Towards secure and dependable software-defined networks

Kreutz, Diego; Ramos, Fernando M. V.; Verı́ssimo, Paulo

doi:10.1145/2491185.2491199

Cited by 581 publications

(316 citation statements)

References 20 publications

Supporting

Mentioning

307

Contrasting

Unclassified

Order By: Relevance

“…A number of related works have analysed the SDN or OpenFlow vulnerability and identified security threats (Eason et al, 2013;Kloti et al, 2013; ftp://ftp.tik.ee.ethz.ch/pub/students/2012-HS/MA-2012-20.pdf; Kreutz et al, 2013;Benton et al, 2013;Khurshid et al, 2012Khurshid et al, , 2013Jafarian et al, 2012;Kobayashia et al, 2012) and some of them also summarise general possible solutions to malicious attacks, such as FortNox and FRESCO (SDN Security Seminars, http://www.OpenFlowsec.org/SDN_SecuritySeminar_Feb2012.pdf; Porras et al, 2012;Shin et al, 2013aShin et al, , 2013b) that extends NOX (Gude et al, 2008) with a security kernel and security programming interface. Kreutz et al (2013) analysed and identified several threat vectors that may enable the exploiting of SDN vulnerabilities. They have summarised SDN security kernel work that was capable of ensuring prioritised switch flow rules for security related applications and for other all remaining applications.…”

Section: Related Workmentioning

confidence: 99%

Software-defined network flow table overflow attacks and countermeasures

You¹,

Qian²,

Qian³

2016

IJSCN

View full text Add to dashboard Cite

Software-defined network (SDN) is proposed as a new concept in computer networks, which separates the control plane from the data plane. And it provides a programmable network architecture that could facilitate rapid network innovation. OpenFlow is a network protocol that standardises the communications between OpenFlow controllers and OpenFlow switches. It is considered as an enabler of SDN. The flow table in OpenFlow switches plays a critical role in OpenFlow-based SDN, which stores the rules populated by the controllers for controlling and directing the packet flows in SDN. Nevertheless, they also become a new target of malicious attacks. This paper analyses the flow table overflow attack, a type of denial of service attacks, and proposes a novel eviction algorithm, dynamic in/out balancing with least frequently used eviction (DIOB/LFU), at service level to defend against the flow table overflow attacks.

show abstract

Section: Related Workmentioning

confidence: 99%

Software-defined network flow table overflow attacks and countermeasures

You¹,

Qian²,

Qian³

2016

IJSCN

View full text Add to dashboard Cite

show abstract

“…But SSL/TLS protocol is not enough to establish and assure trust between controllers and switches. Attacker can gains access to the control plane by exploit the weaknesses of SSL/TLS [7].…”

Section: Security Problems Of Flowmentioning

confidence: 99%

A Software-Defined Networking Security Controller Architecture

Shang¹,

Fu²

2016

Proceedings of the 2016 4th International Conference on Machinery, Materials and Computing Technology

View full text Add to dashboard Cite

Abstract. With the development of the software-defined networking (SDN), centralized and open network management has brought many security problems. In this paper, we analyzed the security problems in SDN architecture, and then designed a SDN security controller architecture. We verified the feasibility and effectiveness of the architecture by using DDoS attack defense as an example, and analyzed the influence of the architecture on the network performance.

show abstract

“…Other examples of middleboxes used to enhance security are presented by Anwer et al [69] and Fayazbakhsh et al [71]. In particular, Kreutz et al [64] present the vectors of the most common threats in SDN, such as DDoS attacks, and comment on the TLS chal -1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 lenges above.…”

Section: Securitymentioning

confidence: 99%

Resilience support in software-defined networking: A survey

et al. 2015

View full text Add to dashboard Cite

Software-Defined Networking (SDN) is an architecture for computer networking that provides a clear separation between network control functions and forwarding operations. The abstractions supported by this architecture are intended to simplify the implementation of several tasks that are critical to network operation, such as routing and network management. Computer networks have an increasingly important societal role, requiring them to be resilient to a range of challenges. Previously, research into network resilience has focused on the mitigation of several types of challenges, such as natural disasters and attacks. Capitalising on its benefits, including increased programmability and a clearer separation of concerns, significant attention has recently focused on the development of resilience mechanisms that use software-defined networking approaches. In this article, we present a survey that provides a structured overview of the resilience support that currently exists in this important area. We categorize the most recent research on this topic with respect to a number of resilience disciplines. Additionally, we discuss the lessons learned from this investigation, highlight the main challenges faced by SDNs moving forward, and outline the research trends in terms of solutions to mitigate these challenges . 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 This article presents a survey on the support for network resilience in SoftwareDefined Networking (SDN). This has been the subject of intense investigation by the academic and industrial community in the past few years, as evidenced by the number of papers included in our survey (159 references in total). Capitalizing on the benefits of SDN, including increased programmability and a clearer separation of concerns, significant attention has recently focused on the development of resilience mechanisms that use software-defined networking approaches. Thus, a wide range of solutions to classical network problems have been revisited using this architecture, but many problems continue to be challenging.Our survey investigates the resilience support that currently exists in this important area, and categorizes the most recent research on this topic with respect to a number of resilience disciplines. Additionally, we discuss the lessons learned from this investigation, highlight the main challenges faced by SDNs moving forward, and outline the research trends in terms of solutions to mitigate these challenges. The aim of the survey is to offer to the reader a structured view of network resilience in the SDN spectrum, and how resilience aspects are supported in these architectures.We believe that this subject material is closely aligned with the objectives of the journal. Please be assured that:1. This paper has not been published or accepted for publication w...

show abstract

Towards secure and dependable software-defined networks

Cited by 581 publications

References 20 publications

Software-defined network flow table overflow attacks and countermeasures

Software-defined network flow table overflow attacks and countermeasures

A Software-Defined Networking Security Controller Architecture

Resilience support in software-defined networking: A survey

Contact Info

Product

Resources

About