Sdn Security: A Survey

The pull of Software-Defined Networking (SDN) is magnetic. There are few in the networking community who have escaped its impact. As the benefits of network visibility and network device programmability are discussed, the question could be asked as to who exactly will benefit? Will it be the network operator or will it, in fact, be the network intruder? As SDN devices and systems hit the market, security in SDN must be raised on the agenda. This paper presents a comprehensive survey of the research relating to security in software-defined networking that has been carried out to date. Both the security enhancements to be derived from using the SDN framework and the security challenges introduced by the framework are discussed. By categorizing the existing work, a set of conclusions and proposals for future research directions are presented.

[1]  Rob Sherwood,et al.  FlowVisor: A Network Virtualization Layer , 2009 .

[2]  Minlan Yu,et al.  SIMPLE-fying middlebox policy enforcement using SDN , 2013, SIGCOMM.

[3]  Kevin Benton,et al.  OpenFlow vulnerability assessment , 2013, HotSDN '13.

[4]  Syed Ali Khayam,et al.  Revisiting Traffic Anomaly Detection Using Software Defined Networking , 2011, RAID.

[5]  Martín Casado,et al.  Ethane: taking control of the enterprise , 2007, SIGCOMM '07.

[6]  Min Zhu,et al.  B4: experience with a globally-deployed software defined wan , 2013, SIGCOMM.

[7]  Ehab Al-Shaer,et al.  FlowChecker: configuration analysis and verification of federated openflow infrastructures , 2010, SafeConfig '10.

[8]  Guofei Gu,et al.  CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?) , 2012, 2012 20th IEEE International Conference on Network Protocols (ICNP).

[9]  Nick McKeown,et al.  Delegating network security with more information , 2009, WREN '09.

[10]  Sakir Sezer,et al.  Queen ' s University Belfast-Research Portal Are We Ready for SDN ? Implementation Challenges for Software-Defined Networks , 2016 .

[11]  Paul Smith,et al.  OpenFlow: A security analysis , 2013, 2013 21st IEEE International Conference on Network Protocols (ICNP).

[12]  Marco Canini,et al.  A NICE Way to Test OpenFlow Applications , 2012, NSDI.

[13]  Dawei Li,et al.  Evaluation of Security Vulnerabilities by Using ProtoGENI as a Launchpad , 2011, 2011 IEEE Global Telecommunications Conference - GLOBECOM 2011.

[14]  Mabry Tyson,et al.  A security enforcement kernel for OpenFlow networks , 2012, HotSDN '12.

[15]  Brighten Godfrey,et al.  VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[16]  Timothy L. Hinrichs Expressing and Enforcing Flow-Based Network Security Policies , 2008 .

[17]  Rodrigo Braga,et al.  Lightweight DDoS flooding attack detection using NOX/OpenFlow , 2010, IEEE Local Computer Network Conference.

[18]  Tal Garfinkel,et al.  SANE: A Protection Architecture for Enterprise Networks , 2006, USENIX Security Symposium.

[19]  Minlan Yu,et al.  FlowTags: enforcing network-wide policies in the presence of dynamic middlebox actions , 2013, HotSDN '13.

[20]  Vinod Yegneswaran,et al.  Model checking invariant security properties in OpenFlow , 2013, 2013 IEEE International Conference on Communications (ICC).

[21]  Fernando M. V. Ramos,et al.  Towards secure and dependable software-defined networks , 2013, HotSDN '13.

[22]  Ehab Al-Shaer,et al.  Openflow random host mutation: transparent moving target defense using software defined networking , 2012, HotSDN '12.

[23]  Azer Bestavros,et al.  Verifiably-safe software-defined networks for CPS , 2013, HiCoNS '13.

[24]  Aditya Akella,et al.  Extensible and Scalable Network Monitoring Using OpenSAFE , 2010, INM/WREN.

[25]  Christos Douligeris,et al.  Network Security: Current Status and Future Directions , 2007 .

[26]  Azer Bestavros,et al.  Software-Defined IDS for securing embedded mobile devices , 2013, 2013 IEEE High Performance Extreme Computing Conference (HPEC).

[27]  Nick McKeown,et al.  Where is the debugger for my software-defined network? , 2012, HotSDN '12.

[28]  Nick Feamster,et al.  A slick control plane for network middleboxes , 2013, HotSDN '13.

[29]  Russell J. Clark,et al.  Resonance: dynamic access control for enterprise networks , 2009, WREN '09.

[30]  Young H. Cho,et al.  Pattern Based Packet Filtering using NetFPGA in DETER Infrastructure , 2010 .

[31]  Mabry Tyson,et al.  FRESCO: Modular Composable Security Services for Software-Defined Networks , 2013, NDSS.