Abstract
The requirements of cloud computing are putting the traditional networks in tension which influence the quality of the services provided by cloud computing. Therefore, the application of software defined-network (SDN) within cloud computing reinforces the dynamicity and flexibility of cloud. Recently, SDN is the trend in networking and virtualized networks, where, SDN separate the network control plane from the data plane, which leads the management of the network routing from decentered architecture to centered architecture. Despite the advantages of merging the SDN paradigm within the cloud environment, the security issues still in the surface. This paper presents a survey on the security issues in software-defined networking and the challenges faced by admins and providers in order to guarantee a secure environment with a resume about the proposed solution.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Referernces
Khalil, I.M., Khreishah, A., Azeem, M.: Cloud computing security: A survey. Computers 3(1), 1–35 (2014)
Gong, Y., Huang, W., Wang, W., Lei, Y.: A survey on software defined networking and its applications. Front. Comput. Sci. 9(6), 827–845 (2015)
Cisco Inc.: Software-defined networking: why we like it and how we are building on it, White Paper (2013)
McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Turner, J.: OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev. 38(2), 69–74 (2008)
Ahmad, I., Nama, S., Ylianttila, M., Gurtov, A.: Security in software defined networks: A survey. IEEE Commun. Surv. Tutorials 17(4), 2317–2346 (2015)
Rawat, D.B., Reddy, S.R.: Software defined networking architecture, security and energy efficiency: A survey. IEEE Commun. Surv. Tutorials 19(1), 1–22 (2016)
Kemmer, F., Reich, C., Knahl, M., Nathan, C.: Software defined privacy. In: IEEE International Conference on Cloud Engineering Workshop, pp. 25–29 (2016)
Han, B., Gopalakrishnan, V., Ji, L.S., Lee, S.J.: Network function virtualization: challenges and opportunities for innovations. IEEE Commun. Mag. 53(2), 90–97 (2015)
Yang, W., Fung, C.: A survey on security in network functions virtualization. In: IEEE NetSoft Conference and Workshops (NetSoft), pp. 15–19 (2016)
Hu, F., Hao, Q., Bao, K.: A survey on software-defined network and OpenFlow from concept to implementation. IEEE Commun. Surv. Tutorials 16(4), 2181–2206 (2014)
Shu, Z., Wan, J., Li, D., Lin, J., Vasilakos, A.V., Imran, M.: Security in software-defined networking: Threats and countermeasures. Mobile Netw. Appl. 21(5), 764–776 (2016)
Bernardo, D.V.: Software-defined networking and network function virtualization security architecture (2017). https://tools.ietf.org/html/draft-bernardo-sec-arch-sdnnvf-architecture-00
Namal, S., Ahmad, I., Gurtov, A., Ylianttila, M.: SDN based intertechnology load balancing leveraged by flow admission control. In: IEEE SDN for Future Networks and Services, pp. 1–5 (2013)
Kreutz, D., Ramos, F.M., Verissimo, P.E., Rothenberg, C.E., Azodolmolky, S., Uhlig, S.: Software-defined networking: A Comprehensive survey. Proc. IEEE 103(1), 14–76 (2015)
Stallings, W.: Software-defined networks and OpenFlow. Internet Protoc. J. 16 (2015)
Top ten web application vulnerabilities (2017). https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
Green, M., Smith, M.: Developers are not the enemy!: the need for usable security APIs. IEEE Secur. Priv. 14(5), 40–46 (2016)
Zhang, P., Wang, H., Hu, C., Lin, C.: On denial of service attacks in software defined networks. IEEE Netw. 30(6), 28–33 (2016)
Brezetz, S.B., Kamga, G.B., Balla, M.N., Criton, T., Jebalia, H.: SDN-based trusted path in a multi-domain network. In: IEEE International Conference on Cloud Engineering Workshop, pp. 19–24 (2016)
Benton, K., Camp, L.J., Small, C.: OpenFlow vulnerability assessment. In: 2nd ACM SIGCOMM workshop on Hot Topics in Software Defined Networking, pp. 151–152 (2013)
Wen, X., Chen, Y., Hu, C., Shi, C., Wang, Y.: Towards a secure controller platform for openflow applications. In: The Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 171–172 (2013)
Canini, M., Venzano, D., Peresini, P., Kostic, D., Rexford, J.: A NICE way to test OpenFlow applications. In: The 9th USENIX Conference on Networked Systems Design and Implementation (2012)
Yu, D., Moore, A.W., Hall, C., Anderson, R.: Authentication for resilience: The case of SDN. In: Security Protocols XXI. Springer, Berlin, pp. 39–44 (2013)
Security Enhanced (SE) Floodlight (2017). http://www.openflowsec.org/Technologies.html
Mattos, D.M.F., Ferraz, L.H.G., Duarte, O.C.M.B.: AuthFlow: Authentication and access control mechanism for software defined networking. Univ. Federal Rio Janeiro, Rio de Janeiro, Brazil (2014)
Ball, T., Bjmer, N., Gember, A., Itzhaky, S., Karbyshev, A., Sagiv, M., Valadarsky, A.: Vericon: towards verifying controller programs in software-defined networks. ACM SIGPLAN Not. 49(6), 282–293 (2014)
Porras, P., Shin, S., Yegneswaran, V., Fong, M., Tyson, M., Gu, G.: A security enforcement kernel for OpenFlow networks. In: 1st Workshop Hot Topics Software Defined Network, pp. 121–126 (2012)
Chandrasekaran, B., Benson, T.: Tolerating SDN application failures with LegoSDN. In: Proceedings of the 13th ACM Workshop Hot Topics Network (2014)
Shin, S., et al.: Rosemary: A robust, secure, and high-performance network operating system. In: ACM Conference on Computer and Communications Security, pp. 78–89 (2014)
Kazemian, P., Chan, M., Zeng H., Varghese, G., McKeown, N., Whyte, S.: Real time network policy checking using header space analysis. In: USENIX Symposium on Networked Systems Design and Implementation, pp. 99–111 (2013)
Mai, H., Khurshid, A., Agarwal, R., Caesar, M., Godfrey, P., King, S.: Debugging the data plane with anteater. ACM SIGCOMM Comput. Commun. Rev. 41(4), 290–301 (2011)
Son, S., Shin, S., Yegneswaran, V., Porras, P., Gu, G.: Model checking invariant security properties in OpenFlow. In: International Conference on Communications (ICC), pp. 1974–1979 (2013)
Shin, S., Porras, P., Yegneswaran, V., Fong, M., Gu, G., Tyson, M.: FRESCO: Modular composable security services for software-defined Networks. In: Network and Distributed Security Symposium, pp. 1–16 (2013)
Wang, H., Xu, L., Gu, G.: FloodGuard: a dos attack prevention extension in software-defined networks. In: 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 239–250 (2015)
Suh, J., Choi, H. G., Yoon, W., You, T., Kwon, T., Choi, Y.: Implementation of a content-oriented networking architecture (CONA): a focus on DDoS countermeasure. In: European NetFPGA Developers Workshop (2010)
Tootoonchian, A., Ganjali, Y.: HyperFlow: a distributed control plane for OpenFlow. In: The 2010 Internet Network Management Conference on Research on Enterprise Networking. USENIX Association, p. 3 (2010)
Voellmy, A., Wang, J.: Scalable software defined network controllers. In: The ACM SIGCOMM 2012 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, pp. 289–290 (2012)
Phemius, K., Bouet, M., Leguay, J.: DISCO: Distributed SDN controllers in a multi-domain environment. In: IEEE Network Operations and Management Symposium (NOMS), pp. 1–4 (2014)
Yao, G., Bi, J., Xiao, P.: Source address validation solution with OpenFlow/NOX architecture. In: 19th IEEE International Conference on Network Protocols (ICNP), pp. 7–12 (2011)
Sherwood, R., Gibb, G., Yap, K.K., Appenzeller, G., Casado, M., McKeown, N., Parulkar, G.: Flowvisor: a network virtualization layer. OpenFlow Switch Consortium, Technical Report (2009)
Khurshid, A., Zhou, W., Caesar, M., Godfrey, P.: Veriflow: verifying network-wide invariants in real time. In: ACM SIGCOMM Computer Communication Review, pp. 467–472 (2012)
Scott-Hayward, S., Natarajan, S., Sezer, S.: A survey of security in software defined networks. IEEE Commun. Surv. Tutorials 18(1), 623–654 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
El Moussaid, N., Toumanari, A., El Azhari, M. (2018). Survey of Security in Software-Defined Network. In: Ezziyyani, M., Bahaj, M., Khoukhi, F. (eds) Advanced Information Technology, Services and Systems. AIT2S 2017. Lecture Notes in Networks and Systems, vol 25. Springer, Cham. https://doi.org/10.1007/978-3-319-69137-4_21
Download citation
DOI: https://doi.org/10.1007/978-3-319-69137-4_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-69136-7
Online ISBN: 978-3-319-69137-4
eBook Packages: EngineeringEngineering (R0)