Demonstrating State-Based Security Protection Mechanisms in Software Defined Networks
| Title | Demonstrating State-Based Security Protection Mechanisms in Software Defined Networks |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Arumugam, T., Scott-Hayward, S. |
| Conference Name | 2017 8th International Conference on the Network of the Future (NOF) |
| ISBN Number | 978-1-5386-0554-7 |
| Keywords | adaptive network security services, application program interfaces, authentication, automated network security services, Communication networks, computer network management, computer network security, controller interaction, Customer relationship management, link reconfiguration, Metrics, necessary control functions, network function virtualization technologies, Ports (Computers), privacy, pubcrawl, SDN configuration security protection mechanism, SDN security protection mechanisms, SDN-NFV, SDN-specific attacks, security of data, software defined networking, software radio, stateful data-plane designs, switch identification, Switches, telecommunication control, threat vectors, virtualisation |
| Abstract | The deployment of Software Defined Networking (SDN) and Network Functions Virtualization (NFV) technologies is increasing, with security as a recognized application driving adoption. However, despite the potential with SDN/NFV for automated and adaptive network security services, the controller interaction presents both a performance and scalability challenge, and a threat vector. To overcome the performance issue, stateful data-plane designs have been proposed. However, these solutions do not offer protection from SDN-specific attacks linked to necessary control functions such as link reconfiguration and switch identification. In this work, we leverage the OpenState framework to introduce state-based SDN security protection mechanisms. The extensions required for this design are presented with respect to an SDN configuration-based attack. The demonstration shows the ability of the SDN Configuration (CFG) security protection mechanism to support legitimate relocation requests and to protect against malicious connection attempts. |
| URL | https://ieeexplore.ieee.org/document/8251231/ |
| DOI | 10.1109/NOF.2017.8251231 |
| Citation Key | arumugam_demonstrating_2017 |
- privacy
- virtualisation
- threat vectors
- telecommunication control
- Switches
- switch identification
- stateful data-plane designs
- software radio
- software defined networking
- security of data
- SDN-specific attacks
- SDN-NFV
- SDN security protection mechanisms
- SDN configuration security protection mechanism
- pubcrawl
- adaptive network security services
- Ports (Computers)
- network function virtualization technologies
- necessary control functions
- Metrics
- link reconfiguration
- Customer Relationship Management
- controller interaction
- computer network security
- computer network management
- Communication networks
- automated network security services
- authentication
- application program interfaces