Visible to the public Biblio

Filters: Keyword is SDN-specific attacks  [Clear All Filters]
2018-04-11
Arumugam, T., Scott-Hayward, S..  2017.  Demonstrating State-Based Security Protection Mechanisms in Software Defined Networks. 2017 8th International Conference on the Network of the Future (NOF). :123–125.

The deployment of Software Defined Networking (SDN) and Network Functions Virtualization (NFV) technologies is increasing, with security as a recognized application driving adoption. However, despite the potential with SDN/NFV for automated and adaptive network security services, the controller interaction presents both a performance and scalability challenge, and a threat vector. To overcome the performance issue, stateful data-plane designs have been proposed. However, these solutions do not offer protection from SDN-specific attacks linked to necessary control functions such as link reconfiguration and switch identification. In this work, we leverage the OpenState framework to introduce state-based SDN security protection mechanisms. The extensions required for this design are presented with respect to an SDN configuration-based attack. The demonstration shows the ability of the SDN Configuration (CFG) security protection mechanism to support legitimate relocation requests and to protect against malicious connection attempts.