论文信息 - Security Analysis of Security Applications for Software Defined Networks

Security Analysis of Security Applications for Software Defined Networks

Software Defined Networking (SDN) is a novel approach to allow configuration of networks in real time and a centralized manner. Likewise to legacy network architectures, security mechanisms are used to protect the network and the end-hosts within the network against attacks. While the properties of SDN allow to implement sophisticated security mechanism as extension of the centralized controllers, they also make the controllers and any extensions of its functionality a valuable target for attackers. This motivates to analyze the security of security applications for SDN. In this paper, two security applications namely, OpenFlow-Random Host Mutation and Resonance, are analyzed using STRIDE. It is shown that most threats for the two security applications can be mitigated by using existing security mechanisms. Furthermore, general suggestions that should be considered when designing security applications for SDN are derived.

Kpatcha M. Bayarou | M. Rahamatullah Khondoker | Ronald Marx | Markus Tasch

[1] Russell J. Clark,et al. Resonance: dynamic access control for enterprise networks , 2009, WREN '09.

[2] Bambang Supradono. MANAJEMEN RISIKO KEAMANAN INFORMASI DENGAN MENGGUNAKAN METODE OCTAVE (OPERATIONALLY CRITICAL THREAT, ASSET, AND VULNERABILITY EVALUATION) , 2009 .

[3] Nick McKeown,et al. OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[4] M. E. Kabay,et al. Writing Secure Code , 2015 .

[5] Mabry Tyson,et al. FRESCO: Modular Composable Security Services for Software-Defined Networks , 2013, NDSS.

[6] Ye Wang,et al. NetFuse: Short-circuiting traffic surges in the cloud , 2013, 2013 IEEE International Conference on Communications (ICC).

[7] Paul Saitta,et al. Trike v.1 Methodology Document [Draft] , 2005 .

[8] Sakir Sezer,et al. Sdn Security: A Survey , 2013, 2013 IEEE SDN for Future Networks and Services (SDN4FNS).

[9] Mabry Tyson,et al. A security enforcement kernel for OpenFlow networks , 2012, HotSDN '12.

[10] Ehab Al-Shaer,et al. Openflow random host mutation: transparent moving target defense using software defined networking , 2012, HotSDN '12.

[11] Scott Rose,et al. DNS Security Introduction and Requirements , 2005, RFC.