A Survey of Securing Networks Using Software Defined Networking

Software Defined Networking (SDN) is rapidly emerging as a new paradigm for managing and controlling the operation of networks ranging from the data center to the core, enterprise, and home. The logical centralization of network intelligence presents exciting challenges and opportunities to enhance security in such networks, including new ways to prevent, detect, and react to threats, as well as innovative security services and applications that are built upon SDN capabilities. In this paper, we undertake a comprehensive survey of recent works that apply SDN to security, and identify promising future directions that can be addressed by such research.

[1]  Vipul Gupta,et al.  Sizzle: a standards-based end-to-end security architecture for the embedded Internet , 2005, Third IEEE International Conference on Pervasive Computing and Communications.

[2]  Alec Wolman,et al.  An Architecture for Extensible Wireless LANs , 2008, HotNets.

[3]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 1997, RFC.

[4]  Fernando M. V. Ramos,et al.  Towards secure and dependable software-defined networks , 2013, HotSDN '13.

[5]  Mani B. Srivastava,et al.  SensorAct: a privacy and security aware federated middleware for building management , 2012, BuildSys '12.

[6]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[7]  Marco Canini,et al.  A NICE Way to Test OpenFlow Applications , 2012, NSDI.

[8]  Anja Feldmann,et al.  Network Virtualization - An Enabler for Overcoming Ossification , 2009, ERCIM News.

[9]  Anja Feldmann,et al.  Panopticon: Reaping the Benefits of Incremental SDN Deployment in Enterprise Networks , 2014, USENIX Annual Technical Conference.

[10]  Stefan Saroiu,et al.  An Operating System for the Home , 2012, NSDI.

[11]  Philip Levis,et al.  OpenRadio: a programmable wireless dataplane , 2012, HotSDN '12.

[12]  Mabry Tyson,et al.  FRESCO: Modular Composable Security Services for Software-Defined Networks , 2013, NDSS.

[13]  Vinod Yegneswaran,et al.  AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks , 2013, CCS.

[14]  Abdullahi Arabo,et al.  Privacy in the Age of Mobility and Smart Devices in Smart Homes , 2012, 2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing.

[15]  Akihiro Nakao,et al.  A routing underlay for overlay networks , 2003, SIGCOMM '03.

[16]  Aditya Akella,et al.  Toward software-defined middlebox networking , 2012, HotNets-XI.

[17]  Thierry Turletti,et al.  The case for software-defined networking in heterogeneous networked environments , 2012, CoNEXT Student '12.

[18]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[19]  Vyas Sekar,et al.  The middlebox manifesto: enabling innovation in middlebox deployment , 2011, HotNets-X.

[20]  Didier Colle,et al.  Enabling fast failure recovery in OpenFlow networks , 2011, 2011 8th International Workshop on the Design of Reliable Communication Networks (DRCN).

[21]  Ehab Al-Shaer,et al.  FlowChecker: configuration analysis and verification of federated openflow infrastructures , 2010, SafeConfig '10.

[22]  Charles Kozierok,et al.  The TCP/IP Guide: A Comprehensive, Illustrated Internet Protocols Reference , 2005 .

[23]  Vijay Mann,et al.  CrossRoads: Seamless VM mobility across data centers through software defined networking , 2012, 2012 IEEE Network Operations and Management Symposium.

[24]  Kok-Kiong Yap,et al.  The Stanford OpenRoads deployment , 2009, WINTECH '09.

[25]  Scott Shenker,et al.  Ethane: taking control of the enterprise , 2007, SIGCOMM.

[26]  Cole Schlesinger,et al.  Splendid isolation: a slice abstraction for software-defined networks , 2012, HotSDN '12.

[27]  Martín Casado,et al.  NOX: towards an operating system for networks , 2008, CCRV.

[28]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 2000, RFC.

[29]  David Walker,et al.  Languages for software-defined networks , 2013, IEEE Communications Magazine.

[30]  Obi Akonjang,et al.  SANE: A Protection Architecture For Enterprise Networks , 2007 .

[31]  Guofei Gu,et al.  BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection , 2008, USENIX Security Symposium.

[32]  Min Zhu,et al.  B4: experience with a globally-deployed software defined wan , 2013, SIGCOMM.

[33]  Angelos D. Keromytis,et al.  SOS: secure overlay services , 2002, SIGCOMM '02.

[34]  Giacomo Morabito,et al.  Software Defined Wireless Networks: Unbridling SDNs , 2012, 2012 European Workshop on Software Defined Networking.

[35]  Nick Feamster,et al.  Instrumenting home networks , 2010, HomeNets@SIGCOMM.

[36]  David E. Culler,et al.  BOSS: Building Operating System Services , 2013, NSDI.

[37]  Katia Obraczka,et al.  A flexible in-network IP anonymization service , 2012, 2012 IEEE International Conference on Communications (ICC).

[38]  Tal Garfinkel,et al.  SANE: A Protection Architecture for Enterprise Networks , 2006, USENIX Security Symposium.

[39]  Paola Cornacchiola IBM Distributed Overlay Virtual Ethernet (DOVE) networking , 2012 .

[40]  David Walker,et al.  A compiler and run-time system for network programming languages , 2012, POPL '12.

[41]  Marco Canini,et al.  FatTire: declarative fault tolerance for software-defined networks , 2013, HotSDN '13.

[42]  Nick Feamster,et al.  SwitchBlade: a platform for rapid deployment of network protocols on programmable hardware , 2010, SIGCOMM '10.

[43]  Anja Feldmann,et al.  Towards programmable enterprise WLANS with Odin , 2012, HotSDN '12.

[44]  Anja Feldmann,et al.  Incremental SDN deployment in enterprise networks , 2013, Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication.

[45]  Rob Sherwood,et al.  On Controller Performance in Software-Defined Networks , 2012, Hot-ICE.

[46]  Nick Feamster Outsourcing home network security , 2010, HomeNets '10.

[47]  Aditya Akella,et al.  ECOS: Leveraging Software-Defined Networks to support mobile application offloading , 2012, 2012 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS).

[48]  Yi Wang,et al.  Towards a secure controller platform for openflow applications , 2013, HotSDN '13.

[49]  Fred Kuhns,et al.  Supercharging planetlab: a high performance, multi-application, overlay network platform , 2007, SIGCOMM '07.

[50]  Hari Balakrishnan,et al.  Resilient overlay networks , 2001, SOSP.

[51]  Syed Ali Khayam,et al.  Revisiting Traffic Anomaly Detection Using Software Defined Networking , 2011, RAID.

[52]  Geng Lin,et al.  A framework to rapidly test SDN use-cases and accelerate middlebox applications , 2013, 38th Annual IEEE Conference on Local Computer Networks.

[53]  Martin May,et al.  Expanding home services with advanced gateways , 2012, CCRV.

[54]  Brighten Godfrey,et al.  VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[55]  Scott Shenker,et al.  Routing as a Service , 2006 .

[56]  Mabry Tyson,et al.  A security enforcement kernel for OpenFlow networks , 2012, HotSDN '12.

[57]  Alec Wolman,et al.  Dyson: An Architecture for Extensible Wireless LANs , 2010, USENIX Annual Technical Conference.

[58]  Minlan Yu,et al.  Software Defined Traffic Measurement with OpenSketch , 2013, NSDI.

[59]  Arjun Guha,et al.  Machine-verified network controllers , 2013, PLDI.

[60]  Ehab Al-Shaer,et al.  Openflow random host mutation: transparent moving target defense using software defined networking , 2012, HotSDN '12.

[61]  Vinod Yegneswaran,et al.  Model checking invariant security properties in OpenFlow , 2013, 2013 IEEE International Conference on Communications (ICC).

[62]  Aditya Akella,et al.  Extensible and Scalable Network Monitoring Using OpenSAFE , 2010, INM/WREN.

[63]  Seungyeop Han,et al.  Tor instead of IP , 2011, HotNets-X.

[64]  Nick Feamster,et al.  Infranet: Circumventing Web Censorship and Surveillance , 2002, USENIX Security Symposium.