Visible to the public OFMTL-SEC: State-based Security for Software Defined Networks

Submitted by aekwall on Mon, 10/05/2020 - 10:54am
TitleOFMTL-SEC: State-based Security for Software Defined Networks
Publication TypeConference Paper
Year of Publication2018
AuthorsScott-Hayward, Sandra, Arumugam, Thianantha
Conference Name2018 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN)
Date Publishednov
Keywordsaddress resolution protocol, ARP Spoofing, composability, computer network security, configuration-based attacks, dynamic network security services, Dynamic Networks and Security, Metrics, network function virtualization, network function virtualization technologies, NFV technologies, OFMTL-SEC, Protocols, pubcrawl, Resiliency, security, software defined networking, state-based SDN security protection mechanisms, stateful data-plane protection designs, stateful security data plane solution, Switches, Topology, virtualisation
AbstractDynamic network security services have been proposed exploiting the benefits of Software Defined Networking (SDN) and Network Functions Virtualization (NFV) technologies. However, many of these services rely on controller interaction, which presents a performance and scalability challenge, and a threat vector. To overcome the performance issue, stateful data-plane designs have been proposed. Unfortunately, these solutions do not offer protection from attacks that exploit the SDN implementation of network functions such as topology and path update, or services such as the Address Resolution Protocol (ARP). In this work, we propose state-based SDN security protection mechanisms. Our stateful security data plane solution, OFMTL-SEC, is designed to provide protection against attacks on SDN and traditional network services. Specifically, we present a novel data plane protection against configuration-based attacks in SDN and against ARP spoofing. OFMTL-SEC is compared with the state-of-the-art solutions and offers increased security to SDNs with negligible performance impact.
DOI10.1109/NFV-SDN.2018.8725686
Citation Keyscott-hayward_ofmtl-sec_2018
Groups: