Security analysis as software-defined security for SDN environment

The security of cloud environment is always a target for attackers in order to exploit any of the system's vulnerabilities. Recently, software-defined systems (SDS) has become a focus of several researches. Where, SDS is in the way to replace the traditional networking, in order to provide facilities which are based on remote and centralized control. The security of SDS is a major requirement to guarantee the integrity, confidentiality and availability of data and the communication. This paper presents a security analysis as a software-defined security service that enforces the security within the SDN in the cloud environment. The security analysis is specified through the attack graph and alert correlation clustering, which aims to enhance the work of other security approaches such as IDS by giving a global view and hint about the security state of the environment, also by reducing the rate of false positive alerts.

[1]  Yili Gong,et al.  A survey on software defined networking and its applications , 2015, Frontiers of Computer Science.

[2]  Alexandre M. Amory,et al.  Software-Defined Networking Architecture for NoC-based Many-Cores , 2018, 2018 IEEE International Symposium on Circuits and Systems (ISCAS).

[3]  Sandra Scott-Hayward,et al.  Design and deployment of secure, robust, and resilient SDN controllers , 2015, Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft).

[4]  Edward G. Amoroso Software-Defined Networking and Network Function Virtualization Security , 2017 .

[5]  Wei Yang,et al.  A survey on security in network functions virtualization , 2016, 2016 IEEE NetSoft Conference and Workshops (NetSoft).

[6]  Athanasios V. Vasilakos,et al.  Security in Software-Defined Networking: Threats and Countermeasures , 2016, Mobile Networks and Applications.

[7]  Andrei V. Gurtov,et al.  Security in Software Defined Networks: A Survey , 2015, IEEE Communications Surveys & Tutorials.

[8]  Sushil Jajodia Topological analysis of network attack vulnerability , 2007, ASIACCS '07.

[9]  Ting Wang,et al.  Overview on attack graph generation and visualization technology , 2013, 2013 International Conference on Anti-Counterfeiting, Security and Identification (ASID).

[10]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[11]  Christoph Meinel,et al.  A New Alert Correlation Algorithm Based on Attack Graph , 2011, CISIS.

[12]  Jim Esch,et al.  Software-Defined Networking: A Comprehensive Survey , 2015, Proc. IEEE.

[13]  Hervé Debar,et al.  New Types of Alert Correlation for Security Information and Event Management Systems , 2016, 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[14]  Sushil Jajodia,et al.  Measuring network security using dynamic bayesian network , 2008, QoP '08.

[15]  Kevin Benton,et al.  OpenFlow vulnerability assessment , 2013, HotSDN '13.

[16]  Steven J. Templeton,et al.  A requires/provides model for computer attacks , 2001, NSPW '00.

[17]  Fikret Sivrikaya,et al.  Distributed Attack Graph Generation , 2016, IEEE Transactions on Dependable and Secure Computing.

[18]  Kamelia Nikolova,et al.  SOFTWARE DEFINED NETWORKS AND OPENFLOW: A SURVEY , 2018, 18th International Multidisciplinary Scientific GeoConference SGEM2018, Nano, Bio and Green � Technologies for a Sustainable Future.

[19]  Seungjoon Lee,et al.  Network function virtualization: Challenges and opportunities for innovations , 2015, IEEE Communications Magazine.

[20]  Lei Xu,et al.  FloodGuard: A DoS Attack Prevention Extension in Software-Defined Networks , 2015, 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[21]  Richard Lippmann,et al.  Practical Attack Graph Generation for Network Defense , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[22]  Kim-Kwang Raymond Choo,et al.  Security, Privacy, and Anonymity in Computation, Communication, and Storage , 2017, Lecture Notes in Computer Science.

[23]  Chuang Lin,et al.  On Denial of Service Attacks in Software Defined Networks , 2016, IEEE Network.

[24]  Andrew W. Appel,et al.  MulVAL: A Logic-based Network Security Analyzer , 2005, USENIX Security Symposium.

[25]  Qi Hao,et al.  A Survey on Software-Defined Network and OpenFlow: From Concept to Implementation , 2014, IEEE Communications Surveys & Tutorials.

[26]  Fernando M. V. Ramos,et al.  Software-Defined Networking: A Comprehensive Survey , 2014, Proceedings of the IEEE.

[27]  Stéphane Betgé-Brezetz,et al.  SDN-Based Trusted Path in a Multi-domain Network , 2016, 2016 IEEE International Conference on Cloud Engineering Workshop (IC2EW).

[28]  Matthew Green,et al.  Developers are Not the Enemy!: The Need for Usable Security APIs , 2016, IEEE Security & Privacy.

[29]  Danda B. Rawat,et al.  Software Defined Networking Architecture, Security and Energy Efficiency: A Survey , 2017, IEEE Communications Surveys & Tutorials.

[30]  Andrei V. Gurtov,et al.  SDN Based Inter-Technology Load Balancing Leveraged by Flow Admission Control , 2013, 2013 IEEE SDN for Future Networks and Services (SDN4FNS).

[31]  Martin Knahl,et al.  Software Defined Privacy , 2016, 2016 IEEE International Conference on Cloud Engineering Workshop (IC2EW).