Towards Secure and Dependable Software-Defined Networks (original) (raw)

Secure and dependable software defined networks

Journal of Network and Computer Applications, 2016

The revolutionary concept of Software Defined Networks (SDNs) potentially provides flexible and wellmanaged next-generation networks. All the hype surrounding the SDNs is predominantly because of its centralized management functionality, the separation of the control plane from the data forwarding plane, and enabling innovation through network programmability. Despite the promising architecture of SDNs, security was not considered as part of the initial design. Moreover, security concerns are potentially augmented considering the logical centralization of network intelligence. Furthermore, the security and dependability of the SDN has largely been a neglected topic and remains an open issue. The paper presents a broad overview of the security implications of each SDN layer/interface. This paper contributes further by devising a contemporary layered/interface taxonomy of the reported security vulnerabilities, attacks, and challenges of SDN. We also highlight and analyze the possible threats on each layer/interface of SDN to help design secure SDNs. Moreover, the ensuing paper contributes by presenting the state-ofthe-art SDNs security solutions. The categorization of solutions is followed by a critical analysis and discussion to devise a comprehensive thematic taxonomy. We advocate the production of secure and dependable SDNs by presenting potential requirements and key enablers. Finally, in an effort to anticipate secure and dependable SDNs, we present the ongoing open security issues, challenges and future research directions.

Securing the Software Defined Networks: Taxonomy, Requirements, and Open Issues

IEEE Communication Magazine

The emergence of Software Defined Networks (SDNs) promises to dramatically simplify network management and enable innovation through network programmability. Despite all the hype surrounded by the SDNs, exploiting its full potential is demanding. Security is still being the key concern and is an equally striking challenge that reduces the growth of SDNs. Moreover, the deployment of novel entities and the introduction of several architectural components of SDNs pose new security threats and vulnerabilities. Besides, the landscape of digital threats and cyber-attacks is evolving tremendously while considering SDNs as a potential target to have even more devastating effects than using simple networks. Security is not considered as part of the initial SDN design; therefore, it must be raised on the agenda. The paper discusses the state-of-the-art security solutions proposed to secure SDNs. We classify the security solutions in the literature by presenting a thematic taxonomy based on SDN layers/interfaces, security measures, simulation environments, and security objectives. Moreover, the paper points out the possible attacks and threat vectors targeting different layers/interfaces of the SDNs. The potential requirements and their key enablers for securing SDNs are also identified and presented. Besides, the paper gives great guidance for secure and dependable SDNs. Finally, we discuss open issues and challenges of SDN security that may deem appropriate to be tackled by researchers and professionals in the future.

Software Defined Networking – Imposed Security Measures Over Vulnerable Threats and Attacks

International Journal of Applied Metaheuristic Computing

Software defined networking (SDN), a new attempt in addressing the existing challenges in the legacy network architecture, is lime-lighted due to its simplified approach in managing the networks and its capability of programmability. In progressing with software defined networks implementation, security remains a high priority focus. The advantage of SDN itself opens a wide ground in posing new security threats and challenges. Focusing on the security of the SDN is a prime factor as it reflects on the growth of SDN technology implementation. This article focuses on the various existing security solutions available for SDN and the real challenge in securing the SDN providing the researchers a paved platform to work on further securing the networks. This article is designed with an introduction on SDN, its architecture, the available security solutions for the network, the leveraging threats and type of attack possibilities in SDN. This article concludes with the requirements of secur...

Software-Defined Network Security

Networks of the Future, 2017

The future networks are expected to lead a hyper-connected society with the promise of high social and economic value. The goal is to solve today's network problems and provide satisfactory security. Thus, the future networks require a flexible infrastructure that is secure against cyberattacks. Software defined networking (SDN) can be considered as one of the building blocks of upcoming networking technologies. In this chapter, first, the limitations of today's networks are presented. Then, solutions to secure the networks with SDN components are given. This concept is referred to as "SDN for Security." While SDN facilitates securing networks in general, it introduces additional challenges, mainly, the vulnerabilities of the SDN components such as the controller have to be addressed. Security for SDN aims at securing SDN assets and is discussed in the sequel. After reading this chapter, readers will obtain a comprehensive overview of the limitations of traditional networks, such as how SDN overcomes those limitations and the security issues thereof.

A Security Architecture for Software Defined Networks (SDN)

Software defined networking is an emerging network architecture with promising future in network field. It is dynamic, manageable, cost effective, and adaptable networking where control and data plane are decoupled, and control plane is centrally located to control application and dataplanes. OpenFlow is an example of Software Defined Networking (SDN) Southbound, which provides an open standard based interface between the SDN controller and data plane to control how data packets are forwarded through the network. As a result of rapid changes in networking, network program-ability and control logic centralization capabilities introduces new fault and easily attack planes, that open doors for threats that did not exist before or harder to exploit. This paper proposed SDN architecture with some level of security control, this will provide secured SDN paradigm with machine learning white/black list, where users application can be easily test and group as malicious attack or legitimate packet. Keyword - Software Defined Networking (SDN); OpenFow; Flow table; Security control; white/black list http://sites.google.com/site/ijcsis/ ISSN 1947-5500

A Security Architecture for Software Defined Network (SDN)

2018

Software defined network is emerging network architecture with promising future in network field. It is dynamic, manageable, cost effective, and adaptable networking where control and data plane are decoupled, and control plane is centrally located to control application and data planes. OpenFlow is an example of Software Defined Network (SDN) Southbound, which provides an open standard based interface between the SDN controller and data planes to control how data packets are forwarded through the network. As a result of rapid changes in networking, SDN program-ability and control logic centralization capabilities introduces new fault and easily attack planes, that open doors for threats that where not exist or harder to exploit. The paper present SDN architecture with security control level, this provide secured SDN paradigm with machine learning white/black list, where users application can be easily tested and group accordingly (malicious attack or legitimate packet).

A Survey of Security in Software Defined Networks

IEEE Communications Surveys & Tutorials, 2016

The proposition of increased innovation in network applications and reduced cost for network operators has won over the networking world to the vision of Software-Defined Networking (SDN). With the excitement of holistic visibility across the network and the ability to program network devices, developers have rushed to present a range of new SDN-compliant hardware, software and services. However, amidst this frenzy of activity, one key element has only recently entered the debate: Network Security. In this article, security in SDN is surveyed presenting both the research community and industry advances in this area. The challenges to securing the network from the persistent attacker are discussed and the holistic approach to the security architecture that is required for SDN is described. Future research directions that will be key to providing network security in SDN are identified.

Toward more secure SDN: A Survey

Software-defined Networking (SDN) is a new networking paradigm also referred to as a “radical new idea in networking” [1]. It favors network programmability and flexibility, it relieves network administrators to commit physical changes to the network infrastructure when new services and applications require topological changes in the network. The new firewall can be deployed at the edge of network without the need to overhaul the network in operation. The SDN takes this flexibility even further by utilizing applications that are capable perform regular network maintenance tasks that prior to the SDN was possible by network administrators labor effort. The provided centralized point of control and unified user configuration interface for switches, routers and middle-boxes from diverse vendors.

Security of software defined networks: evolution and challenges

International Journal of Reconfigurable and Embedded Systems (IJRES)

In software-defined networking (SDN), network traffic is managed by software controllers or application programming interfaces (APIs) rather than hardware components. It differs from traditional networks, which use switches and routers to control traffic. Using SDN, you can create and control virtual networks or traditional hardware networks. Furthermore, OpenFlow allows network administrators to control exact network behavior through centralized control of packet forwarding. For these reasons, SDN has advantages over certain security issues, unlike traditional networks. However, most of the existing vulnerabilities and security threats in the traditional network also impact the SDN network. This document presents the attacks targeting the SDN network and the solutions that protect against these attacks. In addition, we introduce a variety of SDN security controls, such as intrusion detection systems (IDS)/intrusion prevention system (IPS), and firewalls. Towards the end, we outline...