Abstract
Security of Software Defined Networking (SDN) is an open issue because of many reasons. Security requirements were not considered in the primary definition of SDN. Consequently, SDN enlarges the network vulnerability surface by introducing new vulnerabilities that do not exist in the conventional networking architecture. In addition, there are neither security risk management processes nor mathematical models that specifically address SDN security and the influence of its specific features. We provide a vulnerability analysis for SDN to study these weaknesses and to measure their impacts. Our analysis specifies a model of SDN assets that needs to be protected. Then, it derives 114 SDN generic vulnerabilities using standardized security objectives. It relies on an open standardized semi qualitative semi quantitative scoring system to calculate the severities of theses vulnerabilities. Then, it adapts them to SDN specific features using Analytical Hierarchical Process (AHP).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
STRIDE is a threat model proposed by Microsoft. Its name comes from the initials of the following security categories: Spoofing identity, Tampering with data, Repudiation, Information disclosure, Denial of service, and Elevation of privilege.
References
Soo Hoo, K.J.: How Much Is Enough? A Risk Management Approach to Computer Security, Center for International Security and Cooperation, Palo Alto, CA (2000)
Ranjan, P., Pande, P., Oswal, R., Qurani, Z., Bedi, R.: A survey of past, present and future of software defined networking. Int. J. Adv. Res. Comput. Sci. Manage. Stud. 2(4), 238–248 (2014)
Hu, F., Hao, Q., Bao, K.: A survey on software-defined network and OpenFlow: from concept to implementation. IEEE Commun. Surv. Tutorials 16(4), 2181–2206 (2014)
Nunes, B.A.A., Mendonca, M., Nguyen, X.N., Obraczka, K., Turletti, T.: A survey of software-defined networking: past, present, and future of programmable networks. IEEE Commun. Surv. Tutorials 16(3), 1617–1634 (2014)
Fanning, E.: Software-defined networks. COMPUTERWORLD, Framingham (2015)
Igure, V.M., Williams, R.D.: Taxonomies of attacks and vulnerabilities in computer systems. IEEE Commun. Surv. Tutorials 10(1), 6–19 (2008)
Scarfone, K.: Common Vulnerability Scoring System (CVSS) Version 2. National Institute of Standards and Technology (NIST), USA (2007)
FIRST and C. SIG teams, Common Vulnerability Scoring System v3.0: Specification Document, Morrisville (2015)
Teknomo, K.: Analytic Hierarchy Process (AHP) Tutorial, Revoledu.com (2012)
Saaty, T.L.: Decision making with the analytic hierarchy process. Int. J. Serv. Sci. 1(1), 83–98 (2008)
Wang, Z., Zeng, H.: Study on the risk assessment quantitative method of information security. In: 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE), pp. 529–533 (2010)
Luo, S., Dong, M., Ota, K., Wu, J., Li, J.: A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks, Sensors 2015, pp. 31843–31848, 9 November 2015
Open Networking Foundation, Principles and Practices for Securing Software-Defined Networks, ONF, Palo Alto (2015)
Wasserman, M., Hartman, S.: Security Analysis of the Open Networking Foundation (ONF) OpenFlow, Network Working Group (2013)
Kulkarni, V., Kawli, J.: Analysis of OpenFlow Networks (2013)
You, W., Qian, K., He, X., Qian, Y.: OpenFlow security threat detection and defense services. Int. J. Adv. Networking Appl. 6(3), 2347–2351 (2014)
Romão, D., Van Dijkhuizen, N., Konstantaras, S., Thessalonikefs, G.: Practical Security Analysis of Openflow. University of Amsterdam, Amsterdam (2013)
Open Networking Foundation, OpenFlow Switch Specification, ONF, Palo Alto (2014)
Kloti, R.: OpenFlow: A Security Analysis, Master dissertation, Zurich (2013)
Palanive, M., Selvadurai, K.: Risk-driven security testing using risk analysis with threat modeling approach. Springerplus 3(754), 1–14 (2014)
Benton, K., Camp, L.J., Small, C.: OpenFlow Vulnerability Assessment, SIGCOMM HOTSDN, pp. 151–152 (2013)
Kreutz, D., Ramos, F.M.V., Verissimo, P.: Towards secure and dependable software-defined networks, SIGCOMM HotSDN, pp. 55–60, (2013)
Coughlin, M.: A Survey of SDN Security Research. University of Colorado Boulder (2014)
Taha Ali, S., Sivaraman, V., Radford, A., Jha, S.: A survey of securing networks using software defined networking. IEEE Trans. Reliab. 64(3), 1086–1097 (2015)
Scott-Hayward, S., Natarajan, S., Sezer, S.: A survey of security in software defined networks. IEEE Commun. Surv. Tutorials 18(1), 623–654 (2016)
Open Networking Foundation, SDN architecture, ONF, Palo Alto (2014)
Jarraya, Y., Madi, T., Debbabi, M.: A survey and a layered taxonomy of software-defined networking. IEEE Commun. Surv. Tutorials 16(4), 1955–1980 (2014)
Rowshanrad, S., Namvarasl, S., Abdi, V., Hajizadeh, M., Keshtgary, M.: A survey on SDN, the future of networking. J. Adv. Comput. Sci. Technol. 3(2), 232–248 (2014)
openstack, Rackspace Cloud Computing. http://www.openstack.org/. Accessed 25 Sept 2016
RYU Community, Component-Based Software Defined Networking Framework (2014). http://osrg.github.io/ryu/. Accessed 25 Sept 2016
Production Quality, Multilayer Open Virtual Switch, Linux Foundation (2016). http://openvswitch.org/. Accessed 25 Sept 2016
Bazaz, B., Arthur, J.D.: Towards a taxonomy of vulnerabilities. In: Proceedings of the 40th Hawaii International Conference on System Sciences, pp. 163–174 (2007)
Standardization and Telecommunication Sector, Security architecture for systems providing end-to-end communications, International Communication Union, Geneva, Switzerland (2003)
FIRST Team, Common Vulnerability Scoring System Version 3.0 Calculator, FIRST.org (2016). https://www.first.org/cvss/calculator/3.0. Accessed 24 June 2016
Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3, Network Working Group (2015)
Kandoi, R., Antikainen, M.: Denial-of-service attacks in OpenFlow SDN networks. In: IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 1322–1326, 11–15 May 2015
Jain, R., Paul, S.: Network virtualization and software defined networking for cloud computing: a survey. IEEE Commun. Mag. Cloud Networking Commun. 51(11), 24–31 (2013)
Antonio, J.: Alonso. Consistency in the analytic hierarchy process: a new approach, international journal of uncertainty, fuzziness and knowledge-based systems 14(4), 445–459 (2006)
Alexander, M.: Decision-making using the analytic hierarchy process (AHP) and SAS/IML. In: 20th Annual South East SAS Users Group (SESUG) Conference, pp. 1–12 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Annex
Annex
See Table 4.
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Zerkane, S., Espes, D., Le Parc, P., Cuppens, F. (2017). Vulnerability Analysis of Software Defined Networking. In: Cuppens, F., Wang, L., Cuppens-Boulahia, N., Tawbi, N., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2016. Lecture Notes in Computer Science(), vol 10128. Springer, Cham. https://doi.org/10.1007/978-3-319-51966-1_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-51966-1_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-51965-4
Online ISBN: 978-3-319-51966-1
eBook Packages: Computer ScienceComputer Science (R0)