al. Improving intent correctness with automated testing. In Proceedings of the 2022 IEEE 8th Intern. Conf. on Network Softwarization. IEEE 61\u201366.","DOI":"10.1109\/NetSoft54395.2022.9844054"},{"key":"e_1_3_1_6_2","doi-asserted-by":"crossref","unstructured":"Anjum I. et al. Removing the reliance on perimeters for security using network views. In Proceedings of the 27th ACM on Symp. on Access Control Models and Technologies (2022) 151\u2013162.","DOI":"10.1145\/3532105.3535029"},{"key":"e_1_3_1_7_2","unstructured":"Beckett R. and Gupta A. Katra: Realtime verification for multi-layer networks. In Proceedings of the 19th USENIX Symp. on Networked Systems Design and Implementation (2022) 617\u2013634."},{"key":"e_1_3_1_8_2","doi-asserted-by":"publisher","DOI":"10.1109\/MNET.001.1900252"},{"key":"e_1_3_1_9_2","unstructured":"Birkner R. et al. Net2Text: Query-guided summarization of network forwarding behaviors. In Proceedings of the 15th USENIX Symp. on Networked Systems Design and Implementation (2018) 609\u2013623."},{"key":"e_1_3_1_10_2","unstructured":"Birkner R. Drachsler-Cohen D. Vanbever L. and Vechev M. Mining network specifications from network configurations. In Proceedings of the 17th USENIX Symp. on Networked Systems Design and Implementation (2020) 969\u2013984."},{"key":"e_1_3_1_11_2","unstructured":"Cisco. Cisco Intent-Based Networking (IBN);\u00a0https:\/\/bit.ly\/4aki6E0"},{"key":"e_1_3_1_12_2","unstructured":"Cisco. Benefits of Intent-Based Networking;\u00a0https:\/\/bit.ly\/4bjytlu"},{"key":"e_1_3_1_13_2","doi-asserted-by":"crossref","unstructured":"Clemm A. Ciavaglia L. Granville L. and Tantsura J. Intent-Based Networking\u2014Concepts and Definitions (2022); https:\/\/datatracker.ietf.org\/doc\/rfc9315\/.","DOI":"10.17487\/RFC9315"},{"key":"e_1_3_1_14_2","unstructured":"Dumitrescu D. Stoenescu R. Negreanu L. and Raiciu C. bf4: Towards bug-free P4 programs. In Proceedings of the Annual Conf. of the ACM SIG on Data Communication on the Applications Technologies Architectures and Protocols for Computer Communication 571\u2013585."},{"key":"e_1_3_1_15_2","unstructured":"Ferguson A.D. et al. Orion: Google\u2019s software-defined networking control plane. In Proceedings of the 18th USENIX Symp. on Networked Systems Design and Implementation (2021) 83\u201398."},{"key":"e_1_3_1_16_2","unstructured":"Fogel A. et al. A general approach to network configuration analysis. In Proceedings of the 12th USENIX Symp. on Networked Systems Design and Implementation (2015) 469\u2013483."},{"key":"e_1_3_1_17_2","unstructured":"Horn A. Kheradmand A. and Prasad M. Delta-net: Real-Time Network Verification using Atoms. In Proceedings of the 14th USENIX Symp. on Networked Systems Design and Implementation (2017) 735\u2013749."},{"key":"e_1_3_1_18_2","unstructured":"Jacobs A.S. et al. Hey Lumi! Using natural language for intent-based network management. In Proceedings of the USENIX Annual Technical Conf. (2021) 625\u2013639."},{"key":"e_1_3_1_19_2","first-page":"127","volume-title":"Proceedings of the 2013 IEEE Symp. on Security and Privacy","author":"Kang M.S.","unstructured":"Kang, M.S., Lee, S.B., and Gligor, V.D. The cross fire attack. In Proceedings of the 2013 IEEE Symp. on Security and Privacy. IEEE, 127\u2013141."},{"key":"e_1_3_1_20_2","unstructured":"Kazemian P. et al. Real time network policy checking using headerspace analysis. In 10th USENIX Symp. on Networked Systems Design and Implementation (2013) 99\u2013111."},{"key":"e_1_3_1_21_2","doi-asserted-by":"crossref","unstructured":"Kheradmand A. Automatic inference of high-level network intents by mining forwarding patterns. In Proceedings of the Symp. on SDN Research (2020) 27\u201333.","DOI":"10.1145\/3373360.3380831"},{"key":"e_1_3_1_22_2","doi-asserted-by":"crossref","unstructured":"Khurshid A. et al. VeriFlow: Verifying network-wide invariants in real time. In Proceedings of the 10th USENIX Symp. on Networked Systems Design and Implementation (2013) 15\u201327.","DOI":"10.1145\/2342441.2342452"},{"key":"e_1_3_1_23_2","unstructured":"Kim J. Ujcich B.E. and Tian D.J. INTENDER: Fuzzing intent-based networking with intent-state transition guidance. In Proceedings of the 32nd USENIX Security Symp. (2023)."},{"key":"e_1_3_1_24_2","doi-asserted-by":"publisher","DOI":"10.1145\/2500468.2500473"},{"key":"e_1_3_1_25_2","doi-asserted-by":"crossref","unstructured":"Liu J. et al. P4v: Practical verification for programmable data planes. In Proceedings of the 2018 Conf. of the ACM Special Interest Group on Data Communication 490\u2013503.","DOI":"10.1145\/3230543.3230582"},{"key":"e_1_3_1_26_2","unstructured":"Lopes N.P. et al. Checking beliefs in dynamic networks. In Proceedings of the 12th USENIX Symp. on Networked Systems Design and Implementation (2015) 499\u2013512."},{"key":"e_1_3_1_27_2","unstructured":"Juniper Networks. Juniper Apstra (2020);\u00a0https:\/\/juni.pr\/3K37I9e"},{"key":"e_1_3_1_28_2","unstructured":"ONF Intent NBI \u2013 Definition and Principles; https:\/\/bit.ly\/3WHvrD7."},{"key":"e_1_3_1_29_2","unstructured":"Prabhu S. et al. Plankton: Scalable network configuration verification through model checking. In Proceedings of the 17th USENIX Symp. on Networked Systems Design and Implementation (2020) 953\u2013967."},{"key":"e_1_3_1_30_2","doi-asserted-by":"publisher","DOI":"10.1145\/2829988.2787506"},{"key":"e_1_3_1_31_2","doi-asserted-by":"publisher","DOI":"10.1109\/PROC.1975.9939"},{"key":"e_1_3_1_32_2","doi-asserted-by":"crossref","unstructured":"Subramanian K. D\u2019Antoni L. and Akella A. Genesis: Synthesizing forwarding tables in multi-tenant networks. In Proceedings of the 44th ACM SIGPLAN Symp. on Principles of Programming Languages (2017) 572\u2013585.","DOI":"10.1145\/3009837.3009845"},{"key":"e_1_3_1_33_2","doi-asserted-by":"publisher","unstructured":"Ujcich B.E. Bates A. and Sanders W.H. Provenance for intent-based networking. In Proceedings of the 2020 6th IEEE Conf. on Network Softwarization (NetSoft) 195\u2013199; 10.1109\/NetSoft48620.2020.9165519","DOI":"10.1109\/NetSoft48620.2020.9165519"},{"key":"e_1_3_1_34_2","doi-asserted-by":"crossref","unstructured":"Ujcich B.E. et al. Cross-app poisoning in software-defined networking. In Proceedings of the 2018 ACM SIGSAC Conf. on Computer and Communications Security 648\u2013663.","DOI":"10.1145\/3243734.3243759"},{"key":"e_1_3_1_35_2","doi-asserted-by":"crossref","unstructured":"Ujcich B.E. et al. Automated discovery of cross-plane event-based vulnerabilities in software-defined networking. In Proceedings of the Network and Distributed System Security Symp. (2020).","DOI":"10.14722\/ndss.2020.24080"},{"key":"e_1_3_1_36_2","volume-title":"Technical Report","author":"Wood L.","year":"2021","unstructured":"Wood, L. Global intent-based networking market (2021\u20132026) by component, deployment, application, geography, competitive analysis and the impact of covid-19 with ansoff analysis. Technical Report. Research and Markets, (2021)."},{"key":"e_1_3_1_37_2","unstructured":"Zhang P. et al. APKeep: Realtime verification for real networks. In Proceedings of the 17th USENIX Symp. on Networked Systems Design and Implementation (2020) 241\u2013255."}],"container-title":["Communications of the ACM"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3639702","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3639702","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T00:03:49Z","timestamp":1750291429000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3639702"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7]]},"references-count":36,"journal-issue":{"issue":"7","published-print":{"date-parts":[[2024,7]]}},"alternative-id":["10.1145\/3639702"],"URL":"https:\/\/doi.org\/10.1145\/3639702","relation":{},"ISSN":["0001-0782","1557-7317"],"issn-type":[{"value":"0001-0782","type":"print"},{"value":"1557-7317","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,7]]},"assertion":[{"value":"2024-07-02","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}