“Making next generation networks secure”

Responsive image

Welcome! I am Stefan Achleitner, a PhD Student at the Institute of Networking and Security Research at The Pennsylvania State University, advised by Prof. Thomas La Porta. In my research I am focusing on the security of networked systems including virtualized networking, cloud computing systems, software defined networking (SDN), internet of things (IoT) and virtual machines. My background also includes machine learning, software engineering and distributed systems.

What's new:

Responsive image

Paper accepted at IEEE Transactions on Network and Service Management, Special issue on Advances in Management of Softwarized Networks


Advanced targeted cyber attacks often rely on reconnaissance missions to gather information about potential targets, their characteristics and location to identify vulnerabilities in a networked environment. Advanced network scanning techniques are often used for this purpose and are automatically executed by malware infected hosts.
Read more...
Responsive image

Published a new article on ransomware on the german technology website Intelligente-Welt.de (Article in German)


Read more...
Responsive image

Our work on Adversarial Network Forensics in SDN won the Best Student Paper Award at the 2017 ACM Symposium on SDN Research (SOSR)


Read more...

New attack vector on SDN:

SDN has many security issues, adversarial network forensics is a new attack vector on SDN. Check out these videos where I show how SDNMap can bypass an the Access Control List in Floodlight and reconstruct a Load Balancing Policy modeled after OpenStack Quantum:
Read more on adversarial forensics in SDN...
Responsive image

Paper at 2017 ACM Symposium on SDN Research (SOSR)

The essential part of an SDN-based network are flow rules that enable network elements to steer and control the traffic and deploy policy enforcement points with a fine granularity at any entry-point in a network. The implementation details of network policies are reflected in the composition of flow rules and leakage of such information provides adversaries with a significant attack advantage such as bypassing Access Control Lists (ACL), reconstructing the resource distribution of Load Balancers or revealing of Moving Target Defense techniques. In this paper we introduce a new attack vector on SDN by showing how the detailed composition of flow rules can be reconstructed by network users without any prior knowledge of the SDN controller or its architecture.
Read more...
Responsive image

Paper to appear in 2017 IEEE International Conference on Computer Communications (INFOCOM)

Live virtual machine migration is commonly used for enabling dynamic resource or fault management, or for load balancing in datacenters or cloud platforms. A service hosted by a VM may also be migrated to prevent its visibility to an external adversary who may seek to disrupt its operation by launching a DDoS attack against it. We design and implement a stealth migration framework that causes migration traffic to be indistinguishable from regular Internettraffic, with a negligible latency overhead.
Read more...
Responsive image

Systems and Technology Engineering internship at Ericsson

From May to August 2016 I worked for Ericsson in San Jose, CA as a systems and technology engineering intern. I developed a security/cryptography service module in C and OpenSSL for Ericsson's IPOS platform. The goal of this project was to make cryptography easy to use by automizing procedures such a key generation, sensitive data storage, crypto algorithm selection, etc. in an intelligent way.
Read more...
Responsive image

Paper at 2016 International Workshop on Managing Insider Security Threats (MIST) at 2016 ACM International Conference on Computer and Communication Security (CCS)

Advanced targeted cyber attacks rely on reconnaissance missions to gather information about potential targets and their location in a networked environment to identify vulnerable network resources which can be exploited for further attack maneuvers. In this project we develop a SDN-based system to protect enterprice networks by simulating virtual network layers which protects the underlying system from adversaries.
Read more...