Skip to main content
SpringerLink
Log in
Book cover

International Symposium on Foundations and Practice of Security

FPS 2016: Foundations and Practice of Security pp 97–116Cite as

Vulnerability Analysis of Software Defined Networking

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10128))

Abstract

Security of Software Defined Networking (SDN) is an open issue because of many reasons. Security requirements were not considered in the primary definition of SDN. Consequently, SDN enlarges the network vulnerability surface by introducing new vulnerabilities that do not exist in the conventional networking architecture. In addition, there are neither security risk management processes nor mathematical models that specifically address SDN security and the influence of its specific features. We provide a vulnerability analysis for SDN to study these weaknesses and to measure their impacts. Our analysis specifies a model of SDN assets that needs to be protected. Then, it derives 114 SDN generic vulnerabilities using standardized security objectives. It relies on an open standardized semi qualitative semi quantitative scoring system to calculate the severities of theses vulnerabilities. Then, it adapts them to SDN specific features using Analytical Hierarchical Process (AHP).

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    STRIDE is a threat model proposed by Microsoft. Its name comes from the initials of the following security categories: Spoofing identity, Tampering with data, Repudiation, Information disclosure, Denial of service, and Elevation of privilege.

References

  1. Soo Hoo, K.J.: How Much Is Enough? A Risk Management Approach to Computer Security, Center for International Security and Cooperation, Palo Alto, CA (2000)

    Google Scholar 

  2. Ranjan, P., Pande, P., Oswal, R., Qurani, Z., Bedi, R.: A survey of past, present and future of software defined networking. Int. J. Adv. Res. Comput. Sci. Manage. Stud. 2(4), 238–248 (2014)

    Google Scholar 

  3. Hu, F., Hao, Q., Bao, K.: A survey on software-defined network and OpenFlow: from concept to implementation. IEEE Commun. Surv. Tutorials 16(4), 2181–2206 (2014)

    Article  Google Scholar 

  4. Nunes, B.A.A., Mendonca, M., Nguyen, X.N., Obraczka, K., Turletti, T.: A survey of software-defined networking: past, present, and future of programmable networks. IEEE Commun. Surv. Tutorials 16(3), 1617–1634 (2014)

    Article  Google Scholar 

  5. Fanning, E.: Software-defined networks. COMPUTERWORLD, Framingham (2015)

    Google Scholar 

  6. Igure, V.M., Williams, R.D.: Taxonomies of attacks and vulnerabilities in computer systems. IEEE Commun. Surv. Tutorials 10(1), 6–19 (2008)

    Article  Google Scholar 

  7. Scarfone, K.: Common Vulnerability Scoring System (CVSS) Version 2. National Institute of Standards and Technology (NIST), USA (2007)

    Google Scholar 

  8. FIRST and C. SIG teams, Common Vulnerability Scoring System v3.0: Specification Document, Morrisville (2015)

    Google Scholar 

  9. Teknomo, K.: Analytic Hierarchy Process (AHP) Tutorial, Revoledu.com (2012)

    Google Scholar 

  10. Saaty, T.L.: Decision making with the analytic hierarchy process. Int. J. Serv. Sci. 1(1), 83–98 (2008)

    MathSciNet  Google Scholar 

  11. Wang, Z., Zeng, H.: Study on the risk assessment quantitative method of information security. In: 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE), pp. 529–533 (2010)

    Google Scholar 

  12. Luo, S., Dong, M., Ota, K., Wu, J., Li, J.: A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks, Sensors 2015, pp. 31843–31848, 9 November 2015

    Google Scholar 

  13. Open Networking Foundation, Principles and Practices for Securing Software-Defined Networks, ONF, Palo Alto (2015)

    Google Scholar 

  14. Wasserman, M., Hartman, S.: Security Analysis of the Open Networking Foundation (ONF) OpenFlow, Network Working Group (2013)

    Google Scholar 

  15. Kulkarni, V., Kawli, J.: Analysis of OpenFlow Networks (2013)

    Google Scholar 

  16. You, W., Qian, K., He, X., Qian, Y.: OpenFlow security threat detection and defense services. Int. J. Adv. Networking Appl. 6(3), 2347–2351 (2014)

    Google Scholar 

  17. Romão, D., Van Dijkhuizen, N., Konstantaras, S., Thessalonikefs, G.: Practical Security Analysis of Openflow. University of Amsterdam, Amsterdam (2013)

    Google Scholar 

  18. Open Networking Foundation, OpenFlow Switch Specification, ONF, Palo Alto (2014)

    Google Scholar 

  19. Kloti, R.: OpenFlow: A Security Analysis, Master dissertation, Zurich (2013)

    Google Scholar 

  20. Palanive, M., Selvadurai, K.: Risk-driven security testing using risk analysis with threat modeling approach. Springerplus 3(754), 1–14 (2014)

    Google Scholar 

  21. Benton, K., Camp, L.J., Small, C.: OpenFlow Vulnerability Assessment, SIGCOMM HOTSDN, pp. 151–152 (2013)

    Google Scholar 

  22. Kreutz, D., Ramos, F.M.V., Verissimo, P.: Towards secure and dependable software-defined networks, SIGCOMM HotSDN, pp. 55–60, (2013)

    Google Scholar 

  23. Coughlin, M.: A Survey of SDN Security Research. University of Colorado Boulder (2014)

    Google Scholar 

  24. Taha Ali, S., Sivaraman, V., Radford, A., Jha, S.: A survey of securing networks using software defined networking. IEEE Trans. Reliab. 64(3), 1086–1097 (2015)

    Article  Google Scholar 

  25. Scott-Hayward, S., Natarajan, S., Sezer, S.: A survey of security in software defined networks. IEEE Commun. Surv. Tutorials 18(1), 623–654 (2016)

    Article  Google Scholar 

  26. Open Networking Foundation, SDN architecture, ONF, Palo Alto (2014)

    Google Scholar 

  27. Jarraya, Y., Madi, T., Debbabi, M.: A survey and a layered taxonomy of software-defined networking. IEEE Commun. Surv. Tutorials 16(4), 1955–1980 (2014)

    Article  Google Scholar 

  28. Rowshanrad, S., Namvarasl, S., Abdi, V., Hajizadeh, M., Keshtgary, M.: A survey on SDN, the future of networking. J. Adv. Comput. Sci. Technol. 3(2), 232–248 (2014)

    Article  Google Scholar 

  29. openstack, Rackspace Cloud Computing. http://www.openstack.org/. Accessed 25 Sept 2016

  30. RYU Community, Component-Based Software Defined Networking Framework (2014). http://osrg.github.io/ryu/. Accessed 25 Sept 2016

  31. Production Quality, Multilayer Open Virtual Switch, Linux Foundation (2016). http://openvswitch.org/. Accessed 25 Sept 2016

  32. Bazaz, B., Arthur, J.D.: Towards a taxonomy of vulnerabilities. In: Proceedings of the 40th Hawaii International Conference on System Sciences, pp. 163–174 (2007)

    Google Scholar 

  33. Standardization and Telecommunication Sector, Security architecture for systems providing end-to-end communications, International Communication Union, Geneva, Switzerland (2003)

    Google Scholar 

  34. FIRST Team, Common Vulnerability Scoring System Version 3.0 Calculator, FIRST.org (2016). https://www.first.org/cvss/calculator/3.0. Accessed 24 June 2016

  35. Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3, Network Working Group (2015)

    Google Scholar 

  36. Kandoi, R., Antikainen, M.: Denial-of-service attacks in OpenFlow SDN networks. In: IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 1322–1326, 11–15 May 2015

    Google Scholar 

  37. Jain, R., Paul, S.: Network virtualization and software defined networking for cloud computing: a survey. IEEE Commun. Mag. Cloud Networking Commun. 51(11), 24–31 (2013)

    Article  Google Scholar 

  38. Antonio, J.: Alonso. Consistency in the analytic hierarchy process: a new approach, international journal of uncertainty, fuzziness and knowledge-based systems 14(4), 445–459 (2006)

    Google Scholar 

  39. Alexander, M.: Decision-making using the analytic hierarchy process (AHP) and SAS/IML. In: 20th Annual South East SAS Users Group (SESUG) Conference, pp. 1–12 (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IRT B<>COM, UBO, Télécom Bretagne, 35510, Cesson-Sévigné, France

    Salaheddine Zerkane

  2. IRT B<>COM, UBO, 29200, Brest, France

    David Espes & Philippe Le Parc

  3. IRT B<>COM, Télécom Bretagne, 35510, Cesson-Sévigné, France

    Fréderic Cuppens

Authors
  1. Salaheddine Zerkane
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. David Espes
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Philippe Le Parc
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Fréderic Cuppens
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Salaheddine Zerkane .

Editor information

Editors and Affiliations

  1. Télécom Bretagne, Cesson Sévigné, France

    Frédéric Cuppens

  2. Concordia Inst for Info, Concordia University, Montreal, Québec, Canada

    Lingyu Wang

  3. Cesson-Sevigne, Télécom Bretagne, Cesson Sévigné, France

    Nora Cuppens-Boulahia

  4. Local 3950, pavillon Adrien Pouliot, Université Laval, Quebec, Québec, Canada

    Nadia Tawbi

  5. Télécom SudParis, Evry, France

    Joaquin Garcia-Alfaro

Annex

Annex

See Table 4.

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Zerkane, S., Espes, D., Le Parc, P., Cuppens, F. (2017). Vulnerability Analysis of Software Defined Networking. In: Cuppens, F., Wang, L., Cuppens-Boulahia, N., Tawbi, N., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2016. Lecture Notes in Computer Science(), vol 10128. Springer, Cham. https://doi.org/10.1007/978-3-319-51966-1_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-51966-1_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-51965-4

  • Online ISBN: 978-3-319-51966-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation