Attacks against Network Functions Virtualization and Software-Defined Networking: State-of-the-art

Network Functions Virtualization (NFV) and Software-Defined Networking (SDN) are two emerging paradigms for networks. While being independent from each other, they may be deployed together, which is likely to happen more frequently in the future, as they bring many opportunities for simpler, more flexible and energy-efficient networks. However, they also come with weaknesses that evil-minded users could exploit to disrupt such architectures. In this paper, we survey attacks that have been or could be performed against NFV and SDN, and propose practical countermeasures when applicable.

[1]  История National Information Assurance Glossary , 2010 .

[2]  Filip De Turck,et al.  Network Function Virtualization: State-of-the-Art and Research Challenges , 2015, IEEE Communications Surveys & Tutorials.

[3]  Soon Myoung Chung,et al.  A Survey on the Security of Hypervisors in Cloud Computing , 2015, 2015 IEEE 35th International Conference on Distributed Computing Systems Workshops.

[4]  David Erickson,et al.  The beacon openflow controller , 2013, HotSDN '13.

[5]  Lei Xu,et al.  FloodGuard: A DoS Attack Prevention Extension in Software-Defined Networks , 2015, 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[6]  Te-Shun Chou,et al.  SECURITY THREATS ON CLOUD COMPUTING VULNERABILITIES , 2013 .

[7]  Rafal Wojtczuk Poacher turned gamekeeper: Lessons learned from eight years of breaking hypervisors , 2014 .

[8]  Ravishankar K. Iyer,et al.  Hypervisor Introspection: A Technique for Evading Passive Virtual Machine Monitoring , 2015, WOOT.

[9]  Guofei Gu,et al.  Attacking software-defined networks: a first feasibility study , 2013, HotSDN '13.

[10]  Cataldo Basile,et al.  A novel approach for integrating security policy enforcement with dynamic network virtualization , 2015, Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft).

[11]  B. Joshi,et al.  Securing cloud computing environment against DDoS attacks , 2012, 2012 International Conference on Computer Communication and Informatics.

[12]  Athanasios V. Vasilakos,et al.  Security in Software-Defined Networking: Threats and Countermeasures , 2016, Mobile Networks and Applications.

[13]  Mabry Tyson,et al.  A security enforcement kernel for OpenFlow networks , 2012, HotSDN '12.

[14]  Jun Bi,et al.  Source address validation solution with OpenFlow/NOX architecture , 2011, 2011 19th IEEE International Conference on Network Protocols.

[15]  Nick Feamster,et al.  The road to SDN: an intellectual history of programmable networks , 2014, CCRV.

[16]  Rob Sherwood,et al.  FlowVisor: A Network Virtualization Layer , 2009 .

[17]  Gunjan Tank,et al.  Software-Defined Networking-The New Norm for Networks , 2012 .

[18]  Fernando M. V. Ramos,et al.  Towards secure and dependable software-defined networks , 2013, HotSDN '13.

[19]  Brent Byunghoon Kang,et al.  Rosemary: A Robust, Secure, and High-performance Network Operating System , 2014, CCS.

[20]  Lei Xu,et al.  Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures , 2015, NDSS.