Total views : 400

Is SDN the Real Solution to Security Threats in Networks? A Security Update on Various SDN Models

Affiliations

  • Department of Computer Science, Himachal Pradesh University, Summer Hill Shimla, Himachal Pradesh, India

Abstract


Objectives: The concept of Software Defined Networks (SDNs) has changed the way the traditional networks used to function. The security mechanisms for these SDNs are evolving very fast. The objective of this paper is to evaluate existing significant security mechanism and to propose an inclusive secure architecture for this new generation networking. Method/Statistical Analysis: Network security requires a laser focused approach to tackle ever increasing vulnerabilities/threat perceptions. With significant advances in Software Defined Networks (SDNs) research, a number of network threat mitigation mechanisms have been proposed by the researchers. The authors have evaluated these security solutions along the three important dimensions namely area of focus, mitigation solutions and drawbacks. Findings: This paper has attempted to highlight the prevalent threat mitigation strategies, their strong point features and limitations for adoption of a mitigation strategy for corresponding SDN model (s). The study divulges that no single model can tackle all the prevalent security issues and thus there is need to develop a model which can tackle most, if not all security issues. This analysis has helped the authors to propose a generalized rational security model for SDNs. Application/Improvements: This paper intends to initiate a debate in the community of researchers and academicians, to build a consensus on the must have security ingredients of an inclusive SDN architecture. These must-ingredients can become basis of an inclusive SDN model.

Keywords

SDN, SDN Model, SDN Architecture, Security Ingredients, Security Threats.

Full Text:

 |  (PDF views: 489)

References


  • Shin S, Gu G, CloudWatcher: Network security monitoring using openflow in dynamic cloud networks. Proceedings of 20th IEEE International Conference on Network Protocols (ICNP); 2012. p. 1–6.
  • Corbett C, Uher J, Cook J, Dalton A. Countering intelligent jamming with full protocol stack agility, security and privacy. IEEE. 2014; 12(2):44–50.
  • Kreutz D, Ramos FMV, Verissimo P. Towards secure and dependable software-defined networks. Proceedings of HotSDN’13; Hong Kong, China. 2013 Aug 16.
  • Shirali-Shahreza S, Ganjali Y, FleXam: Flexible sampling extension for monitoring and security applications in openflow. Proceedings of HotSDN’13; Hong Kong, China. 2013 Aug 16.
  • Casado M, Freedman MJ, Pettit J, Luo J, Mckeon N, Shenker S. Ethane: Taking control of the enterprise. Proceedings of SIGCOMM 07; Kyoto, Japan. 2007 Aug 27–31.
  • Dixit A, Hao F, Mukherjee S, Lakshman TV, Kompella R. Towards an elastic distributed SDN controller. Proceedings of HotSDN 13; Hong Kong, China. 2013 August 16.
  • Lim S, Ha J, Kim H, Kim Y, Yang S. A SDN-oriented DDoS blocking scheme for botnet-based attacks. Proceedings of Ubiquitous and Future Networks (ICUFN); 2014. p. 63–8.
  • Vanbever L, Reich J, Benson T, Foster N, Rexford J. Hot swap: Correct and efficient controller upgrades for software-defined networks. Proceedings of HotSDN’13; Hong Kong, China. 2013 Aug.
  • Phemius K, Bouet M, Leguay J. DISCO-distributed multidomain SDN controllers. IEEE Network Operations and Management Symposium (NOMS); 2014 May 5-9. p. 1–4.
  • Abaid Z, Rezvani M, Jha S. Monitor malware: An SDNbased framework for securing large netowrks. CoNext Student Workshop; Sydney, Australia. 2014.
  • Jin R, Wang B. Malware detection for mobile devices using software-defined networking. IEEE 2nd GENI Research and Educational Experiment Workshop (GREE); 2013 Mar 20-22; p. 81–8.
  • Krishnan R, Krishnaswamy D, Medysan D. Behavioral security threat detection strategies of data center switches and routers. Proceedings of IEEE 34th International Conference on Distributed Computing Systems Workshops (ICDCSW); 2014. p. 82–7.
  • Braga R, Mota E, Passito A. Lightweight DDoS flooding attack detection using NOX/ openflow. Proceedings of 35th Conference on IEEE Local Computer Networks (LCN); 2010 Oct 10-14. p. 408–15.
  • Kampanakis P, Perros H, Beyene T. SDN-based solutions for moving target defense network protection. IEEE Proceedings of 15th International Symposium WoWMoM; 2014 Jun 19. p. 1–6.
  • Dunlop M, Groat S, Urbanski W, Marchany R, Tront J. MT6D: A moving target IPv6 defens. Proceedings of Military Communication Conference; Baltimore, MD. 2011 Nov 10. p. 1321–6.
  • Li H, Li P, Guo S, Nayak A. Byzantine-resilient secure software-defined networks with multiple controllers in cloud. IEEE Transactions on Cloud Computing. 2014 Sept 5; 436–47.
  • He J, Guand Z, Xu F. Role-based modeling and analysis of workflow for SDN. Proceedings of International Conference on Business Management and Electronic Information (BMEI); Guangzhou, China. 2011. p. 254–8.
  • Hand R, Ton M, Keller E. Active security. Proceedings of Hotnets; USA. 2013 Nov 21-22. p. 7–12.
  • Matsumoto S, Hitz S, Perrig A. Fleet: Defending SDNs from malicious administrators. ACM Proceedings of HotSDN; Chicago II, USA. 2014. p. 103–8.
  • Zaalouk A, Khondoker R, Marz R, Bayarou K. OrchSec: An orchestrator-based architecture for enhancing networksecurity using network monitoring and sdn control functions. IEEE Network Operations and Management Symposium (NOMS); 2014. p. 1–9.
  • Wen X, Chen Y, Hu C, Shi C, Wang Y. Towards a secure controller platform for openflow applications. Proceedings of ACM SIGCOMM HotSDN’13; Hong Kong, China. 2013 Aug 16. p. 171–2.
  • Dotcenko S, Vladyko A, Latenko I. A fuzzy logic-based information security management for software-defined networks. IEEE 16th International Conference on Advanced Communication Technology (ICACT); 2014. p. 167–71.
  • Sezer S, Scott-Hayward S, Chouhan PK, Fraser B, Lake D, Finnegan J, Viljoen N, Miller M, Rao N. Are we ready for SDN? Implementation challenges for software-defined networks. IEEE Communications Magazine. 2013 Jul. p. 36–43.
  • Bouet M, Leguay J, Conan V. Cost-based placement of virtualized deep packet inspection functions in SDN. IEEE Proceedings of MILCOM; 2013 Nov 18-20. p. 992–7.
  • Song S, Hong S, Guan X, Choi B, Choi C. NEOD: Network embedded on-line disaster management framework for software defined networking. IFIP/IEEE International Symposium on Integrated Network Management; 2013 May 27-31. p. 492–8.
  • Wang H. Authentic and confidential policy distribution in software defined wireless network. IEEE Proceedings of International Wireless Communications and Mobile Computing Conference (IWCMC); 2014. p. 1167–71.
  • Chaudet C, Haddad Y. Wireless software defined networks: Challenges and opportunities. IEEE Proceedings of International Conference on Microwaves, Communications, Antennas and Electronic Systems (COMCAS); Tel Aviv, Israel. 2013 Oct 1-5. p. 21–3.
  • Zhang L, Shou G, Hu Y, Guo Z. Deployment of intrusion prevention system based on software defined networking. IEEE Proceeding of ICCT Networks and Services (SDN4FNS); 2013 Nov 17-19. p. 26–31.
  • Jagadeesan NA, Pal R, Nadikuditi K, Huang Y, Shi R, Yu M. A secure computation framework for SDNs. Proceedings of HotSDN; 2014. p. 209–10.

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.