{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T00:19:21Z","timestamp":1769041161259,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":78,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,12,2]],"date-time":"2024-12-02T00:00:00Z","timestamp":1733097600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100006374","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-2339882"],"award-info":[{"award-number":["CNS-2339882"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,12,2]]},"DOI":"10.1145\/3658644.3670301","type":"proceedings-article","created":{"date-parts":[[2024,12,9]],"date-time":"2024-12-09T12:19:20Z","timestamp":1733746760000},"page":"3630-3644","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":3,"title":["Exploiting Temporal Vulnerabilities for Unauthorized Access in Intent-based Networking"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9527-5888","authenticated-orcid":false,"given":"Ben","family":"Weintraub","sequence":"first","affiliation":[{"name":"MIT Lincoln Laboratory &amp; Northeastern University, Lexington, MA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3324-8283","authenticated-orcid":false,"given":"Jiwon","family":"Kim","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-4430-5462","authenticated-orcid":false,"given":"Ran","family":"Tao","sequence":"additional","affiliation":[{"name":"Georgetown University, Washington D.C., USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9649-6789","authenticated-orcid":false,"given":"Cristina","family":"Nita-Rotaru","sequence":"additional","affiliation":[{"name":"Northeastern University, Boston, MA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1450-3744","authenticated-orcid":false,"given":"Hamed","family":"Okhravi","sequence":"additional","affiliation":[{"name":"MIT Lincoln Laboratory, Lexington, MA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7506-9593","authenticated-orcid":false,"given":"Dave (Jing)","family":"Tian","sequence":"additional","affiliation":[{"name":"Purdue University, West Lafayette, IN, USA"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-3433-9972","authenticated-orcid":false,"given":"Benjamin E.","family":"Ujcich","sequence":"additional","affiliation":[{"name":"Georgetown University, Washington D.C., USA"}]}],"member":"320","published-online":{"date-parts":[[2024,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[n. d.]. https:\/\/wiki.onap.org\/display\/DW\/Controllers"},{"key":"e_1_3_2_1_2_1","unstructured":"[n. d.]. https:\/\/docs.openstack.org\/networking-odl\/ocata\/installation.html"},{"key":"e_1_3_2_1_3_1","unstructured":"[n. d.]. https:\/\/www.cisco.com\/c\/en\/us\/td\/docs\/net_mgmt\/open_sdn_controller\/1--1\/admin\/guide\/b_OSC11_Admin_Guide\/b_OSC11_Admin_Guide_chapter_00.pdf"},{"key":"e_1_3_2_1_4_1","unstructured":"[n. d.]. ONOS GitHub FlowRuleOperations.java. https:\/\/github.com\/ opennetworkinglab\/onos\/blob\/master\/core\/api\/src\/main\/java\/org\/onosproject\/ net\/flow\/FlowRuleOperations.java. Accessed: 2024-01--12."},{"key":"e_1_3_2_1_5_1","unstructured":"3GPP. 2020. Study on scenarios for Intent driven management services for mobile networks (Release 17). https:\/\/www.3gpp.org\/DynaReport\/28812.htm."},{"key":"e_1_3_2_1_6_1","first-page":"28312","volume-title":"Management and orchestration","author":"GPP.","unstructured":"3GPP. 2022. Management and orchestration; Intent driven management services for mobile networks (Release 17). https:\/\/www.3gpp.org\/DynaReport\/28312.htm."},{"key":"e_1_3_2_1_7_1","unstructured":"3GPP. 2022. Study on enhanced intent driven management services for mobile networks (Release 18). https:\/\/www.3gpp.org\/DynaReport\/28912.htm."},{"key":"e_1_3_2_1_8_1","volume-title":"17th USENIX Symposium on Networked Systems Design and Implementation (NSDI 20)","author":"Abhashkumar Anubhavnidhi","year":"2020","unstructured":"Anubhavnidhi Abhashkumar, Aaron Gember-Jacobson, and Aditya Akella. 2020. Tiramisu: Fast multilayer network verification. In 17th USENIX Symposium on Networked Systems Design and Implementation (NSDI 20). 201--219."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3143361.3143380"},{"key":"e_1_3_2_1_10_1","volume-title":"Proceedings of the Symposium on SDN Research. 8--20","author":"Achleitner Stefan","year":"2017","unstructured":"Stefan Achleitner, Thomas La Porta, Trent Jaeger, and Patrick McDaniel. 2017. Adversarial network forensics in software defined networking. In Proceedings of the Symposium on SDN Research. 8--20."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1402958.1402967"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3532105.3535029"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3589608.3593836"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2017.2782482"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2656877.2656890"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2016.7524333"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2015.7218382"},{"key":"e_1_3_2_1_18_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Cao Jiahao","year":"2019","unstructured":"Jiahao Cao, Qi Li, Renjie Xie, Kun Sun, Guofei Gu, Mingwei Xu, and Yuan Yang. 2019. The {CrossPath} Attack: Disrupting the {SDN} Control Channel via Shared Links. In 28th USENIX Security Symposium (USENIX Security 19). 19--36."},{"key":"e_1_3_2_1_19_1","volume-title":"22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID","author":"Cao Jiahao","year":"2019","unstructured":"Jiahao Cao, Zijie Yang, Kun Sun, Qi Li, Mingwei Xu, and Peiyi Han. 2019. Fingerprinting {SDN} applications via encrypted control traffic. In 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019). 501--515."},{"key":"e_1_3_2_1_20_1","unstructured":"Cisco Networks. 2024. Intent-Based Networking: Cisco. https:\/\/www.cisco.com\/ c\/en\/us\/solutions\/intent-based-networking.html."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"crossref","unstructured":"Alexander Clemm Laurent Ciavaglia Lisandro Granville and Jeff Tantsura. 2022. Intent-Based Networking - Concepts and Definitions (RFC 9315). https: \/\/datatracker.ietf.org\/doc\/rfc9315\/.","DOI":"10.17487\/RFC9315"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICNP.2017.8117602"},{"key":"e_1_3_2_1_23_1","first-page":"269","volume-title":"A note on two problems in connexion with graphs:(Numerische Mathematik, 1","author":"Dijkstra Edsger Wybe","year":"1959","unstructured":"Edsger Wybe Dijkstra. 1959. A note on two problems in connexion with graphs:(Numerische Mathematik, 1 (1959), p 269--271). (1959)."},{"key":"e_1_3_2_1_24_1","volume-title":"Orion: Google?s {Software-Defined} Networking Control Plane. In 18th USENIX NSDI. 83--98.","author":"Ferguson Andrew D","year":"2021","unstructured":"Andrew D Ferguson, Steve Gribble, Chi-Yao Hong, Charles Killian,Waqar Mohsin, Henrik Muehe, Joon Ong, Leon Poutievski, Arjun Singh, Lorenzo Vicisano, et al. 2021. Orion: Google?s {Software-Defined} Networking Control Plane. In 18th USENIX NSDI. 83--98."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2018.2876749"},{"key":"e_1_3_2_1_26_1","volume-title":"Landry","author":"Gomez Steven R.","year":"2019","unstructured":"Steven R. Gomez, Samuel Jero, Richard Skowyra, Jason Martin, Patrick Sullivan, David Bigelow, Zachary Ellenbogen, Bryan C. Ward, Hamed Okhravi, and James W. Landry. 2019. Controller-Oblivious Dynamic Access Control in Software-Defined Networks. In 2019 49th Annual IEEE\/IFIP DSN. 447--459."},{"key":"e_1_3_2_1_27_1","volume-title":"Networkx: Network analysis with python. URL: https:\/\/networkx. github. io","author":"Hagberg Aric","year":"2020","unstructured":"Aric Hagberg and Drew Conway. 2020. Networkx: Network analysis with python. URL: https:\/\/networkx. github. io (2020)."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/NETSOFT.2019.8806688"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/NetSoft51509.2021.9492679"},{"key":"e_1_3_2_1_30_1","volume-title":"Delta-net: Real-time network verification using atoms. In 14th USENIX NSDI. 735--749.","author":"Horn Alex","year":"2017","unstructured":"Alex Horn, Ali Kheradmand, and Mukul Prasad. 2017. Delta-net: Real-time network verification using atoms. In 14th USENIX NSDI. 735--749."},{"key":"e_1_3_2_1_31_1","unstructured":"Huawei. 2024. Huawei Launches the Intent-Driven Networking for CloudFabric Solution. https:\/\/www.huawei.com\/en\/news\/2018\/6\/Intent-Driven-Networking- CloudFabric-Solution."},{"key":"e_1_3_2_1_32_1","unstructured":"IBM Newsroom. 2021. IBM Brings AI-Powered Automation Software to Networking to Help Simplify Broad Adoption of 5G."},{"key":"e_1_3_2_1_33_1","volume-title":"BEADS: Automated Attack Discovery in OpenFlow- Based SDN Systems. In Research in Attacks, Intrusions, and Defenses","author":"Jero Samuel","year":"2017","unstructured":"Samuel Jero, Xiangyu Bu, Cristina Nita-Rotaru, Hamed Okhravi, Richard Skowyra, and Sonia Fahmy. 2017. BEADS: Automated Attack Discovery in OpenFlow- Based SDN Systems. In Research in Attacks, Intrusions, and Defenses. Springer, 311--333."},{"key":"e_1_3_2_1_34_1","volume-title":"Identifier Binding Attacks and Defenses in Software-Defined Networks. In 26th USENIX Security Symposium (USENIX Security . USENIX Association","author":"Jero Samuel","year":"2017","unstructured":"Samuel Jero, William Koch, Richard Skowyra, Hamed Okhravi, Cristina Nita- Rotaru, and David Bigelow. 2017. Identifier Binding Attacks and Defenses in Software-Defined Networks. In 26th USENIX Security Symposium (USENIX Security . USENIX Association, Vancouver, BC, 415--432."},{"key":"e_1_3_2_1_35_1","unstructured":"Juniper Networks. 2024. Juniper Apstra. https:\/\/www.juniper.net\/us\/en\/products\/ network-automation\/apstra.html."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.19"},{"key":"e_1_3_2_1_37_1","volume-title":"10th USENIX NSDI. 99--111.","author":"Kazemian Peyman","unstructured":"Peyman Kazemian, Michael Chang, Hongyi Zeng, George Varghese, Nick McKeown, and Scott Whyte. 2013. Real time network policy checking using header space analysis. In 10th USENIX NSDI. 99--111."},{"key":"e_1_3_2_1_38_1","volume-title":"9th USENIX NSDI. 113--126.","author":"Kazemian Peyman","unstructured":"Peyman Kazemian, George Varghese, and Nick McKeown. 2012. Header space analysis: Static checking for networks. In 9th USENIX NSDI. 113--126."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/2342441.2342452"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.001.1900476"},{"key":"e_1_3_2_1_41_1","volume-title":"Ujcich","author":"Kim Jiwon","year":"2024","unstructured":"Jiwon Kim, Hamed Okhravi, Dave (Jing) Tian, and Benjamin E. Ujcich. 2024. Security Challenges of Intent-Based Networking. Commun. ACM 67, 7 (2024)."},{"key":"e_1_3_2_1_42_1","volume-title":"Intender: Fuzzing Intent-Based Networking with Intent-State Transition Guidance. In 32nd USENIX Security Symposium (USENIX Security 23)","author":"Kim Jiwon","year":"2023","unstructured":"Jiwon Kim, Benjamin E. Ujcich, and Dave (Jing) Tian. 2023. Intender: Fuzzing Intent-Based Networking with Intent-State Transition Guidance. In 32nd USENIX Security Symposium (USENIX Security 23). 4463--4480."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2014.2371999"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2674005.2675006"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC9316"},{"key":"e_1_3_2_1_46_1","unstructured":"Linux Foundation. 2024. Open Network Automation Platform (ONAP). https: \/\/www.onap.org\/."},{"key":"e_1_3_2_1_47_1","unstructured":"Linux Foundation. 2024. OpenDaylight (ODL). https:\/\/www.opendaylight.org\/."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3302424.3303965"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/2043164.2018470"},{"key":"e_1_3_2_1_50_1","first-page":"4","article-title":"A Survey of Link Prediction in Complex","volume":"49","author":"Mart\u00ednez V\u00edctor","year":"2017","unstructured":"V\u00edctor Mart\u00ednez, Fernando Berzal, and Juan-Carlos Cubero. 2017. A Survey of Link Prediction in Complex Networks. Comput. Surveys 49, 4 (Dec. 2017), 1--33.","journal-title":"Networks. Comput. Surveys"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/2342441.2342454"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/1355734.1355746"},{"key":"e_1_3_2_1_53_1","unstructured":"ONF. 2016. Intent NBI -- Definition and Principles. https:\/\/opennetworking.org\/ wp-content\/uploads\/2014\/10\/TR-523_Intent_Definition_Principles.pdf."},{"key":"e_1_3_2_1_54_1","unstructured":"Open Networking Foundation. 2024. Open Network Operating System (ONOS). https:\/\/opennetworking.org\/onos\/."},{"key":"e_1_3_2_1_55_1","unstructured":"P4.org API Working Group. 2024. P4Runtime Specification. https:\/\/github.com\/ p4lang\/p4runtime."},{"key":"e_1_3_2_1_56_1","volume-title":"14th USENIX NSDI. 329--345.","author":"Panda Aurojit","unstructured":"Aurojit Panda, Wenting Zheng, Xiaohe Hu, Arvind Krishnamurthy, and Scott Shenker. 2017. {SCL}: Simplifying Distributed {SDN} Control Planes. In 14th USENIX NSDI. 329--345."},{"key":"e_1_3_2_1_57_1","unstructured":"Pica8. 2014. Pica8 P-5401 Specification. https:\/\/www.pica8.com\/wp-content\/uploads\/pica8-datasheet-32x40gbe-p5401.pdf"},{"key":"e_1_3_2_1_58_1","volume-title":"Ali Kheradmand, Brighten Godfrey, and Matthew Caesar.","author":"Prabhu Santhosh","year":"2020","unstructured":"Santhosh Prabhu, Kuan Yen Chou, Ali Kheradmand, Brighten Godfrey, and Matthew Caesar. 2020. Plankton: Scalable network configuration verification through model checking. In 17th USENIX NSDI. 953--967."},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/2785956.2787506"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2021.23062"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1145\/2377677.2377748"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/2070562.2070569"},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/3603269.3604856"},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1145\/2875951.2875957"},{"key":"e_1_3_2_1_65_1","volume-title":"Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. 413--424","author":"Shin Seungwon","year":"2013","unstructured":"Seungwon Shin, Vinod Yegneswaran, Phillip Porras, and Guofei Gu. 2013. Avantguard: Scalable and vigilant switch flow management in software-defined networks. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. 413--424."},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2020.2999653"},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/2829988.2787508"},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/2995272.2995276"},{"key":"e_1_3_2_1_69_1","volume-title":"Effective Topology Tampering Attacks and Defenses in Software-Defined Networks. In 2018 48th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). 374--385","author":"Skowyra Richard","year":"2018","unstructured":"Richard Skowyra, Lei Xu, Guofei Gu, Veer Dedhia, Thomas Hobson, Hamed Okhravi, and James Landry. 2018. Effective Topology Tampering Attacks and Defenses in Software-Defined Networks. In 2018 48th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN). 374--385."},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/3009837.3009845"},{"key":"e_1_3_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1145\/3341302.3342088"},{"key":"e_1_3_2_1_72_1","volume-title":"2020 6th IEEE Conference on Network Softwarization (NetSoft). IEEE, 195--199","author":"Ujcich Benjamin E.","unstructured":"Benjamin E. Ujcich, Adam Bates, and William H. Sanders. 2020. Provenance for intent-based networking. In 2020 6th IEEE Conference on Network Softwarization (NetSoft). IEEE, 195--199."},{"key":"e_1_3_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243759"},{"key":"e_1_3_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2020.24080"},{"key":"e_1_3_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2015.27"},{"key":"e_1_3_2_1_76_1","volume-title":"Michael P Collins, Vyas Sekar, and Srinivasan Seshan.","author":"Yu Tianlong","year":"2017","unstructured":"Tianlong Yu, Seyed Kaveh Fayaz, Michael P Collins, Vyas Sekar, and Srinivasan Seshan. 2017. PSI: Precise Security Instrumentation for Enterprise Networks.. In NDSS."},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.1145\/2783258.2783267"},{"key":"e_1_3_2_1_78_1","doi-asserted-by":"publisher","DOI":"10.1145\/2999572.2999605"}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","location":"Salt Lake City UT USA","acronym":"CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3670301","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3658644.3670301","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T06:23:15Z","timestamp":1755843795000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3658644.3670301"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,2]]},"references-count":78,"alternative-id":["10.1145\/3658644.3670301","10.1145\/3658644"],"URL":"https:\/\/doi.org\/10.1145\/3658644.3670301","relation":{},"subject":[],"published":{"date-parts":[[2024,12,2]]},"assertion":[{"value":"2024-12-09","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}