Security in SDN: A comprehensive survey

Software Defined Networking (SDN) is a revolutionary paradigm that is maturing along with other network technologies in the next-gen trend. The separation of control and data planes in SDN enables the emergence of novel network features like centralized flow management and network programmability th...

Full description

Autores:

Tipo de recurso:

Fecha de publicación:: 2020

Institución:: Universidad de Medellín

Repositorio:: Repositorio UDEM

Idioma:: eng

id	REPOUDEM2_0133187cf61848599d77294b2a67f2c4
oai_identifier_str	oai:repository.udem.edu.co:11407/5743
network_acronym_str	REPOUDEM2
network_name_str	Repositorio UDEM
repository_id_str
dc.title.none.fl_str_mv	Security in SDN: A comprehensive survey
title	Security in SDN: A comprehensive survey
spellingShingle	Security in SDN: A comprehensive survey Attack detection Forensics Network applications Network monitoring Network security Openflow Programmable networks Security threats Software defined networking Threats mitigation Traffic inspection Virtualized network functions Vulnerabilities Application programs Cost effectiveness Heterogeneous networks Information management Network function virtualization Security systems Software defined networking Transfer functions Attack detection Forensics Network applications Network functions Network Monitoring Openflow Programmable network Security threats Threats mitigations Vulnerabilities Network security
title_short	Security in SDN: A comprehensive survey
title_full	Security in SDN: A comprehensive survey
title_fullStr	Security in SDN: A comprehensive survey
title_full_unstemmed	Security in SDN: A comprehensive survey
title_sort	Security in SDN: A comprehensive survey
dc.subject.none.fl_str_mv	Attack detection Forensics Network applications Network monitoring Network security Openflow Programmable networks Security threats Software defined networking Threats mitigation Traffic inspection Virtualized network functions Vulnerabilities Application programs Cost effectiveness Heterogeneous networks Information management Network function virtualization Security systems Software defined networking Transfer functions Attack detection Forensics Network applications Network functions Network Monitoring Openflow Programmable network Security threats Threats mitigations Vulnerabilities Network security
topic	Attack detection Forensics Network applications Network monitoring Network security Openflow Programmable networks Security threats Software defined networking Threats mitigation Traffic inspection Virtualized network functions Vulnerabilities Application programs Cost effectiveness Heterogeneous networks Information management Network function virtualization Security systems Software defined networking Transfer functions Attack detection Forensics Network applications Network functions Network Monitoring Openflow Programmable network Security threats Threats mitigations Vulnerabilities Network security
description	Software Defined Networking (SDN) is a revolutionary paradigm that is maturing along with other network technologies in the next-gen trend. The separation of control and data planes in SDN enables the emergence of novel network features like centralized flow management and network programmability that encourage the introduction of new and enhanced network functions in order to improve prominent network deployment aspects such as flexibility, scalability, network-wide visibility and cost-effectiveness. Although SDN exhibits a rapid evolution that is shaping this technology as a key enabler for future implementations in heterogeneous network scenarios, namely, datacenters, ISPs, corporate, academic and home; the technology is far from being considered secure and dependable to this day which inhibits its agile adoption. In recent years, the scientific community has been attracted to explore the field of SDN security to close the gap to SDN adoption. A twofold research context has been identified: on the one hand, leveraging SDN features to enhance security; while on the other hand one can find the pursue of a secure SDN system architecture. This article includes a description of security threats that menace SDN and a list of attacks that take advantage of vulnerabilities and misconfigurations in SDN constitutive elements. Accordingly, a discussion emphasizing the duality SDN-for-security and SDN-security is also presented. A comprehensive review of state-of-the art is accompanied by a categorization of the current research literature in a taxonomy that highlights the main characteristics and contributions of each proposal. Finally, the identified urgent needs and less explored topics are used to outline the opportunities and future challenges in the field of SDN security. © 2020 Elsevier Ltd
publishDate	2020
dc.date.accessioned.none.fl_str_mv	2020-04-29T14:53:51Z
dc.date.available.none.fl_str_mv	2020-04-29T14:53:51Z
dc.date.none.fl_str_mv	2020
dc.type.eng.fl_str_mv	Review
dc.type.coarversion.fl_str_mv	http://purl.org/coar/version/c_970fb48d4fbd8a85
dc.type.coar.fl_str_mv	http://purl.org/coar/resource_type/c_2df8fbb1
dc.type.driver.none.fl_str_mv	info:eu-repo/semantics/article
dc.identifier.issn.none.fl_str_mv	10848045
dc.identifier.uri.none.fl_str_mv	http://hdl.handle.net/11407/5743
dc.identifier.doi.none.fl_str_mv	10.1016/j.jnca.2020.102595
identifier_str_mv	10848045 10.1016/j.jnca.2020.102595
url	http://hdl.handle.net/11407/5743
dc.language.iso.none.fl_str_mv	eng
language	eng
dc.relation.isversionof.none.fl_str_mv	https://www.scopus.com/inward/record.uri?eid=2-s2.0-85082809201&doi=10.1016%2fj.jnca.2020.102595&partnerID=40&md5=c656cfb5552b37d3391464f8233a240c
dc.relation.citationvolume.none.fl_str_mv	159
dc.relation.references.none.fl_str_mv	Abubakar, A., Pranggono, B., Machine learning based intrusion detection system for software defined networks (2017) 2017 Seventh International Conference on Emerging Security Technologies, pp. 138-143. , EST Ahmad, I., Namal, S., Ylianttila, M., Gurtov, A., Security in software defined networks: a survey (2015) IEEE Commun. Surv. Tutor., 17 (4), pp. 2317-2346 Ajaeiya, G.A., Adalian, N., Elhajj, I.H., Kayssi, A., Chehab, A., Flow-based intrusion detection system for sdn (2017) 2017 IEEE Symposium on Computers and Communications, pp. 787-793. , ISCC Akhunzada, A., Ahmed, E., Gani, A., Khan, M.K., Imran, M., Guizani, S., Securing software defined networks: taxonomy, requirements, and open issues (2015) IEEE Commun. Mag., 53 (4), pp. 36-44 Akhunzada, A., Gani, A., Anuar, N.B., Abdelaziz, A., Khan, M.K., Hayat, A., Khan, S.U., Secure and dependable software defined networks (2016) J. Netw. Comput. Appl., 61, pp. 199-221 Al-Shaer, E., Al-Haj, S., Flowchecker: configuration analysis and verification of federated openflow infrastructures (2010) Proceedings of the 3rd ACM Workshop on Assurable and Useable Security Configuration, pp. 37-44. , ACM AlEroud, A., Alsmadi, I., Identifying cyber-attacks on software defined networks: an inference-based intrusion detection approach (2017) J. Netw. Comput. Appl., 80, pp. 152-164 Ali, S.T., Sivaraman, V., Radford, A., Jha, S., A survey of securing networks using software defined networking (2015) IEEE Trans. Reliab., 64 (3), pp. 1086-1097 Alsmadi, I., Xu, D., Security of software defined networks: a survey (2015) Comput. Secur., 53, pp. 79-108 Banikazemi, M., Olshefski, D., Shaikh, A., Tracey, J., Wang, G., Meridian: an sdn platform for cloud network services (2013) IEEE Commun. Mag., 51 (2), pp. 120-127 Battula, L.R., Network security function virtualization(nsfv) towards cloud computing with nfv over openflow infrastructure: challenges and novel approaches (2014) 2014 International Conference on Advances in Computing, Communications and Informatics, pp. 1622-1628. , ICACCI Benton, K., Camp, L.J., Small, C., Openflow vulnerability assessment (2013) Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 151-152. , ACM Bernardo, D.V., Chua, B.B., Introduction and analysis of sdn and nfv security architecture (sn-seca) (2015) 2015 IEEE 29th International Conference on Advanced Information Networking and Applications, pp. 796-801 Bianco, A., Birke, R., Giraudo, L., Palacin, M., Openflow switching: data plane performance (2010) 2010 IEEE International Conference on Communications, pp. 1-5 Bifulco, R., Rtvri, G., A survey on the programmable data plane: abstractions architectures and open problems (2018) Proc. IEEE HPSR, , IEEE Braun, W., Menth, M., Software-defined networking using openflow: protocols, applications and architectural design choices (2014) Future Internet, 6 (2), pp. 302-336 Canini, M., Venzano, D., Peresini, P., Kostic, D., Rexford, J., A nice way to test openflow applications (2012) Proceedings of the 9th USENIX Symposium on Networked Systems Design and Implementation, , NSDI) Caprolu, M., Raponi, S., Di Pietro, R., Fortress: an efficient and distributed firewall for stateful data plane sdn, security and communication networks (2019) Chandrasekaran, B., Benson, T., Tolerating sdn application failures with legosdn (2014) Proceedings of the 13th ACM Workshop on Hot Topics in Networks, pp. 1-7. , ACM Cheminod, M., Durante, L., Seno, L., Valenza, F., Valenzano, A., Zunino, C., Leveraging sdn to improve security in industrial networks (2017) 2017 IEEE 13th International Workshop on Factory Communication Systems, pp. 1-7. , WFCS Chowdhary, A., Huang, D., Alshamrani, A., Sabur, A., Kang, M.H., Kim, A., Velazquez, A., (1811), Sdfw: Sdn-based stateful distributed firewall, CoRR abs/1811.00634. arXiv00634. URL Chung, C.-J., Khatkar, P., Xing, T., Lee, J., Huang, D., Nice: network intrusion detection and countermeasure selection in virtual network systems (2013) IEEE Trans. Dependable Secure Comput., 10 (4), pp. 198-211 Conti, M., De Gaspari, F., Mancini, L.V., Know your enemy: stealth configuration-information gathering in sdn (2017) International Conference on Green, Pervasive, and Cloud Computing, pp. 386-401. , Springer Conti, M., Gaspari, F.D., Mancini, L.V., A novel stealthy attack to gather sdn configuration-information (2018) IEEE Trans. Emerg. Top. Comput., pp. 1-12 Coughlin, M., A Survey of Sdn Security Research (2014), University of Colorado Boulder Cox, J.H., Clark, R., Owen, H., Leveraging sdn and webrtc for rogue access point security (2017) IEEE Trans. Netw. Serv. Manag., 14 (3), pp. 756-770 da Silva, A.S., Smith, P., Mauthe, A., Schaeffer-Filho, A., Resilience support in software-defined networking: a survey (2015) Comput. Network., 92, pp. 189-207 Dacier, M., Dietrich, S., Kargl, F., Knig, H., Network attack detection and defense: security challenges and opportunities of software-defined networking (2016) Dagstuhl Rep., 6 (9), pp. 1-28 Dacier, M.C., Knig, H., Cwalinski, R., Kargl, F., Dietrich, S., Security challenges and opportunities of software-defined networking (2017) IEEE Secur. Priv., 15 (2), pp. 96-100 Deng, J., Hu, H., Li, H., Pan, Z., Wang, K.C., Ahn, G.J., Bi, J., Park, Y., Vnguard: an nfv/sdn combination framework for provisioning and managing virtual firewalls (2015) 2015 IEEE Conference on Network Function Virtualization and Software Defined Network (NFV-SDN), pp. 107-114 Deng, S., Gao, X., Lu, Z., Gao, X., Packet injection attack and its defense in software-defined networks (2018) IEEE Trans. Inf. Forensics Secur., 13 (3), pp. 695-705 Dhawan, M., Poddar, R., Mahajan, K., Mann, V., Sphinx: detecting security attacks in software-defined networks (2015) Proceedings of the 2015 Network and Distributed System Security (NDSS) Symposium Dong, P., Du, X., Zhang, H., Xu, T., A detection method for a novel ddos attack against sdn controllers by vast new low-traffic flows (2016) 2016 IEEE International Conference on Communications, pp. 1-6. , ICC Dover, J.M., A Denial of Service Attack against the Open Floodlight Sdn Controller (2013) Dover, J.M., A Switch Table Vulnerability in the Open Floodlight Sdn Controller (2014) Farhady, H., Lee, H., Nakao, A., Software-defined networking: a survey (2015) Comput. Network., 81, pp. 79-95 Feamster, N., Rexford, J., Zegura, E., The road to sdn (2013) Queue, 11 (12), p. 20 Fernandez, M.P., Comparing openflow controller paradigms scalability: reactive and proactive (2013) 2013 IEEE 27th International Conference on Advanced Information Networking and Applications, pp. 1009-1016. , AINA) Fonseca, P., Bennesby, R., Mota, E., Passito, A., A replication component for resilient openflow-based networking (2012) 2012 IEEE Network Operations and Management Symposium, pp. 933-939 Foster, N., Harrison, R., Freedman, M.J., Monsanto, C., Rexford, J., Story, A., Walker, D., Frenetic: a network programming language (2011) ACM Sigplan Not., 46 (9), pp. 279-291 Fundation, O.N., Software-defined networking: the new norm for networks (2012) ONF White Paper, 2, pp. 2-6 Gray, N., Zinner, T., Tran-Gia, P., Enhancing sdn security by device fingerprinting (2017) 2017 IFIP/IEEE Symposium on Integrated Network and Service Management, pp. 879-880. , IM Haleplidis, E., Salim, J.H., Halpern, J.M., Hares, S., Pentikousis, K., Ogawa, K., Wang, W., Koufopavlou, O., Network programmability with forces (2015) IEEE Commun. Surv. Tutor., 17 (3), pp. 1423-1440 Hinrichs, T., Mitchell, J., Gude, N., Shenker, S., Casado, M., Expressing and Enforcing Flow-Based Network Security Policies (2008), Tech. rep University of Chicago Hizver, J., Taxonomic modeling of security threats in software defined networking (2015) Proceedings of BlackHat Conference 2015, pp. 1-16 Hogg, S., Sdn Security Attack Vectors and Sdn Hardening: Securing Sdn Deployments Right from the Start (2014) Hong, S., Xu, L., Wang, H., Gu, G., Poisoning network visibility in software-defined networks: new attacks and countermeasures (2015) Proceedings of the 2015 Network and Distributed System Security Symposium (NDSS), 15, pp. 8-11 Hu, H., Han, W., Ahn, G.-J., Zhao, Z., Flowguard: building robust firewalls for software-defined networks (2014) Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, pp. 97-102. , ACM Hu, F., Hao, Q., Bao, K., A survey on software-defined network and openflow: from concept to implementation (2014) IEEE Commun. Surv. Tutor., 16 (4), pp. 2181-2206 Hu, Z., Wang, M., Yan, X., Yin, Y., Luo, Z., A comprehensive security architecture for sdn (2015) 2015 18th International Conference on Intelligence in Next Generation Networks, pp. 30-37 Hussein, A., Elhajj, I.H., Chehab, A., Kayssi, A., Sdn security plane: an architecture for resilient security services (2016) 2016 IEEE International Conference on Cloud Engineering Workshop, pp. 54-59. , IC2EW Hwang, R.-H., Nguyen, V.-L., Lin, P.-C., Statefit: a security framework for sdn programmable data plane model (2018) 2018 15th International Symposium on Pervasive Systems, Algorithms and Networks (I-SPAN), pp. 168-173. , IEEE Hyun, S., Kim, J., Kim, H., Jeong, J., Hares, S., Dunbar, L., Farrel, A., Interface to network security functions for cloud-based security services (2018) IEEE Commun. Mag., 56 (1), pp. 171-178 Jain, R., Paul, S., Network virtualization and software defined networking for cloud computing: a survey (2013) IEEE Commun. Mag., 51 (11), pp. 24-31 Jarraya, Y., Madi, T., Debbabi, M., A survey and a layered taxonomy of software-defined networking (2014) IEEE Commun. Surv. Tutor., 16 (4), pp. 1955-1980 Jarschel, M., Oechsner, S., Schlosser, D., Pries, R., Goll, S., Tran-Gia, P., Modeling and performance evaluation of an openflow architecture (2011) Proceedings of the 23rd International Teletraffic Congress, International Teletraffic Congress, pp. 1-7 Jo, H., Nam, J., Shin, S., Nosarmor: Building a Secure Network Operating System, Security and Communication Networks (2018) Jouini, M., Rabai, L.B.A., Aissa, A.B., Classification of security threats in information systems (2014) Procedia Comput. Sci., 32, pp. 489-496 Jouini, M., Rabai, L.B.A., Aissa, A.B., Classification of security threats in information systems (2014) Procedia Comput. Sci., 32, pp. 489-496 Kaur, S., Singh, J., Ghumman, N.S., Network programmability using pox controller (2014) ICCCS International Conference on Communication, Computing & Systems, IEEE, 138 Kendall, K.K.R., A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems (1999), Ph.D. thesis Massachusetts Institute of Technology Khan, S., Gani, A., Wahab, A.W.A., Abdelaziz, A., Ko, K., Khan, M.K., Guizani, M., Software-defined network forensics: motivation, potential locations, requirements, and challenges (2016) IEEE Network, 30 (6), pp. 6-13 Khurshid, A., Zhou, W., Caesar, M., Godfrey, P., Veriflow: verifying network-wide invariants in real time (2012) Proceedings of the First Workshop on Hot Topics in Software Defined Networks, pp. 49-54. , ACM Kim, H., Feamster, N., Improving network management with software defined networking (2013) IEEE Commun. Mag., 51 (2), pp. 114-119 Kreutz, D., Ramos, F., Verissimo, P., Towards secure and dependable software-defined networks (2013) Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 55-60. , ACM Kreutz, D., Ramos, F.M.V., Verssimo, P.E., Rothenberg, C.E., Azodolmolky, S., Uhlig, S., Software-defined networking: a comprehensive survey (2015) Proc. IEEE, 103 (1), pp. 14-76 Kreutz, D., Verssimo, P.J.E., Magalhaes, C., Ramos, F.M.V., The kiss principle in software-defined networking: a framework for secure communications (2018) IEEE Secur. Priv., 16 (5), pp. 60-70 Lara, A., Kolasani, A., Ramamurthy, B., Network innovation using openflow: a survey (2014) IEEE Commun. Surv. Tutor., 16 (1), pp. 493-512 Lara, A., Kolasani, A., Ramamurthy, B., Network innovation using openflow: a survey (2014) IEEE Commun. Surv. Tutor., 16 (1), pp. 493-512 Le, A., Dinh, P., Le, H., Tran, N.C., Flexible network-based intrusion detection and prevention system on software-defined networks (2015) 2015 International Conference on Advanced Computing and Applications, pp. 106-111. , ACOMP Lee, W., Kim, N., Security policy scheme for an efficient security architecture in software-defined networking (2017) Information, 8 (2), p. 65 Lee, S., Kim, J., Shin, S., Porras, P., Yegneswaran, V., Athena: a framework for scalable anomaly detection in software-defined networks (2017) 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 249-260. , DSN Lee, S., Yoon, C., Lee, C., Shin, S., Yegneswaran, V., Porras, P., Delta: a security assessment framework for software-defined networks (2017) Proceedings of the 2017 Network and Distributed System Security (NDSS) Symposium, 17 Leng, J., Zhou, Y., Zhang, J., Tang, Y., Chen, K., Exploiting the Vulnerability of Flow Table Overflow in Software-Defined Network: Attack Model, Evaluation, and Defense, Security and Communication Networks (2018) Li, C.-S., Liao, W., Software defined networks (2013) IEEE Commun. Mag., 51 (2). , 113113 Lin, Z., Tao, D., Wang, Z., Dynamic construction scheme for virtualization security service in software-defined networks (2017) Sensors, 17 (4), p. 920 Lindqvist, U., Jonsson, E., How to systematically classify computer security intrusions (1997) Proceedings. 1997 IEEE Symposium on Security and Privacy, pp. 154-163. , IEEE Cat. No. 97CB36097 Liyanage, M., Ylianttila, M., Gurtov, A., Securing the control channel of software-defined mobile networks (2014) Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014, pp. 1-6 Loch, K.D., Carr, H.H., Warkentin, M.E., Threats to information systems: today's reality, yesterday's understanding (1992) MIS Q., 16 (2), pp. 173-186 Lorenz, C., Hock, D., Scherer, J., Durner, R., Kellerer, W., Gebert, S., Gray, N., Tran-Gia, P., An sdn/nfv-enabled enterprise network architecture offering fine-grained security policy enforcement (2017) IEEE Commun. Mag., 55 (3), pp. 217-223 Matias, J., Garay, J., Toledo, N., Unzilla, J., Jacob, E., Toward an sdn-enabled nfv architecture (2015) IEEE Commun. Mag., 53 (4), pp. 187-193 Mattos, D.M.F., Duarte, O.C.M.B., Authflow: authentication and access control mechanism for software defined networking (2016) Ann. Telecommun., 71 (1112), pp. 607-615 McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., Turner, J., Openflow: enabling innovation in campus networks (2008) Comput. Commun. Rev., 38 (2), pp. 69-74 Nguyen, T.-H., Yoo, M., Analysis of link discovery service attacks in sdn controller (2017) 2017 International Conference on Information Networking, pp. 259-261. , ICOIN Nunes, B.A.A., Mendonca, M., Nguyen, X.N., Obraczka, K., Turletti, T., A survey of software-defined networking: past, present, and future of programmable networks (2014) IEEE Commun. Surv. Tutor., 16 (3), pp. 1617-1634 Oehlert, P., Violating assumptions with fuzzing (2005) IEEE Secur. Priv., 3 (2), pp. 58-62 Omnes, N., Bouillon, M., Fromentoux, G., Grand, O.L., A programmable and virtualized network it infrastructure for the internet of things: how can nfv sdn help for facing the upcoming challenges (2015) 2015 18th International Conference on Intelligence in Next Generation Networks, pp. 64-69 Ordonez-Lucena, J., Ameigeiras, P., Lopez, D., Ramos-Munoz, J.J., Lorca, J., Folgueira, J., Network slicing for 5g with sdn/nfv: concepts, architectures, and challenges (2017) IEEE Commun. Mag., 55 (5), pp. 80-87 Pfaff, B., Lantz, B., Heller, B., Openflow Switch Specification (2014) Pontarelli, S., Bonola, M., Bianchi, G., Smashing sdn built-in actions: programmable data plane packet manipulation in hardware (2017) 2017 IEEE Conference on Network Softwarization (NetSoft), pp. 1-9. , IEEE Porras, P., Shin, S., Yegneswaran, V., Fong, M., Tyson, M., Gu, G., A security enforcement kernel for openflow networks (2012) Proceedings of the First Workshop on Hot Topics in Software Defined Networks, pp. 121-126. , ACM Porras, P.A., Cheung, S., Fong, M.W., Skinner, K., Yegneswaran, V., Securing the software defined network control layer (2015) Proceedings of the 2015 Network and Distributed System Security Symposium (NDSS), pp. 1-15. , Internet Society Qiu, X., Zhang, K., Ren, Q., Global flow table: a convincing mechanism for security operations in sdn (2017) Comput. Network., 120, pp. 56-70 Ranjbar, A., Komu, M., Salmela, P., Aura, T., An sdn-based approach to enhance the end-to-end security: ssl/tls case study (2016) NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium, pp. 281-288 Rawat, D.B., Reddy, S.R., Software defined networking architecture, security and energy efficiency: a survey (2017) IEEE Commun. Surv. Tutor., 19 (1), pp. 325-346 Rpke, C., Sdn Malware: Problems of Current Protection Systems and Potential Countermeasures (2016), Sicherheit Sicherheit, Schutz und Zuverlssigkeit Rpke, C., Holz, T., Sdn rootkits: subverting network operating systems of software-defined networks (2015) International Workshop on Recent Advances in Intrusion Detection, pp. 339-356. , Springer Sahay, R., Blanc, G., Zhang, Z., Toumi, K., Debar, H., Adaptive policy-driven attack mitigation in sdn (2017) Proceedings of the 1st International Workshop on Security and Dependability of Multi-Domain Infrastructures, p. 4. , ACM Sama, M.R., Said, S.B.H., Guillouard, K., Suciu, L., Enabling network programmability in lte/epc architecture using openflow (2014) 2014 12th International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks, pp. 389-396. , WiOpt Schehlmann, L., Abt, S., Baier, H., Blessing or curse? revisiting security aspects of software-defined networking (2014) 10th International Conference on Network and Service Management (CNSM) and Workshop, pp. 382-387 Scott-Hayward, S., Design and deployment of secure, robust, and resilient sdn controllers (2015) Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft), pp. 1-5 Scott-Hayward, S., O'Callaghan, G., Sezer, S., Sdn security: a survey (2013) 2013 IEEE SDN for Future Networks and Services (SDN4FNS), pp. 1-7 Scott-Hayward, S., Natarajan, S., Sezer, S., A survey of security in software defined networks (2016) IEEE Commun. Surv. Tutor., 18 (1), pp. 623-654 Sezer, S., Scott-Hayward, S., Chouhan, P.K., Fraser, B., Lake, D., Finnegan, J., Viljoen, N., Rao, N., Are we ready for sdn? implementation challenges for software-defined networks (2013) IEEE Commun. Mag., 51 (7), pp. 36-43 Shaghaghi, A., Kafar, M.A., Buyya, R., Jha, S., (1804), Software-defined network (SDN) data plane security: Issues, solutions and future directions, CoRR abs/1804.00262. arXiv00262. URL Shin, S., Yegneswaran, V., Porras, P., Gu, G., Avant-guard: scalable and vigilant switch flow management in software-defined networks (2013) Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 413-424. , ACM Shin, S., Porras, P.A., Yegneswaran, V., Fong, M.W., Gu, G., Tyson, M., Fresco: modular composable security services for software-defined networks (2013) Proceedings of the 2013 Network and Distributed System Security Symposium (NDSS), , Internet Society Shin, S., Song, Y., Lee, T., Lee, S., Chung, J., Porras, P., Yegneswaran, V., Kang, B.B., Rosemary: a robust, secure, and high-performance network operating system (2014) Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 78-89. , ACM Shin, S., Xu, L., Hong, S., Gu, G., Enhancing network security through software defined networking (sdn) (2016) 2016 25th International Conference on Computer Communication and Networks, pp. 1-9. , ICCCN Shu, Z., Wan, J., Li, D., Lin, J., Vasilakos, A.V., Imran, M., Security in software-defined networking: threats and countermeasures (2016) Mobile Network. Appl., 21 (5), pp. 764-776 Simmons, C., Ellis, C., Shiva, S., Dasgupta, D., Wu, Q., Avoidit: a cyber attack taxonomy (2014) 9th Annual Symposium on Information Assurance, pp. 2-12. , ASIA14 Skowyra, R.W., Lapets, A., Bestavros, A., Kfoury, A., Verifiably-safe software-defined networks for cps (2013) Proceedings of the 2nd ACM International Conference on High Confidence Networked Systems, pp. 101-110. , ACM Sloan, R.H., Warner, R., Unauthorized Access: the Crisis in Online Privacy and Security (2013), CRC press Stallings, W., Software-defined networks and openflow (2013) Inter. Protocol J., 16 (1), pp. 2-14 Tantar, E., Tantar, A.-A., Kantor, M., Engel, T., On using cognition for anomaly detection in sdn (2018) EVOLVE-A Bridge between Probability, Set Oriented Numerics, and Evolutionary Computation VI, pp. 67-81. , Springer Tootoonchian, A., Gorbunov, S., Ganjali, Y., Casado, M., Sherwood, R., (2012) On controller performance in software-defined networks., Hot-ICE, 12, pp. 1-6 Toseef, U., Zaalouk, A., Rothe, T., Broadbent, M., Pentikousis, K., C-bas: certificate-based aaa for sdn experimental facilities (2014) 2014 Third European Workshop on Software Defined Networks (EWSDN), pp. 91-96. , IEEE Van der Merwe, J., Kalmanek, C., Network programmability is the answer (2007) Workshop on Programmable Routers for the Extensible Services of Tomorrow (PRESTO 2007), Princeton, NJ Vaughan-Nichols, S.J., Openflow: the next generation of the network? (2011) Computer, 44 (8), pp. 13-15 Wen, X., Chen, Y., Hu, C., Shi, C., Wang, Y., Towards a secure controller platform for openflow applications (2013) Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 171-172. , ACM Wrona, K., Oudkerk, S., Szwaczyk, S., Amanowicz, M., Content-based security and protected core networking with software-defined networks (2016) IEEE Commun. Mag., 54 (10), pp. 138-144 Wrona, K., Amanowicz, M., Szwaczyk, S., Gierowski, K., Sdn testbed for validation of cross-layer data-centric security policies (2017) 2017 International Conference on Military Communications and Information Systems, pp. 1-6. , ICMCIS Xing, T., Huang, D., Xu, L., Chung, C.J., Khatkar, P., Snortflow: a openflow-based intrusion prevention system in cloud environment (2013) 2013 Second GENI Research and Educational Experiment Workshop, pp. 89-92 Yan, Z., Zhang, P., Vasilakos, A.V., A security and trust framework for virtualized networks and software-defined networking (2016) Secur. Commun. Network., 9 (16), pp. 3059-3069 Yoon, C., Lee, S., Kang, H., Park, T., Shin, S., Yegneswaran, V., Porras, P., Gu, G., Flow wars: systemizing the attack surface and defenses in software-defined networks (2017) IEEE/ACM Trans. Netw., 25 (6), pp. 3514-3530 Yoon, C., Shin, S., Porras, P., Yegneswaran, V., Kang, H., Fong, M., O'Connor, B., Vachuska, T., A security-mode for carrier-grade sdn controllers (2017) Proceedings of the 33rd Annual Computer Security Applications Conference, pp. 461-473. , ACM Zhang, S.-H., Meng, X.-X., Wang, L.-H., Sdnforensics: a comprehensive forensics framework for software defined network (2017) Development, 3 (4), p. 5
dc.rights.coar.fl_str_mv	http://purl.org/coar/access_right/c_16ec
rights_invalid_str_mv	http://purl.org/coar/access_right/c_16ec
dc.publisher.none.fl_str_mv	Academic Press
dc.publisher.program.none.fl_str_mv	Ingeniería de Sistemas
dc.publisher.faculty.none.fl_str_mv	Facultad de Ingenierías
publisher.none.fl_str_mv	Academic Press
dc.source.none.fl_str_mv	Journal of Network and Computer Applications
institution	Universidad de Medellín
repository.name.fl_str_mv	Repositorio Institucional Universidad de Medellin
repository.mail.fl_str_mv	repositorio@udem.edu.co
_version_	1808481170149605376
spelling	20202020-04-29T14:53:51Z2020-04-29T14:53:51Z10848045http://hdl.handle.net/11407/574310.1016/j.jnca.2020.102595Software Defined Networking (SDN) is a revolutionary paradigm that is maturing along with other network technologies in the next-gen trend. The separation of control and data planes in SDN enables the emergence of novel network features like centralized flow management and network programmability that encourage the introduction of new and enhanced network functions in order to improve prominent network deployment aspects such as flexibility, scalability, network-wide visibility and cost-effectiveness. Although SDN exhibits a rapid evolution that is shaping this technology as a key enabler for future implementations in heterogeneous network scenarios, namely, datacenters, ISPs, corporate, academic and home; the technology is far from being considered secure and dependable to this day which inhibits its agile adoption. In recent years, the scientific community has been attracted to explore the field of SDN security to close the gap to SDN adoption. A twofold research context has been identified: on the one hand, leveraging SDN features to enhance security; while on the other hand one can find the pursue of a secure SDN system architecture. This article includes a description of security threats that menace SDN and a list of attacks that take advantage of vulnerabilities and misconfigurations in SDN constitutive elements. Accordingly, a discussion emphasizing the duality SDN-for-security and SDN-security is also presented. A comprehensive review of state-of-the art is accompanied by a categorization of the current research literature in a taxonomy that highlights the main characteristics and contributions of each proposal. Finally, the identified urgent needs and less explored topics are used to outline the opportunities and future challenges in the field of SDN security. © 2020 Elsevier LtdengAcademic PressIngeniería de SistemasFacultad de Ingenieríashttps://www.scopus.com/inward/record.uri?eid=2-s2.0-85082809201&doi=10.1016%2fj.jnca.2020.102595&partnerID=40&md5=c656cfb5552b37d3391464f8233a240c159Abubakar, A., Pranggono, B., Machine learning based intrusion detection system for software defined networks (2017) 2017 Seventh International Conference on Emerging Security Technologies, pp. 138-143. , ESTAhmad, I., Namal, S., Ylianttila, M., Gurtov, A., Security in software defined networks: a survey (2015) IEEE Commun. Surv. Tutor., 17 (4), pp. 2317-2346Ajaeiya, G.A., Adalian, N., Elhajj, I.H., Kayssi, A., Chehab, A., Flow-based intrusion detection system for sdn (2017) 2017 IEEE Symposium on Computers and Communications, pp. 787-793. , ISCCAkhunzada, A., Ahmed, E., Gani, A., Khan, M.K., Imran, M., Guizani, S., Securing software defined networks: taxonomy, requirements, and open issues (2015) IEEE Commun. Mag., 53 (4), pp. 36-44Akhunzada, A., Gani, A., Anuar, N.B., Abdelaziz, A., Khan, M.K., Hayat, A., Khan, S.U., Secure and dependable software defined networks (2016) J. Netw. Comput. Appl., 61, pp. 199-221Al-Shaer, E., Al-Haj, S., Flowchecker: configuration analysis and verification of federated openflow infrastructures (2010) Proceedings of the 3rd ACM Workshop on Assurable and Useable Security Configuration, pp. 37-44. , ACMAlEroud, A., Alsmadi, I., Identifying cyber-attacks on software defined networks: an inference-based intrusion detection approach (2017) J. Netw. Comput. Appl., 80, pp. 152-164Ali, S.T., Sivaraman, V., Radford, A., Jha, S., A survey of securing networks using software defined networking (2015) IEEE Trans. Reliab., 64 (3), pp. 1086-1097Alsmadi, I., Xu, D., Security of software defined networks: a survey (2015) Comput. Secur., 53, pp. 79-108Banikazemi, M., Olshefski, D., Shaikh, A., Tracey, J., Wang, G., Meridian: an sdn platform for cloud network services (2013) IEEE Commun. Mag., 51 (2), pp. 120-127Battula, L.R., Network security function virtualization(nsfv) towards cloud computing with nfv over openflow infrastructure: challenges and novel approaches (2014) 2014 International Conference on Advances in Computing, Communications and Informatics, pp. 1622-1628. , ICACCIBenton, K., Camp, L.J., Small, C., Openflow vulnerability assessment (2013) Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 151-152. , ACMBernardo, D.V., Chua, B.B., Introduction and analysis of sdn and nfv security architecture (sn-seca) (2015) 2015 IEEE 29th International Conference on Advanced Information Networking and Applications, pp. 796-801Bianco, A., Birke, R., Giraudo, L., Palacin, M., Openflow switching: data plane performance (2010) 2010 IEEE International Conference on Communications, pp. 1-5Bifulco, R., Rtvri, G., A survey on the programmable data plane: abstractions architectures and open problems (2018) Proc. IEEE HPSR, , IEEEBraun, W., Menth, M., Software-defined networking using openflow: protocols, applications and architectural design choices (2014) Future Internet, 6 (2), pp. 302-336Canini, M., Venzano, D., Peresini, P., Kostic, D., Rexford, J., A nice way to test openflow applications (2012) Proceedings of the 9th USENIX Symposium on Networked Systems Design and Implementation, , NSDI)Caprolu, M., Raponi, S., Di Pietro, R., Fortress: an efficient and distributed firewall for stateful data plane sdn, security and communication networks (2019)Chandrasekaran, B., Benson, T., Tolerating sdn application failures with legosdn (2014) Proceedings of the 13th ACM Workshop on Hot Topics in Networks, pp. 1-7. , ACMCheminod, M., Durante, L., Seno, L., Valenza, F., Valenzano, A., Zunino, C., Leveraging sdn to improve security in industrial networks (2017) 2017 IEEE 13th International Workshop on Factory Communication Systems, pp. 1-7. , WFCSChowdhary, A., Huang, D., Alshamrani, A., Sabur, A., Kang, M.H., Kim, A., Velazquez, A., (1811), Sdfw: Sdn-based stateful distributed firewall, CoRR abs/1811.00634. arXiv00634. URLChung, C.-J., Khatkar, P., Xing, T., Lee, J., Huang, D., Nice: network intrusion detection and countermeasure selection in virtual network systems (2013) IEEE Trans. Dependable Secure Comput., 10 (4), pp. 198-211Conti, M., De Gaspari, F., Mancini, L.V., Know your enemy: stealth configuration-information gathering in sdn (2017) International Conference on Green, Pervasive, and Cloud Computing, pp. 386-401. , SpringerConti, M., Gaspari, F.D., Mancini, L.V., A novel stealthy attack to gather sdn configuration-information (2018) IEEE Trans. Emerg. Top. Comput., pp. 1-12Coughlin, M., A Survey of Sdn Security Research (2014), University of Colorado BoulderCox, J.H., Clark, R., Owen, H., Leveraging sdn and webrtc for rogue access point security (2017) IEEE Trans. Netw. Serv. Manag., 14 (3), pp. 756-770da Silva, A.S., Smith, P., Mauthe, A., Schaeffer-Filho, A., Resilience support in software-defined networking: a survey (2015) Comput. Network., 92, pp. 189-207Dacier, M., Dietrich, S., Kargl, F., Knig, H., Network attack detection and defense: security challenges and opportunities of software-defined networking (2016) Dagstuhl Rep., 6 (9), pp. 1-28Dacier, M.C., Knig, H., Cwalinski, R., Kargl, F., Dietrich, S., Security challenges and opportunities of software-defined networking (2017) IEEE Secur. Priv., 15 (2), pp. 96-100Deng, J., Hu, H., Li, H., Pan, Z., Wang, K.C., Ahn, G.J., Bi, J., Park, Y., Vnguard: an nfv/sdn combination framework for provisioning and managing virtual firewalls (2015) 2015 IEEE Conference on Network Function Virtualization and Software Defined Network (NFV-SDN), pp. 107-114Deng, S., Gao, X., Lu, Z., Gao, X., Packet injection attack and its defense in software-defined networks (2018) IEEE Trans. Inf. Forensics Secur., 13 (3), pp. 695-705Dhawan, M., Poddar, R., Mahajan, K., Mann, V., Sphinx: detecting security attacks in software-defined networks (2015) Proceedings of the 2015 Network and Distributed System Security (NDSS) SymposiumDong, P., Du, X., Zhang, H., Xu, T., A detection method for a novel ddos attack against sdn controllers by vast new low-traffic flows (2016) 2016 IEEE International Conference on Communications, pp. 1-6. , ICCDover, J.M., A Denial of Service Attack against the Open Floodlight Sdn Controller (2013)Dover, J.M., A Switch Table Vulnerability in the Open Floodlight Sdn Controller (2014)Farhady, H., Lee, H., Nakao, A., Software-defined networking: a survey (2015) Comput. Network., 81, pp. 79-95Feamster, N., Rexford, J., Zegura, E., The road to sdn (2013) Queue, 11 (12), p. 20Fernandez, M.P., Comparing openflow controller paradigms scalability: reactive and proactive (2013) 2013 IEEE 27th International Conference on Advanced Information Networking and Applications, pp. 1009-1016. , AINA)Fonseca, P., Bennesby, R., Mota, E., Passito, A., A replication component for resilient openflow-based networking (2012) 2012 IEEE Network Operations and Management Symposium, pp. 933-939Foster, N., Harrison, R., Freedman, M.J., Monsanto, C., Rexford, J., Story, A., Walker, D., Frenetic: a network programming language (2011) ACM Sigplan Not., 46 (9), pp. 279-291Fundation, O.N., Software-defined networking: the new norm for networks (2012) ONF White Paper, 2, pp. 2-6Gray, N., Zinner, T., Tran-Gia, P., Enhancing sdn security by device fingerprinting (2017) 2017 IFIP/IEEE Symposium on Integrated Network and Service Management, pp. 879-880. , IMHaleplidis, E., Salim, J.H., Halpern, J.M., Hares, S., Pentikousis, K., Ogawa, K., Wang, W., Koufopavlou, O., Network programmability with forces (2015) IEEE Commun. Surv. Tutor., 17 (3), pp. 1423-1440Hinrichs, T., Mitchell, J., Gude, N., Shenker, S., Casado, M., Expressing and Enforcing Flow-Based Network Security Policies (2008), Tech. rep University of ChicagoHizver, J., Taxonomic modeling of security threats in software defined networking (2015) Proceedings of BlackHat Conference 2015, pp. 1-16Hogg, S., Sdn Security Attack Vectors and Sdn Hardening: Securing Sdn Deployments Right from the Start (2014)Hong, S., Xu, L., Wang, H., Gu, G., Poisoning network visibility in software-defined networks: new attacks and countermeasures (2015) Proceedings of the 2015 Network and Distributed System Security Symposium (NDSS), 15, pp. 8-11Hu, H., Han, W., Ahn, G.-J., Zhao, Z., Flowguard: building robust firewalls for software-defined networks (2014) Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, pp. 97-102. , ACMHu, F., Hao, Q., Bao, K., A survey on software-defined network and openflow: from concept to implementation (2014) IEEE Commun. Surv. Tutor., 16 (4), pp. 2181-2206Hu, Z., Wang, M., Yan, X., Yin, Y., Luo, Z., A comprehensive security architecture for sdn (2015) 2015 18th International Conference on Intelligence in Next Generation Networks, pp. 30-37Hussein, A., Elhajj, I.H., Chehab, A., Kayssi, A., Sdn security plane: an architecture for resilient security services (2016) 2016 IEEE International Conference on Cloud Engineering Workshop, pp. 54-59. , IC2EWHwang, R.-H., Nguyen, V.-L., Lin, P.-C., Statefit: a security framework for sdn programmable data plane model (2018) 2018 15th International Symposium on Pervasive Systems, Algorithms and Networks (I-SPAN), pp. 168-173. , IEEEHyun, S., Kim, J., Kim, H., Jeong, J., Hares, S., Dunbar, L., Farrel, A., Interface to network security functions for cloud-based security services (2018) IEEE Commun. Mag., 56 (1), pp. 171-178Jain, R., Paul, S., Network virtualization and software defined networking for cloud computing: a survey (2013) IEEE Commun. Mag., 51 (11), pp. 24-31Jarraya, Y., Madi, T., Debbabi, M., A survey and a layered taxonomy of software-defined networking (2014) IEEE Commun. Surv. Tutor., 16 (4), pp. 1955-1980Jarschel, M., Oechsner, S., Schlosser, D., Pries, R., Goll, S., Tran-Gia, P., Modeling and performance evaluation of an openflow architecture (2011) Proceedings of the 23rd International Teletraffic Congress, International Teletraffic Congress, pp. 1-7Jo, H., Nam, J., Shin, S., Nosarmor: Building a Secure Network Operating System, Security and Communication Networks (2018)Jouini, M., Rabai, L.B.A., Aissa, A.B., Classification of security threats in information systems (2014) Procedia Comput. Sci., 32, pp. 489-496Jouini, M., Rabai, L.B.A., Aissa, A.B., Classification of security threats in information systems (2014) Procedia Comput. Sci., 32, pp. 489-496Kaur, S., Singh, J., Ghumman, N.S., Network programmability using pox controller (2014) ICCCS International Conference on Communication, Computing & Systems, IEEE, 138Kendall, K.K.R., A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems (1999), Ph.D. thesis Massachusetts Institute of TechnologyKhan, S., Gani, A., Wahab, A.W.A., Abdelaziz, A., Ko, K., Khan, M.K., Guizani, M., Software-defined network forensics: motivation, potential locations, requirements, and challenges (2016) IEEE Network, 30 (6), pp. 6-13Khurshid, A., Zhou, W., Caesar, M., Godfrey, P., Veriflow: verifying network-wide invariants in real time (2012) Proceedings of the First Workshop on Hot Topics in Software Defined Networks, pp. 49-54. , ACMKim, H., Feamster, N., Improving network management with software defined networking (2013) IEEE Commun. Mag., 51 (2), pp. 114-119Kreutz, D., Ramos, F., Verissimo, P., Towards secure and dependable software-defined networks (2013) Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 55-60. , ACMKreutz, D., Ramos, F.M.V., Verssimo, P.E., Rothenberg, C.E., Azodolmolky, S., Uhlig, S., Software-defined networking: a comprehensive survey (2015) Proc. IEEE, 103 (1), pp. 14-76Kreutz, D., Verssimo, P.J.E., Magalhaes, C., Ramos, F.M.V., The kiss principle in software-defined networking: a framework for secure communications (2018) IEEE Secur. Priv., 16 (5), pp. 60-70Lara, A., Kolasani, A., Ramamurthy, B., Network innovation using openflow: a survey (2014) IEEE Commun. Surv. Tutor., 16 (1), pp. 493-512Lara, A., Kolasani, A., Ramamurthy, B., Network innovation using openflow: a survey (2014) IEEE Commun. Surv. Tutor., 16 (1), pp. 493-512Le, A., Dinh, P., Le, H., Tran, N.C., Flexible network-based intrusion detection and prevention system on software-defined networks (2015) 2015 International Conference on Advanced Computing and Applications, pp. 106-111. , ACOMPLee, W., Kim, N., Security policy scheme for an efficient security architecture in software-defined networking (2017) Information, 8 (2), p. 65Lee, S., Kim, J., Shin, S., Porras, P., Yegneswaran, V., Athena: a framework for scalable anomaly detection in software-defined networks (2017) 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 249-260. , DSNLee, S., Yoon, C., Lee, C., Shin, S., Yegneswaran, V., Porras, P., Delta: a security assessment framework for software-defined networks (2017) Proceedings of the 2017 Network and Distributed System Security (NDSS) Symposium, 17Leng, J., Zhou, Y., Zhang, J., Tang, Y., Chen, K., Exploiting the Vulnerability of Flow Table Overflow in Software-Defined Network: Attack Model, Evaluation, and Defense, Security and Communication Networks (2018)Li, C.-S., Liao, W., Software defined networks (2013) IEEE Commun. Mag., 51 (2). , 113113Lin, Z., Tao, D., Wang, Z., Dynamic construction scheme for virtualization security service in software-defined networks (2017) Sensors, 17 (4), p. 920Lindqvist, U., Jonsson, E., How to systematically classify computer security intrusions (1997) Proceedings. 1997 IEEE Symposium on Security and Privacy, pp. 154-163. , IEEE Cat. No. 97CB36097Liyanage, M., Ylianttila, M., Gurtov, A., Securing the control channel of software-defined mobile networks (2014) Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014, pp. 1-6Loch, K.D., Carr, H.H., Warkentin, M.E., Threats to information systems: today's reality, yesterday's understanding (1992) MIS Q., 16 (2), pp. 173-186Lorenz, C., Hock, D., Scherer, J., Durner, R., Kellerer, W., Gebert, S., Gray, N., Tran-Gia, P., An sdn/nfv-enabled enterprise network architecture offering fine-grained security policy enforcement (2017) IEEE Commun. Mag., 55 (3), pp. 217-223Matias, J., Garay, J., Toledo, N., Unzilla, J., Jacob, E., Toward an sdn-enabled nfv architecture (2015) IEEE Commun. Mag., 53 (4), pp. 187-193Mattos, D.M.F., Duarte, O.C.M.B., Authflow: authentication and access control mechanism for software defined networking (2016) Ann. Telecommun., 71 (1112), pp. 607-615McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., Turner, J., Openflow: enabling innovation in campus networks (2008) Comput. Commun. Rev., 38 (2), pp. 69-74Nguyen, T.-H., Yoo, M., Analysis of link discovery service attacks in sdn controller (2017) 2017 International Conference on Information Networking, pp. 259-261. , ICOINNunes, B.A.A., Mendonca, M., Nguyen, X.N., Obraczka, K., Turletti, T., A survey of software-defined networking: past, present, and future of programmable networks (2014) IEEE Commun. Surv. Tutor., 16 (3), pp. 1617-1634Oehlert, P., Violating assumptions with fuzzing (2005) IEEE Secur. Priv., 3 (2), pp. 58-62Omnes, N., Bouillon, M., Fromentoux, G., Grand, O.L., A programmable and virtualized network it infrastructure for the internet of things: how can nfv sdn help for facing the upcoming challenges (2015) 2015 18th International Conference on Intelligence in Next Generation Networks, pp. 64-69Ordonez-Lucena, J., Ameigeiras, P., Lopez, D., Ramos-Munoz, J.J., Lorca, J., Folgueira, J., Network slicing for 5g with sdn/nfv: concepts, architectures, and challenges (2017) IEEE Commun. Mag., 55 (5), pp. 80-87Pfaff, B., Lantz, B., Heller, B., Openflow Switch Specification (2014)Pontarelli, S., Bonola, M., Bianchi, G., Smashing sdn built-in actions: programmable data plane packet manipulation in hardware (2017) 2017 IEEE Conference on Network Softwarization (NetSoft), pp. 1-9. , IEEEPorras, P., Shin, S., Yegneswaran, V., Fong, M., Tyson, M., Gu, G., A security enforcement kernel for openflow networks (2012) Proceedings of the First Workshop on Hot Topics in Software Defined Networks, pp. 121-126. , ACMPorras, P.A., Cheung, S., Fong, M.W., Skinner, K., Yegneswaran, V., Securing the software defined network control layer (2015) Proceedings of the 2015 Network and Distributed System Security Symposium (NDSS), pp. 1-15. , Internet SocietyQiu, X., Zhang, K., Ren, Q., Global flow table: a convincing mechanism for security operations in sdn (2017) Comput. Network., 120, pp. 56-70Ranjbar, A., Komu, M., Salmela, P., Aura, T., An sdn-based approach to enhance the end-to-end security: ssl/tls case study (2016) NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium, pp. 281-288Rawat, D.B., Reddy, S.R., Software defined networking architecture, security and energy efficiency: a survey (2017) IEEE Commun. Surv. Tutor., 19 (1), pp. 325-346Rpke, C., Sdn Malware: Problems of Current Protection Systems and Potential Countermeasures (2016), Sicherheit Sicherheit, Schutz und ZuverlssigkeitRpke, C., Holz, T., Sdn rootkits: subverting network operating systems of software-defined networks (2015) International Workshop on Recent Advances in Intrusion Detection, pp. 339-356. , SpringerSahay, R., Blanc, G., Zhang, Z., Toumi, K., Debar, H., Adaptive policy-driven attack mitigation in sdn (2017) Proceedings of the 1st International Workshop on Security and Dependability of Multi-Domain Infrastructures, p. 4. , ACMSama, M.R., Said, S.B.H., Guillouard, K., Suciu, L., Enabling network programmability in lte/epc architecture using openflow (2014) 2014 12th International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks, pp. 389-396. , WiOptSchehlmann, L., Abt, S., Baier, H., Blessing or curse? revisiting security aspects of software-defined networking (2014) 10th International Conference on Network and Service Management (CNSM) and Workshop, pp. 382-387Scott-Hayward, S., Design and deployment of secure, robust, and resilient sdn controllers (2015) Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft), pp. 1-5Scott-Hayward, S., O'Callaghan, G., Sezer, S., Sdn security: a survey (2013) 2013 IEEE SDN for Future Networks and Services (SDN4FNS), pp. 1-7Scott-Hayward, S., Natarajan, S., Sezer, S., A survey of security in software defined networks (2016) IEEE Commun. Surv. Tutor., 18 (1), pp. 623-654Sezer, S., Scott-Hayward, S., Chouhan, P.K., Fraser, B., Lake, D., Finnegan, J., Viljoen, N., Rao, N., Are we ready for sdn? implementation challenges for software-defined networks (2013) IEEE Commun. Mag., 51 (7), pp. 36-43Shaghaghi, A., Kafar, M.A., Buyya, R., Jha, S., (1804), Software-defined network (SDN) data plane security: Issues, solutions and future directions, CoRR abs/1804.00262. arXiv00262. URLShin, S., Yegneswaran, V., Porras, P., Gu, G., Avant-guard: scalable and vigilant switch flow management in software-defined networks (2013) Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 413-424. , ACMShin, S., Porras, P.A., Yegneswaran, V., Fong, M.W., Gu, G., Tyson, M., Fresco: modular composable security services for software-defined networks (2013) Proceedings of the 2013 Network and Distributed System Security Symposium (NDSS), , Internet SocietyShin, S., Song, Y., Lee, T., Lee, S., Chung, J., Porras, P., Yegneswaran, V., Kang, B.B., Rosemary: a robust, secure, and high-performance network operating system (2014) Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 78-89. , ACMShin, S., Xu, L., Hong, S., Gu, G., Enhancing network security through software defined networking (sdn) (2016) 2016 25th International Conference on Computer Communication and Networks, pp. 1-9. , ICCCNShu, Z., Wan, J., Li, D., Lin, J., Vasilakos, A.V., Imran, M., Security in software-defined networking: threats and countermeasures (2016) Mobile Network. Appl., 21 (5), pp. 764-776Simmons, C., Ellis, C., Shiva, S., Dasgupta, D., Wu, Q., Avoidit: a cyber attack taxonomy (2014) 9th Annual Symposium on Information Assurance, pp. 2-12. , ASIA14Skowyra, R.W., Lapets, A., Bestavros, A., Kfoury, A., Verifiably-safe software-defined networks for cps (2013) Proceedings of the 2nd ACM International Conference on High Confidence Networked Systems, pp. 101-110. , ACMSloan, R.H., Warner, R., Unauthorized Access: the Crisis in Online Privacy and Security (2013), CRC pressStallings, W., Software-defined networks and openflow (2013) Inter. Protocol J., 16 (1), pp. 2-14Tantar, E., Tantar, A.-A., Kantor, M., Engel, T., On using cognition for anomaly detection in sdn (2018) EVOLVE-A Bridge between Probability, Set Oriented Numerics, and Evolutionary Computation VI, pp. 67-81. , SpringerTootoonchian, A., Gorbunov, S., Ganjali, Y., Casado, M., Sherwood, R., (2012) On controller performance in software-defined networks., Hot-ICE, 12, pp. 1-6Toseef, U., Zaalouk, A., Rothe, T., Broadbent, M., Pentikousis, K., C-bas: certificate-based aaa for sdn experimental facilities (2014) 2014 Third European Workshop on Software Defined Networks (EWSDN), pp. 91-96. , IEEEVan der Merwe, J., Kalmanek, C., Network programmability is the answer (2007) Workshop on Programmable Routers for the Extensible Services of Tomorrow (PRESTO 2007), Princeton, NJVaughan-Nichols, S.J., Openflow: the next generation of the network? (2011) Computer, 44 (8), pp. 13-15Wen, X., Chen, Y., Hu, C., Shi, C., Wang, Y., Towards a secure controller platform for openflow applications (2013) Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 171-172. , ACMWrona, K., Oudkerk, S., Szwaczyk, S., Amanowicz, M., Content-based security and protected core networking with software-defined networks (2016) IEEE Commun. Mag., 54 (10), pp. 138-144Wrona, K., Amanowicz, M., Szwaczyk, S., Gierowski, K., Sdn testbed for validation of cross-layer data-centric security policies (2017) 2017 International Conference on Military Communications and Information Systems, pp. 1-6. , ICMCISXing, T., Huang, D., Xu, L., Chung, C.J., Khatkar, P., Snortflow: a openflow-based intrusion prevention system in cloud environment (2013) 2013 Second GENI Research and Educational Experiment Workshop, pp. 89-92Yan, Z., Zhang, P., Vasilakos, A.V., A security and trust framework for virtualized networks and software-defined networking (2016) Secur. Commun. Network., 9 (16), pp. 3059-3069Yoon, C., Lee, S., Kang, H., Park, T., Shin, S., Yegneswaran, V., Porras, P., Gu, G., Flow wars: systemizing the attack surface and defenses in software-defined networks (2017) IEEE/ACM Trans. Netw., 25 (6), pp. 3514-3530Yoon, C., Shin, S., Porras, P., Yegneswaran, V., Kang, H., Fong, M., O'Connor, B., Vachuska, T., A security-mode for carrier-grade sdn controllers (2017) Proceedings of the 33rd Annual Computer Security Applications Conference, pp. 461-473. , ACMZhang, S.-H., Meng, X.-X., Wang, L.-H., Sdnforensics: a comprehensive forensics framework for software defined network (2017) Development, 3 (4), p. 5Journal of Network and Computer ApplicationsAttack detectionForensicsNetwork applicationsNetwork monitoringNetwork securityOpenflowProgrammable networksSecurity threatsSoftware defined networkingThreats mitigationTraffic inspectionVirtualized network functionsVulnerabilitiesApplication programsCost effectivenessHeterogeneous networksInformation managementNetwork function virtualizationSecurity systemsSoftware defined networkingTransfer functionsAttack detectionForensicsNetwork applicationsNetwork functionsNetwork MonitoringOpenflowProgrammable networkSecurity threatsThreats mitigationsVulnerabilitiesNetwork securitySecurity in SDN: A comprehensive surveyReviewinfo:eu-repo/semantics/articlehttp://purl.org/coar/version/c_970fb48d4fbd8a85http://purl.org/coar/resource_type/c_2df8fbb1Correa Chica, J.C., Universidad de Antioquia and Instituto Tecnológico Metropolitano de Medellín, Universidad de Medellín, Universidad de Antioquia Calle, 67 # 53 108, Medellín, Colombia; Imbachi, J.C., Universidad de Antioquia and Instituto Tecnológico Metropolitano de Medellín, Universidad de Medellín, Universidad de Antioquia Calle, 67 # 53 108, Medellín, Colombia; Botero Vega, J.F., Universidad de Antioquia and Instituto Tecnológico Metropolitano de Medellín, Universidad de Medellín, Universidad de Antioquia Calle, 67 # 53 108, Medellín, Colombiahttp://purl.org/coar/access_right/c_16ecCorrea Chica J.C.Imbachi J.C.Botero Vega J.F.11407/5743oai:repository.udem.edu.co:11407/57432020-05-27 17:43:13.556Repositorio Institucional Universidad de Medellinrepositorio@udem.edu.co

Security in SDN: A comprehensive survey

Publicaciones similares