Software-defined networking security: pros and cons

Software-defined networking (SDN) is a new networking paradigm that decouples the forwarding and control planes, traditionally coupled with one another, while adopting a logically centralized architecture aiming to increase network agility and programability. While many efforts are currently being made to standardize this emerging paradigm, careful attention needs to be paid to security at this early design stage too, rather than waiting until the technology becomes mature, thereby potentially avoiding previous pitfalls made when designing the Internet in the 1980s. This article focuses on the security aspects of SDN networks. We begin by discussing the new security advantages that SDN brings and by showing how some of the long-lasting issues in network security can be addressed by exploiting SDN capabilities. Then we describe the new security threats that SDN is faced with and discuss possible techniques that can be used to prevent and mitigate such threats.

[1]  Rob Sherwood,et al.  The controller placement problem , 2012, HotSDN '12.

[2]  Vinod Yegneswaran,et al.  AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks , 2013, CCS.

[3]  Antonio Iera,et al.  From "smart objects" to "social objects": The next evolutionary step of the internet of things , 2014, IEEE Communications Magazine.

[4]  Tarik Taleb,et al.  Follow me cloud: interworking federated clouds and distributed mobile networks , 2013, IEEE Network.

[5]  Petra Perner,et al.  Data Mining - Concepts and Techniques , 2002, Künstliche Intell..

[6]  Min Zhu,et al.  B4: experience with a globally-deployed software defined wan , 2013, SIGCOMM.

[7]  Raj Jain,et al.  Network virtualization and software defined networking for cloud computing: a survey , 2013, IEEE Communications Magazine.

[8]  Song Guo,et al.  Byzantine-Resilient Secure Software-Defined Networks with Multiple Controllers in Cloud , 2014, IEEE Transactions on Cloud Computing.

[9]  Tarik Taleb,et al.  Toward carrier cloud: Potential, challenges, and solutions , 2014, IEEE Wireless Communications.

[10]  Athanasios V. Vasilakos,et al.  DTRAB: Combating Against Attacks on Encrypted Protocols Through Traffic-Feature Analysis , 2010, IEEE/ACM Transactions on Networking.

[11]  Ayman I. Kayssi,et al.  Fast dynamic internet mapping , 2014, Future Gener. Comput. Syst..

[12]  Luis M. Contreras,et al.  Software-defined control of the virtualized mobile packet core , 2015, IEEE Communications Magazine.

[13]  Fang Hao,et al.  Towards an elastic distributed SDN controller , 2013, HotSDN '13.