A Comprehensive Security Analysis Checksheet for OpenFlow Networks

Software-defined networking (SDN) enables the exible and dynamic configuration of a network, and OpenFlow is one practical SDN implementation. Although it has been widely deployed in actual environments, it can cause fatal aws. In this paper, we consolidate the security threats to OpenFlow mentioned in previous work and introduce a new security checksheet that includes risk assessment methods. We compare the Kreutz et al. threat vectors with the SDNSecurity.org attack list to discover new threats. Our checksheet enables the security of a given OpenFlow network design to be comprehensively assessed. Furthermore, we evaluate the performance of an OpenFlow network with two attack scenarios using the checksheet and identify critical performance degradations.

[1]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[2]  Paul Smith,et al.  OpenFlow: A security analysis , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[3]  Murugiah P. Souppaya,et al.  Guideline on Network Security Testing , 2003 .

[4]  Karen A. Scarfone,et al.  Technical Guide to Information Security Testing and Assessment , 2008 .

[5]  Fernando M. V. Ramos,et al.  Towards secure and dependable software-defined networks , 2013, HotSDN '13.

[6]  Jim Esch,et al.  Software-Defined Networking: A Comprehensive Survey , 2015, Proc. IEEE.

[7]  Sakir Sezer,et al.  A Survey of Security in Software Defined Networks , 2016, IEEE Communications Surveys & Tutorials.

[8]  Guofei Gu,et al.  Attacking software-defined networks: a first feasibility study , 2013, HotSDN '13.

[9]  Mourad Debbabi,et al.  A Survey and a Layered Taxonomy of Software-Defined Networking , 2014, IEEE Communications Surveys & Tutorials.

[10]  Kevin Benton,et al.  OpenFlow vulnerability assessment , 2013, HotSDN '13.