SDN security: A survey

SDN4FNS 2013 - 2013 Workshop on Software Defined Networks for Future Networks and Services

Volumn , Issue , 2013, Pages

  Scott Hayward, Sandra ^a   O'Callaghan, Gemma ^a   Sezer, Sakir ^a  

^a QUEEN'S UNIVERSITY BELFAST   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER NETWORKS; INFORMATION SYSTEMS;

DEVICES AND SYSTEMS; FUTURE RESEARCH DIRECTIONS; NETWORK INTRUDERS; NETWORK OPERATOR; NETWORKING COMMUNITY; SECURITY CHALLENGES; SECURITY ENHANCEMENTS; SOFTWARE-DEFINED NETWORKINGS;

SURVEYS;

EID: 84893626159     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SDN4FNS.2013.6702553     Document Type: Conference Paper

References (35)

1. S. Jain, A. Kumar, S. Mandal, J. Ong, L. Poutievski, A. Singh, S. Venkata, J. Wanderer, J. Zhou, and M. Zhu, "B4: Experience with a globally-deployed software defined wan," in Proceedings of the ACM SIGCOMM 2013 conference. ACM, 2013, pp. 3-14.
2. S. Sezer, S. Scott-Hayward, P. Chouhan, B. Fraser, D. Lake, J. Finnegan, N. Viljoen, M. Miller, and N. Rao, "Are we ready for SDN? Implementation challenges for software-defined networks," Communications Magazine, IEEE, vol. 51, no. 7, 2013.
3. "Network Functions Virtualization-Introductory White Paper," October, 2012. [Online]. Available: http://portal.etsi.org/NFV/NFV-White-Paper. pdf
4. C. Douligeris and D. N. Serpanos, Network security: current status and future directions. Wiley. com, 2007.
5. M. Casado, T. Garfinkel, A. Akella, M. J. Freedman, D. Boneh, N. McKeown, and S. Shenker, "Sane: A protection architecture for enterprise networks," in USENIX Security Symposium, 2006.
6. M. Casado, M. J. Freedman, J. Pettit, J. Luo, N. McKeown, and S. Shenker, "Ethane: Taking control of the enterprise," in ACM SIGCOMM Computer Communication Review, vol. 37, no. 4. ACM, 2007, pp. 1-12.
7. R. Kloeti, "OpenFlow: A Security Analysis," April 2013. [Online]. Available: ftp://yosemite.ee.ethz.ch/pub/students/2012-HS/MA-2012-20- signed.pdf
8. S. Hernan, S. Lambert, T. Ostwald, and A. Shostack, "Threat modeling-uncover security design flaws using the stride approach," MSDN Magazine-Louisville, pp. 68-75, 2006.
9. "OpenFlow Switch Specification Version 1.3.2," Open Networking Foundation. [Online]. Available: https://www.opennetworking.org
10. K. Benton, L. J. Camp, and C. Small, "OpenFlow Vulnerability Assessment," in Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking. ACM, 2013, pp. 151-152.
11. D. Kreutz, F. Ramos, and P. Verissimo, "Towards secure and dependable software-defined networks," in Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking. ACM, 2013, pp. 55-60.
12. D. Li, X. Hong, and J. Bowman, "Evaluation of Security Vulnerabilities by Using ProtoGENI as a Launchpad," in Global Telecommunications Conference (GLOBECOM 2011). IEEE, 2011, pp. 1-6.
13. B. Anwer, T. Benson, N. Feamster, D. Levin, and J. Rexford, "A Slick Control Plane for Network Middleboxes," Open Networking Summit, 2013. [Online]. Available: http://nextstep-esolutions.com/Clients/ONS2.0/pdf/2013/ research-track/poster papers/final/ons2013-final51.pdf
14. S. Fayazbakhsh, V. Sekar, M. Yu, and J. Mogul, "FlowTags: Enforcing Network-Wide Policies in the Presence of Dynamic Middlebox Actions," in Proceedings of the second workshop on Hot topics in software defined networks. ACM, 2013.
15. Z. A. Qazi, C.-C. Tu, L. Chiang, R. Miao, V. Sekar, and M. Yu, "SIMPLE-fying Middlebox Policy Enforcement Using SDN." ACM SIGCOMM, August 2013.
16. J. H. Jafarian, E. Al-Shaer, and Q. Duan, "Openflow random host mutation: transparent moving target defense using software defined networking," in Proceedings of the first workshop on Hot topics in software defined networks. ACM, 2012, pp. 127-132.
17. R. Braga, E. Mota, and A. Passito, "Lightweight DDoS flooding attack detection using NOX/OpenFlow," in IEEE 35th Conference on Local Computer Networks (LCN). IEEE, 2010, pp. 408-415.
18. J. R. Ballard, I. Rae, and A. Akella, "Extensible and scalable network monitoring using opensafe," Proc.INM/WREN, 2010.
19. S. Shin and G. Gu, "CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?)," in 20th IEEE International Conference on Network Protocols (ICNP). IEEE, 2012, pp. 1-6.
20. A. K. Nayak, A. Reimers, N. Feamster, and R. Clark, "Resonance: dynamic access control for enterprise networks," in Proceedings of the 1st ACM workshop on Research on enterprise networking. ACM, 2009, pp. 11-18.
21. J. Naous, R. Stutsman, D. Mazieres, N. McKeown, and N. Zeldovich, "Delegating network security with more information," in Proceedings of the 1st ACM workshop on Research on enterprise networking. ACM, 2009, pp. 19-26.
22. R. Skowyra, S. Bahargam, and A. Bestavros, "Software-Defined IDS for Securing Embedded Mobile Devices," 2013. [Online]. Available: http://www.cs.bu.edu/techreports/pdf/2013-005-software-defined-ids.pdf
23. A. Goodney, S. Narayan, V. Bhandwalkar, and Y. H. Cho, "Pattern Based Packet Filtering using NetFPGA in DETER Infrastructure." [Online]. Available: http://fif.kr/AsiaNetFPGAws/paper/2-2.pdf
24. S. A. Mehdi, J. Khalid, and S. A. Khayam, "Revisiting traffic anomaly detection using software defined networking," in Recent Advances in Intrusion Detection. Springer, 2011, pp. 161-180.
25. M. Canini, D. Venzano, P. Peresini, D. Kostic, and J. Rexford, "A NICE way to test OpenFlow applications," in Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation, 2012.
26. E. Al-Shaer and S. Al-Haj, "FlowChecker: Configuration analysis and verification of federated OpenFlow infrastructures," in Proceedings of the 3rd ACM workshop on Assurable and usable security configuration. ACM, 2010, pp. 37-44.
27. R. Sherwood, G. Gibb, K. Yap, G. Appenzeller, M. Casado, N. McKeown, and G. Parulkar, "Flowvisor: A network virtualization layer," OpenFlow Switch Consortium, Tech.Rep, 2009.
28. S. Son, S. Shin, V. Yegneswaran, P. Porras, and G. Gu, "Model Checking Invariant Security Properties in OpenFlow." [Online]. Available: http://faculty.cse.tamu.edu/guofei/paper/Flover-ICC13.pdf
29. A. Khurshid, W. Zhou, M. Caesar, and P. Godfrey, "VeriFlow: Verifying network-wide invariants in real time," ACM SIGCOMM Computer Communication Review, vol. 42, no. 4, pp. 467-472, 2012.
30. T. Hinrichs, N. Gude, M. Casado, J. Mitchell, and S. Shenker, "Expressing and enforcing flow-based network security policies," University of Chicago, Tech.Rep, 2008.
31. C. Schlesinger, A. Story, S. Gutz, N. Foster, and D. Walker, "Splendid isolation: Language-based security for softwaredefined networks," in Proceedings of the first workshop on Hot topics in software defined networks. ACM, 2012, pp. 79-84.
32. S. Shin, P. Porras, V. Yegneswaran, M. Fong, G. Gu, and M. Tyson, "FRESCO: Modular composable security services for software-defined networks," in Proceedings of Network and Distributed Security Symposium, 2013.
33. P. Porras, S. Shin, V. Yegneswaran, M. Fong, M. Tyson, and G. Gu, "A security enforcement kernel for OpenFlow networks," in Proceedings of the first workshop on Hot topics in software defined networks. ACM, 2012, pp. 121-126.
34. R. W. Skowyra, A. Lapets, A. Bestavros, and A. Kfoury, "Verifiably-safe software-defined networks for CPS," in Proceedings of the 2nd ACM international conference on High confidence networked systems. ACM, 2013, pp. 101-110.
35. N. Handigol, B. Heller, V. Jeyakumar, D. Mazires, and N. McKeown, "Where is the debugger for my software-defined network?" in Proceedings of the first workshop on Hot topics in software defined networks. ACM, 2012, pp. 55-60.