A Preliminary Survey on the Security of Software-Defined Networks

Abstract

The number of devices connected to the Internet is increasing, data centers are growing continuously and computer networks are getting more complex. Traditional network management approach is becoming more difficult and insufficient. Software-Defined Networks (SDN) is a new generation networking approach which is expected to take place of the traditional computer networks. SDN architecture provides effective management of the large and complex networks. Although SDN have benefits from the network security perspective, it also brings new attack vectors. We believe that the network security problems in SDN architecture need more advanced solutions. In this work, a survey on the SDN security problems is presented, challenges are discussed. In this context, security threats and attack surfaces in SDN are described, the significant SDN security solution examples in the literature are given.

Keywords

• Software-Defined Networks,SDN,SDN Security

References

1. [1] Open Networking Foundation, “Software-Defined Networking: The New Norm for Networks”. White Paper, 2013.
2. [2] N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker and J. Turner. "OpenFlow: Enabling Innovation in Campus Networks". ACM SIGCOMM Computer Communication Review, vol. 38, no. 2, pp. 69-74, 2008.
3. [3] D. Kreutz, F. M. V. Ramos and P. Verissimo. “Towards Secure and Dependable Software-Defined Networks”. Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 55-60, 2013.
4. [4] S. Scott-Hayward, S. Natarajan and S. Sezer. “A Survey of Security in Software Defined Networks”. IEEE Communication Surveys & Tutorials, vol. 18, no. 1, pp. 623-654, 2016.
5. [5] M. Dabbagh, B. Hamdaoui, M. Guizani and A. Rayes. “Software-Defined Networking Security: Pros and Cons”. IEEE Communications Magazine - Communication Standards Supplement, pp. 73-79, 2015.
6. [6] Open Networking Foundation, “OpenFlow Switch Specification”, Version 1.5.1, 2015.
7. [7] R. Holz, T. Riedmaier, N. Kammenhuber and G. Carle. “X.509 Forensics: Detecting and Localising the SSL/TLS Men-in-the-Middle”. 17th European Symposium on Research in Computer Security (ESORICS 2012), pp. 217-234, 2012.
8. [8] D. Kreutz, F. M. V. Ramos, P. E. Verissimo, C. E. Rothenberg, S. Azodolmolky and S. Uhlig. "Software-Defined Networking: A Comprehensive Survey". Proceedings of the IEEE, vol. 103, no. 1, pp. 14-76, 2015.

9. [9] Y. Jarraya, T. Madi and M. Debbabi. "A Survey and a Layered Taxonomy of Software-Defined Networking". IEEE Communication Surveys & Tutorials, vol. 16, no. 4, pp. 1955-1980, 2014.
10. [10] S. Scott-Hayward, G. O’Callaghan and S. Sezer. “SDN Security: A Survey”. IEEE SDN for Future Networks and Services (SDN4FNS 2013), pp. 1-7, 2013.
11. [11] I. Ahmad, S. Namal, M. Ylianttila and A. Gurtov. “Security in Software Defined Networks: A Survey”. IEEE Communication Surveys & Tutorials, vol. 17, no. 4, pp. 2317-2346, 2015.
12. [12] S. Shin, V. Yegneswaran, P. Porras and G. Gu. “AVANT-GUARD: Scalable and Vigilant Switch Flow Management in Software-Defined Networks”. 20th ACM SIGSAC Conference on Computer & Communications Security (CCS 2013), pp. 413-424, 2013.
13. [13] S. A. Mehdi, J. Khalid and S. A. Khayam. “Revisiting Traffic Anomaly Detection using Software Defined Networking”. 14th International Conference on Recent Advances in Intrusion Detection (RAID 2011), pp. 161-180, 2011.
14. [14] N. Gude, T. Koponen, J. Pettit, B. Pfaff, M. Casado, N. McKeown and S. Shenker. “NOX: Towards an Operating System for Networks”. ACM SIGCOMM Computer Communication Review, vol. 38, no. 3, pp. 105-110, 2008.
15. [15] S. M. Mousavi and M. St-Hilaire. “Early Detection of DDoS Attacks against SDN Controllers”. IEEE International Conference on Computing, Networking and Communications, Communications and Information Security Symposium, pp. 77-81, 2015.
16. [16] S. Ramadona, B. A. Hidayatulloh, D. F. Siswanto and N. Syambas. “The Simulation of SDN Network Using POX Controller: Case in Politeknik Caltex Riau”. 9th International Conference on Telecommunication Systems, Services and Applications (TSSA), pp. 1-6, 2015.
17. [17] G. Akin, E. Karaarslan, O. Buk and E. Ucar. “SDN Architecture Fundamentals & DoS Prevention Basics: A Case Study with OpenFlow”. International Scientific Conference (UNITECH 2015), Gabrovo, 2015.
18. [18] J. G. V. Pena and W. E. Yu. “Development of a Distributed Firewall Using Software Defined Networking Technology”. IEEE 4th International Conference on Information Science and Technology, pp. 449-452, 2014.
19. [19] H. Li, P. Li, S. Guo and S. Yu. “Byzantine-Resilient Secure Software-Defined Networks with Multiple Controllers”. IEEE International Conference on Communications (ICC 2014) - Communication and Information Systems Security Symposium, pp. 695-700, 2014.
20. [20] P. Porras, S. Shin, V. Yegneswaran, M. Fong, M. Tyson and G. Gu. “A Security Enforcement Kernel for OpenFlow Networks”. First ACM SIGCOMM Workshop on Hot Topics in Software Defined Networks, pp. 121-126, 2012.
21. [21] P. Porras, S. Cheung, M. Fong, K. Skinner and V. Yegneswaran. “Securing the Software-Defined Network Control Layer”. Network and Distributed System Security Symposium (NDSS), pp. 1-15, 2015.
22. [22] X. Wen, Y. Chen, C. Hu, C. Shi and Y. Wang. “Towards a Secure Controller Platform for OpenFlow Applications”. Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 171-172, 2013.
23. [23] G. Yao, J. Bi and P. Xiao. “Source Address Validation Solution with OpenFlow/NOX Architecture”. 19th IEEE International Conference on Network Protocols (ICNP), pp. 7-12, 2011.
24. [24] K. Giotis, C. Argyropoulos, G. Androulikadis, D. Kalogeras and V. Maglaris. “Combining OpenFlow and sFlow for an Effective and Scalable Anomaly Detection and Mitigation Mechanism on SDN Environments”. Computer Networks, vol. 62, pp. 122-136, 2014.
25. [25] M. Liyanage, I. Ahmad, M. Ylianttila, J. L. Santos, R. Kantola, O. L. Perez, M. U. Itzazelaia, E. M. de Oca, A. Valtierra and C. Jimenez. “Security for Future Software Defined Mobile Networks”. IEEE 9th International Conference on Next Generation Mobile Applications, Services and Technologies (NGMAST 2015), pp. 256-264, 2015.