Software-defined network controller security : empirical study

Ahmed Dawoud; Seyed Shahristani; Chun Raun

Software-defined network controller security : empirical study

Ahmed Dawoud, Seyed Shahristani, Chun Raun

Western Sydney University

Research output: Chapter in Book / Conference Paper › Conference Paper › peer-review

Abstract

Software-defined networks (SDN) introduce a novel networking paradigm. SDN architecture separates the control and data planes, whereas the control plane generates flow rules required to forward packets by data plane devices. Devices logic detached to form a new plane named controller. SDN model decomposes the complexity of the traditional network and leverages management flexibility and scalability. Nevertheless, security is a major challenge in SDN networks. The controller is a crucial element in the SDN model, considering a single entity governs the entire network. A centralized configuration is highly vulnerable, as the controller is an attractive target for intruders. This paper explores the threats related to the SDN architecture, specifically, threats originated from the existence of controller. The study analyzes controller security on three levels. The first phase of the analysis defines potential threats in various literature. Therefore, we expand and formalize threats in a STRIDE analysis. In the second phase, we deeply analyze the attacks through several attack trees. The third phase is an experiment to evince the threats and the consequence. The study investigates the current security solutions and their limitations. The paper provides an empirical analysis of the controller security to identify, formalize, and quantify the security concerns related to the new model.

Original language	English
Title of host publication	Proceedings of the International Conference on Information Technology and Applications (ICITA), 1-4 July 2017, Sydney, Australia
Publisher	ICITA
Number of pages	7
ISBN (Print)	9780980326796
Publication status	Published - 2017
Event	International Conference on Information Technology and Applications - Duration: 1 Jul 2017 → …

Conference

Conference	International Conference on Information Technology and Applications
Period	1/07/17 → …

Keywords

computer networks
security measures
software-defined networking (computer network technology)

Cite this

@inproceedings{c5717b9dda044adf92d49c04beadef55,

title = "Software-defined network controller security : empirical study",

abstract = "Software-defined networks (SDN) introduce a novel networking paradigm. SDN architecture separates the control and data planes, whereas the control plane generates flow rules required to forward packets by data plane devices. Devices logic detached to form a new plane named controller. SDN model decomposes the complexity of the traditional network and leverages management flexibility and scalability. Nevertheless, security is a major challenge in SDN networks. The controller is a crucial element in the SDN model, considering a single entity governs the entire network. A centralized configuration is highly vulnerable, as the controller is an attractive target for intruders. This paper explores the threats related to the SDN architecture, specifically, threats originated from the existence of controller. The study analyzes controller security on three levels. The first phase of the analysis defines potential threats in various literature. Therefore, we expand and formalize threats in a STRIDE analysis. In the second phase, we deeply analyze the attacks through several attack trees. The third phase is an experiment to evince the threats and the consequence. The study investigates the current security solutions and their limitations. The paper provides an empirical analysis of the controller security to identify, formalize, and quantify the security concerns related to the new model.",

keywords = "computer networks, security measures, software-defined networking (computer network technology)",

author = "Ahmed Dawoud and Seyed Shahristani and Chun Raun",

year = "2017",

language = "English",

isbn = "9780980326796",

booktitle = "Proceedings of the International Conference on Information Technology and Applications (ICITA), 1-4 July 2017, Sydney, Australia",

publisher = "ICITA",

note = "International Conference on Information Technology and Applications ; Conference date: 01-07-2017",

}

TY - GEN

T1 - Software-defined network controller security : empirical study

AU - Dawoud, Ahmed

AU - Shahristani, Seyed

AU - Raun, Chun

PY - 2017

Y1 - 2017

N2 - Software-defined networks (SDN) introduce a novel networking paradigm. SDN architecture separates the control and data planes, whereas the control plane generates flow rules required to forward packets by data plane devices. Devices logic detached to form a new plane named controller. SDN model decomposes the complexity of the traditional network and leverages management flexibility and scalability. Nevertheless, security is a major challenge in SDN networks. The controller is a crucial element in the SDN model, considering a single entity governs the entire network. A centralized configuration is highly vulnerable, as the controller is an attractive target for intruders. This paper explores the threats related to the SDN architecture, specifically, threats originated from the existence of controller. The study analyzes controller security on three levels. The first phase of the analysis defines potential threats in various literature. Therefore, we expand and formalize threats in a STRIDE analysis. In the second phase, we deeply analyze the attacks through several attack trees. The third phase is an experiment to evince the threats and the consequence. The study investigates the current security solutions and their limitations. The paper provides an empirical analysis of the controller security to identify, formalize, and quantify the security concerns related to the new model.

AB - Software-defined networks (SDN) introduce a novel networking paradigm. SDN architecture separates the control and data planes, whereas the control plane generates flow rules required to forward packets by data plane devices. Devices logic detached to form a new plane named controller. SDN model decomposes the complexity of the traditional network and leverages management flexibility and scalability. Nevertheless, security is a major challenge in SDN networks. The controller is a crucial element in the SDN model, considering a single entity governs the entire network. A centralized configuration is highly vulnerable, as the controller is an attractive target for intruders. This paper explores the threats related to the SDN architecture, specifically, threats originated from the existence of controller. The study analyzes controller security on three levels. The first phase of the analysis defines potential threats in various literature. Therefore, we expand and formalize threats in a STRIDE analysis. In the second phase, we deeply analyze the attacks through several attack trees. The third phase is an experiment to evince the threats and the consequence. The study investigates the current security solutions and their limitations. The paper provides an empirical analysis of the controller security to identify, formalize, and quantify the security concerns related to the new model.

KW - computer networks

KW - security measures

KW - software-defined networking (computer network technology)

UR - http://handle.westernsydney.edu.au:8081/1959.7/uws:47586

UR - http://www.icita.org/2017/papers/au-dawoud.pdf

M3 - Conference Paper

SN - 9780980326796

BT - Proceedings of the International Conference on Information Technology and Applications (ICITA), 1-4 July 2017, Sydney, Australia

PB - ICITA

T2 - International Conference on Information Technology and Applications

Y2 - 1 July 2017

ER -

Software-defined network controller security : empirical study

Abstract

Conference

Keywords

Other files and links

Fingerprint

Cite this