Software defined applications for WAN (Wide Area Network) are primarily designed to manage and deploy enterprise WAN infrastructure. SDN controller feature helps an organization to automate complex WAN configuration and route data efficiently among its remote sites from a centralized point. Recently various vendors have stepped in this market and claim their product to be the solution for WAN management problems. However, automating the network through a centralized controller makes the network a handy target for attackers to exploit. Compromising the controller or its application can pose serious threat to network devices and traffic flow. This motivated us to study the vulnerabilities of two such SDN WAN applications—Google’s B4 and Cisco’s IWAN . For the analysis, we used the Microsoft’s threat analysis method called STRIDE . In the analysis, we found out that both B4 and IWAN might suffer from security threats like Spoofing , Tampering, Information Disclosure and Denial of Service (DoS) and each vulnerability found in the application using STRIDE threat model, can be mitigated using available IT security mechanisms.
[1]
Carol Woody,et al.
Introduction to the OCTAVE ® Approach
,
2003
.
[2]
Ketil Stølen,et al.
Model-Driven Risk Analysis - The CORAS Approach
,
2010
.
[3]
Jan Jürjens,et al.
UMLsec: Extending UML for Secure Systems Development
,
2002,
UML.
[4]
Min Zhu,et al.
B4: experience with a globally-deployed software defined wan
,
2013,
SIGCOMM.
[5]
Kpatcha M. Bayarou,et al.
Security Analysis of Security Applications for Software Defined Networks
,
2014,
AINTEC.
[6]
Nick McKeown,et al.
OpenFlow: enabling innovation in campus networks
,
2008,
CCRV.