Risk Assessment Approach to Secure Northbound Interface of SDN Networks

The most significant threats to networks usually originate from external entities. As such, the Northbound interface of SDN networks which ensures communication with external applications requires particularly close attention. In this paper we propose the Risk Assessment and Management approach to SEcure SDN (RAMSES). This novel solution is able to estimate the risk associated with traffic demand requests received via the Northbound-API in SDN networks. RAMSES quantifies the impact on network cost incurred by expected traffic demands and specifies the likelihood of adverse requests estimated using the reputation system. Accurate risk estimation allows SDN network administrators to make the right decisions and mitigate potential threat scenarios. This can be observed using extensive numerical verification based on an network optimization tool and several scenarios related to the reputation of the sender of the request. The verification of RAMSES confirmed the usefulness of its risk assessment approach to protecting SDN networks against threats associated with the Northbound-API.

[1]  Jerzy Konorski,et al.  A Centralized Reputation System for MANETs Based on Observed Path Performance , 2015, 2015 8th IFIP Wireless and Mobile Networking Conference (WMNC).

[2]  Kamal Benzekki,et al.  Software-defined networking (SDN): a survey , 2016, Secur. Commun. Networks.

[3]  Gary Stoneburner,et al.  SP 800-30. Risk Management Guide for Information Technology Systems , 2002 .

[4]  Christian Banse,et al.  A Secure Northbound Interface for SDN Applications , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[5]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[6]  Piotr Jurkiewicz,et al.  SDNRoute: Integrated system supporting routing in Software Defined Networks , 2017, 2017 19th International Conference on Transparent Optical Networks (ICTON).

[7]  Michal Pioro,et al.  SNDlib 1.0—Survivable Network Design Library , 2010 .

[8]  David Walker,et al.  Frenetic: a network programming language , 2011, ICFP.

[9]  Behrouz Tork Ladani,et al.  Benchmarking reputation systems: A quantitative verification approach , 2016, Comput. Hum. Behav..

[10]  Qiang Liu,et al.  A Survey on Security-Aware Measurement in SDN , 2018, Secur. Commun. Networks.

[11]  Sebastian Abt,et al.  Blessing or curse? Revisiting security aspects of Software-Defined Networking , 2014, 10th International Conference on Network and Service Management (CNSM) and Workshop.