Security in SDN: A comprehensive survey

Software Defined Networking (SDN) is a revolutionary paradigm that is maturing along with other network technologies in the next-gen trend. The separation of control and data planes in SDN enables the emergence of novel network features like centralized flow management and network programmability th...

Full description

Autores:
Tipo de recurso:
Fecha de publicación:
2020
Institución:
Universidad de Medellín
Repositorio:
Repositorio UDEM
Idioma:
eng
OAI Identifier:
oai:repository.udem.edu.co:11407/5743
Acceso en línea:
http://hdl.handle.net/11407/5743
Palabra clave:
Attack detection
Forensics
Network applications
Network monitoring
Network security
Openflow
Programmable networks
Security threats
Software defined networking
Threats mitigation
Traffic inspection
Virtualized network functions
Vulnerabilities
Application programs
Cost effectiveness
Heterogeneous networks
Information management
Network function virtualization
Security systems
Software defined networking
Transfer functions
Attack detection
Forensics
Network applications
Network functions
Network Monitoring
Openflow
Programmable network
Security threats
Threats mitigations
Vulnerabilities
Network security
Rights
License
http://purl.org/coar/access_right/c_16ec
id REPOUDEM2_0133187cf61848599d77294b2a67f2c4
oai_identifier_str oai:repository.udem.edu.co:11407/5743
network_acronym_str REPOUDEM2
network_name_str Repositorio UDEM
repository_id_str
dc.title.none.fl_str_mv Security in SDN: A comprehensive survey
title Security in SDN: A comprehensive survey
spellingShingle Security in SDN: A comprehensive survey
Attack detection
Forensics
Network applications
Network monitoring
Network security
Openflow
Programmable networks
Security threats
Software defined networking
Threats mitigation
Traffic inspection
Virtualized network functions
Vulnerabilities
Application programs
Cost effectiveness
Heterogeneous networks
Information management
Network function virtualization
Security systems
Software defined networking
Transfer functions
Attack detection
Forensics
Network applications
Network functions
Network Monitoring
Openflow
Programmable network
Security threats
Threats mitigations
Vulnerabilities
Network security
title_short Security in SDN: A comprehensive survey
title_full Security in SDN: A comprehensive survey
title_fullStr Security in SDN: A comprehensive survey
title_full_unstemmed Security in SDN: A comprehensive survey
title_sort Security in SDN: A comprehensive survey
dc.subject.none.fl_str_mv Attack detection
Forensics
Network applications
Network monitoring
Network security
Openflow
Programmable networks
Security threats
Software defined networking
Threats mitigation
Traffic inspection
Virtualized network functions
Vulnerabilities
Application programs
Cost effectiveness
Heterogeneous networks
Information management
Network function virtualization
Security systems
Software defined networking
Transfer functions
Attack detection
Forensics
Network applications
Network functions
Network Monitoring
Openflow
Programmable network
Security threats
Threats mitigations
Vulnerabilities
Network security
topic Attack detection
Forensics
Network applications
Network monitoring
Network security
Openflow
Programmable networks
Security threats
Software defined networking
Threats mitigation
Traffic inspection
Virtualized network functions
Vulnerabilities
Application programs
Cost effectiveness
Heterogeneous networks
Information management
Network function virtualization
Security systems
Software defined networking
Transfer functions
Attack detection
Forensics
Network applications
Network functions
Network Monitoring
Openflow
Programmable network
Security threats
Threats mitigations
Vulnerabilities
Network security
description Software Defined Networking (SDN) is a revolutionary paradigm that is maturing along with other network technologies in the next-gen trend. The separation of control and data planes in SDN enables the emergence of novel network features like centralized flow management and network programmability that encourage the introduction of new and enhanced network functions in order to improve prominent network deployment aspects such as flexibility, scalability, network-wide visibility and cost-effectiveness. Although SDN exhibits a rapid evolution that is shaping this technology as a key enabler for future implementations in heterogeneous network scenarios, namely, datacenters, ISPs, corporate, academic and home; the technology is far from being considered secure and dependable to this day which inhibits its agile adoption. In recent years, the scientific community has been attracted to explore the field of SDN security to close the gap to SDN adoption. A twofold research context has been identified: on the one hand, leveraging SDN features to enhance security; while on the other hand one can find the pursue of a secure SDN system architecture. This article includes a description of security threats that menace SDN and a list of attacks that take advantage of vulnerabilities and misconfigurations in SDN constitutive elements. Accordingly, a discussion emphasizing the duality SDN-for-security and SDN-security is also presented. A comprehensive review of state-of-the art is accompanied by a categorization of the current research literature in a taxonomy that highlights the main characteristics and contributions of each proposal. Finally, the identified urgent needs and less explored topics are used to outline the opportunities and future challenges in the field of SDN security. © 2020 Elsevier Ltd
publishDate 2020
dc.date.accessioned.none.fl_str_mv 2020-04-29T14:53:51Z
dc.date.available.none.fl_str_mv 2020-04-29T14:53:51Z
dc.date.none.fl_str_mv 2020
dc.type.eng.fl_str_mv Review
dc.type.coarversion.fl_str_mv http://purl.org/coar/version/c_970fb48d4fbd8a85
dc.type.coar.fl_str_mv http://purl.org/coar/resource_type/c_2df8fbb1
dc.type.driver.none.fl_str_mv info:eu-repo/semantics/article
dc.identifier.issn.none.fl_str_mv 10848045
dc.identifier.uri.none.fl_str_mv http://hdl.handle.net/11407/5743
dc.identifier.doi.none.fl_str_mv 10.1016/j.jnca.2020.102595
identifier_str_mv 10848045
10.1016/j.jnca.2020.102595
url http://hdl.handle.net/11407/5743
dc.language.iso.none.fl_str_mv eng
language eng
dc.relation.isversionof.none.fl_str_mv https://www.scopus.com/inward/record.uri?eid=2-s2.0-85082809201&doi=10.1016%2fj.jnca.2020.102595&partnerID=40&md5=c656cfb5552b37d3391464f8233a240c
dc.relation.citationvolume.none.fl_str_mv 159
dc.relation.references.none.fl_str_mv Abubakar, A., Pranggono, B., Machine learning based intrusion detection system for software defined networks (2017) 2017 Seventh International Conference on Emerging Security Technologies, pp. 138-143. , EST
Ahmad, I., Namal, S., Ylianttila, M., Gurtov, A., Security in software defined networks: a survey (2015) IEEE Commun. Surv. Tutor., 17 (4), pp. 2317-2346
Ajaeiya, G.A., Adalian, N., Elhajj, I.H., Kayssi, A., Chehab, A., Flow-based intrusion detection system for sdn (2017) 2017 IEEE Symposium on Computers and Communications, pp. 787-793. , ISCC
Akhunzada, A., Ahmed, E., Gani, A., Khan, M.K., Imran, M., Guizani, S., Securing software defined networks: taxonomy, requirements, and open issues (2015) IEEE Commun. Mag., 53 (4), pp. 36-44
Akhunzada, A., Gani, A., Anuar, N.B., Abdelaziz, A., Khan, M.K., Hayat, A., Khan, S.U., Secure and dependable software defined networks (2016) J. Netw. Comput. Appl., 61, pp. 199-221
Al-Shaer, E., Al-Haj, S., Flowchecker: configuration analysis and verification of federated openflow infrastructures (2010) Proceedings of the 3rd ACM Workshop on Assurable and Useable Security Configuration, pp. 37-44. , ACM
AlEroud, A., Alsmadi, I., Identifying cyber-attacks on software defined networks: an inference-based intrusion detection approach (2017) J. Netw. Comput. Appl., 80, pp. 152-164
Ali, S.T., Sivaraman, V., Radford, A., Jha, S., A survey of securing networks using software defined networking (2015) IEEE Trans. Reliab., 64 (3), pp. 1086-1097
Alsmadi, I., Xu, D., Security of software defined networks: a survey (2015) Comput. Secur., 53, pp. 79-108
Banikazemi, M., Olshefski, D., Shaikh, A., Tracey, J., Wang, G., Meridian: an sdn platform for cloud network services (2013) IEEE Commun. Mag., 51 (2), pp. 120-127
Battula, L.R., Network security function virtualization(nsfv) towards cloud computing with nfv over openflow infrastructure: challenges and novel approaches (2014) 2014 International Conference on Advances in Computing, Communications and Informatics, pp. 1622-1628. , ICACCI
Benton, K., Camp, L.J., Small, C., Openflow vulnerability assessment (2013) Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 151-152. , ACM
Bernardo, D.V., Chua, B.B., Introduction and analysis of sdn and nfv security architecture (sn-seca) (2015) 2015 IEEE 29th International Conference on Advanced Information Networking and Applications, pp. 796-801
Bianco, A., Birke, R., Giraudo, L., Palacin, M., Openflow switching: data plane performance (2010) 2010 IEEE International Conference on Communications, pp. 1-5
Bifulco, R., Rtvri, G., A survey on the programmable data plane: abstractions architectures and open problems (2018) Proc. IEEE HPSR, , IEEE
Braun, W., Menth, M., Software-defined networking using openflow: protocols, applications and architectural design choices (2014) Future Internet, 6 (2), pp. 302-336
Canini, M., Venzano, D., Peresini, P., Kostic, D., Rexford, J., A nice way to test openflow applications (2012) Proceedings of the 9th USENIX Symposium on Networked Systems Design and Implementation, , NSDI)
Caprolu, M., Raponi, S., Di Pietro, R., Fortress: an efficient and distributed firewall for stateful data plane sdn, security and communication networks (2019)
Chandrasekaran, B., Benson, T., Tolerating sdn application failures with legosdn (2014) Proceedings of the 13th ACM Workshop on Hot Topics in Networks, pp. 1-7. , ACM
Cheminod, M., Durante, L., Seno, L., Valenza, F., Valenzano, A., Zunino, C., Leveraging sdn to improve security in industrial networks (2017) 2017 IEEE 13th International Workshop on Factory Communication Systems, pp. 1-7. , WFCS
Chowdhary, A., Huang, D., Alshamrani, A., Sabur, A., Kang, M.H., Kim, A., Velazquez, A., (1811), Sdfw: Sdn-based stateful distributed firewall, CoRR abs/1811.00634. arXiv00634. URL
Chung, C.-J., Khatkar, P., Xing, T., Lee, J., Huang, D., Nice: network intrusion detection and countermeasure selection in virtual network systems (2013) IEEE Trans. Dependable Secure Comput., 10 (4), pp. 198-211
Conti, M., De Gaspari, F., Mancini, L.V., Know your enemy: stealth configuration-information gathering in sdn (2017) International Conference on Green, Pervasive, and Cloud Computing, pp. 386-401. , Springer
Conti, M., Gaspari, F.D., Mancini, L.V., A novel stealthy attack to gather sdn configuration-information (2018) IEEE Trans. Emerg. Top. Comput., pp. 1-12
Coughlin, M., A Survey of Sdn Security Research (2014), University of Colorado Boulder
Cox, J.H., Clark, R., Owen, H., Leveraging sdn and webrtc for rogue access point security (2017) IEEE Trans. Netw. Serv. Manag., 14 (3), pp. 756-770
da Silva, A.S., Smith, P., Mauthe, A., Schaeffer-Filho, A., Resilience support in software-defined networking: a survey (2015) Comput. Network., 92, pp. 189-207
Dacier, M., Dietrich, S., Kargl, F., Knig, H., Network attack detection and defense: security challenges and opportunities of software-defined networking (2016) Dagstuhl Rep., 6 (9), pp. 1-28
Dacier, M.C., Knig, H., Cwalinski, R., Kargl, F., Dietrich, S., Security challenges and opportunities of software-defined networking (2017) IEEE Secur. Priv., 15 (2), pp. 96-100
Deng, J., Hu, H., Li, H., Pan, Z., Wang, K.C., Ahn, G.J., Bi, J., Park, Y., Vnguard: an nfv/sdn combination framework for provisioning and managing virtual firewalls (2015) 2015 IEEE Conference on Network Function Virtualization and Software Defined Network (NFV-SDN), pp. 107-114
Deng, S., Gao, X., Lu, Z., Gao, X., Packet injection attack and its defense in software-defined networks (2018) IEEE Trans. Inf. Forensics Secur., 13 (3), pp. 695-705
Dhawan, M., Poddar, R., Mahajan, K., Mann, V., Sphinx: detecting security attacks in software-defined networks (2015) Proceedings of the 2015 Network and Distributed System Security (NDSS) Symposium
Dong, P., Du, X., Zhang, H., Xu, T., A detection method for a novel ddos attack against sdn controllers by vast new low-traffic flows (2016) 2016 IEEE International Conference on Communications, pp. 1-6. , ICC
Dover, J.M., A Denial of Service Attack against the Open Floodlight Sdn Controller (2013)
Dover, J.M., A Switch Table Vulnerability in the Open Floodlight Sdn Controller (2014)
Farhady, H., Lee, H., Nakao, A., Software-defined networking: a survey (2015) Comput. Network., 81, pp. 79-95
Feamster, N., Rexford, J., Zegura, E., The road to sdn (2013) Queue, 11 (12), p. 20
Fernandez, M.P., Comparing openflow controller paradigms scalability: reactive and proactive (2013) 2013 IEEE 27th International Conference on Advanced Information Networking and Applications, pp. 1009-1016. , AINA)
Fonseca, P., Bennesby, R., Mota, E., Passito, A., A replication component for resilient openflow-based networking (2012) 2012 IEEE Network Operations and Management Symposium, pp. 933-939
Foster, N., Harrison, R., Freedman, M.J., Monsanto, C., Rexford, J., Story, A., Walker, D., Frenetic: a network programming language (2011) ACM Sigplan Not., 46 (9), pp. 279-291
Fundation, O.N., Software-defined networking: the new norm for networks (2012) ONF White Paper, 2, pp. 2-6
Gray, N., Zinner, T., Tran-Gia, P., Enhancing sdn security by device fingerprinting (2017) 2017 IFIP/IEEE Symposium on Integrated Network and Service Management, pp. 879-880. , IM
Haleplidis, E., Salim, J.H., Halpern, J.M., Hares, S., Pentikousis, K., Ogawa, K., Wang, W., Koufopavlou, O., Network programmability with forces (2015) IEEE Commun. Surv. Tutor., 17 (3), pp. 1423-1440
Hinrichs, T., Mitchell, J., Gude, N., Shenker, S., Casado, M., Expressing and Enforcing Flow-Based Network Security Policies (2008), Tech. rep University of Chicago
Hizver, J., Taxonomic modeling of security threats in software defined networking (2015) Proceedings of BlackHat Conference 2015, pp. 1-16
Hogg, S., Sdn Security Attack Vectors and Sdn Hardening: Securing Sdn Deployments Right from the Start (2014)
Hong, S., Xu, L., Wang, H., Gu, G., Poisoning network visibility in software-defined networks: new attacks and countermeasures (2015) Proceedings of the 2015 Network and Distributed System Security Symposium (NDSS), 15, pp. 8-11
Hu, H., Han, W., Ahn, G.-J., Zhao, Z., Flowguard: building robust firewalls for software-defined networks (2014) Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, pp. 97-102. , ACM
Hu, F., Hao, Q., Bao, K., A survey on software-defined network and openflow: from concept to implementation (2014) IEEE Commun. Surv. Tutor., 16 (4), pp. 2181-2206
Hu, Z., Wang, M., Yan, X., Yin, Y., Luo, Z., A comprehensive security architecture for sdn (2015) 2015 18th International Conference on Intelligence in Next Generation Networks, pp. 30-37
Hussein, A., Elhajj, I.H., Chehab, A., Kayssi, A., Sdn security plane: an architecture for resilient security services (2016) 2016 IEEE International Conference on Cloud Engineering Workshop, pp. 54-59. , IC2EW
Hwang, R.-H., Nguyen, V.-L., Lin, P.-C., Statefit: a security framework for sdn programmable data plane model (2018) 2018 15th International Symposium on Pervasive Systems, Algorithms and Networks (I-SPAN), pp. 168-173. , IEEE
Hyun, S., Kim, J., Kim, H., Jeong, J., Hares, S., Dunbar, L., Farrel, A., Interface to network security functions for cloud-based security services (2018) IEEE Commun. Mag., 56 (1), pp. 171-178
Jain, R., Paul, S., Network virtualization and software defined networking for cloud computing: a survey (2013) IEEE Commun. Mag., 51 (11), pp. 24-31
Jarraya, Y., Madi, T., Debbabi, M., A survey and a layered taxonomy of software-defined networking (2014) IEEE Commun. Surv. Tutor., 16 (4), pp. 1955-1980
Jarschel, M., Oechsner, S., Schlosser, D., Pries, R., Goll, S., Tran-Gia, P., Modeling and performance evaluation of an openflow architecture (2011) Proceedings of the 23rd International Teletraffic Congress, International Teletraffic Congress, pp. 1-7
Jo, H., Nam, J., Shin, S., Nosarmor: Building a Secure Network Operating System, Security and Communication Networks (2018)
Jouini, M., Rabai, L.B.A., Aissa, A.B., Classification of security threats in information systems (2014) Procedia Comput. Sci., 32, pp. 489-496
Jouini, M., Rabai, L.B.A., Aissa, A.B., Classification of security threats in information systems (2014) Procedia Comput. Sci., 32, pp. 489-496
Kaur, S., Singh, J., Ghumman, N.S., Network programmability using pox controller (2014) ICCCS International Conference on Communication, Computing & Systems, IEEE, 138
Kendall, K.K.R., A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems (1999), Ph.D. thesis Massachusetts Institute of Technology
Khan, S., Gani, A., Wahab, A.W.A., Abdelaziz, A., Ko, K., Khan, M.K., Guizani, M., Software-defined network forensics: motivation, potential locations, requirements, and challenges (2016) IEEE Network, 30 (6), pp. 6-13
Khurshid, A., Zhou, W., Caesar, M., Godfrey, P., Veriflow: verifying network-wide invariants in real time (2012) Proceedings of the First Workshop on Hot Topics in Software Defined Networks, pp. 49-54. , ACM
Kim, H., Feamster, N., Improving network management with software defined networking (2013) IEEE Commun. Mag., 51 (2), pp. 114-119
Kreutz, D., Ramos, F., Verissimo, P., Towards secure and dependable software-defined networks (2013) Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 55-60. , ACM
Kreutz, D., Ramos, F.M.V., Verssimo, P.E., Rothenberg, C.E., Azodolmolky, S., Uhlig, S., Software-defined networking: a comprehensive survey (2015) Proc. IEEE, 103 (1), pp. 14-76
Kreutz, D., Verssimo, P.J.E., Magalhaes, C., Ramos, F.M.V., The kiss principle in software-defined networking: a framework for secure communications (2018) IEEE Secur. Priv., 16 (5), pp. 60-70
Lara, A., Kolasani, A., Ramamurthy, B., Network innovation using openflow: a survey (2014) IEEE Commun. Surv. Tutor., 16 (1), pp. 493-512
Lara, A., Kolasani, A., Ramamurthy, B., Network innovation using openflow: a survey (2014) IEEE Commun. Surv. Tutor., 16 (1), pp. 493-512
Le, A., Dinh, P., Le, H., Tran, N.C., Flexible network-based intrusion detection and prevention system on software-defined networks (2015) 2015 International Conference on Advanced Computing and Applications, pp. 106-111. , ACOMP
Lee, W., Kim, N., Security policy scheme for an efficient security architecture in software-defined networking (2017) Information, 8 (2), p. 65
Lee, S., Kim, J., Shin, S., Porras, P., Yegneswaran, V., Athena: a framework for scalable anomaly detection in software-defined networks (2017) 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 249-260. , DSN
Lee, S., Yoon, C., Lee, C., Shin, S., Yegneswaran, V., Porras, P., Delta: a security assessment framework for software-defined networks (2017) Proceedings of the 2017 Network and Distributed System Security (NDSS) Symposium, 17
Leng, J., Zhou, Y., Zhang, J., Tang, Y., Chen, K., Exploiting the Vulnerability of Flow Table Overflow in Software-Defined Network: Attack Model, Evaluation, and Defense, Security and Communication Networks (2018)
Li, C.-S., Liao, W., Software defined networks (2013) IEEE Commun. Mag., 51 (2). , 113113
Lin, Z., Tao, D., Wang, Z., Dynamic construction scheme for virtualization security service in software-defined networks (2017) Sensors, 17 (4), p. 920
Lindqvist, U., Jonsson, E., How to systematically classify computer security intrusions (1997) Proceedings. 1997 IEEE Symposium on Security and Privacy, pp. 154-163. , IEEE Cat. No. 97CB36097
Liyanage, M., Ylianttila, M., Gurtov, A., Securing the control channel of software-defined mobile networks (2014) Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014, pp. 1-6
Loch, K.D., Carr, H.H., Warkentin, M.E., Threats to information systems: today's reality, yesterday's understanding (1992) MIS Q., 16 (2), pp. 173-186
Lorenz, C., Hock, D., Scherer, J., Durner, R., Kellerer, W., Gebert, S., Gray, N., Tran-Gia, P., An sdn/nfv-enabled enterprise network architecture offering fine-grained security policy enforcement (2017) IEEE Commun. Mag., 55 (3), pp. 217-223
Matias, J., Garay, J., Toledo, N., Unzilla, J., Jacob, E., Toward an sdn-enabled nfv architecture (2015) IEEE Commun. Mag., 53 (4), pp. 187-193
Mattos, D.M.F., Duarte, O.C.M.B., Authflow: authentication and access control mechanism for software defined networking (2016) Ann. Telecommun., 71 (1112), pp. 607-615
McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., Turner, J., Openflow: enabling innovation in campus networks (2008) Comput. Commun. Rev., 38 (2), pp. 69-74
Nguyen, T.-H., Yoo, M., Analysis of link discovery service attacks in sdn controller (2017) 2017 International Conference on Information Networking, pp. 259-261. , ICOIN
Nunes, B.A.A., Mendonca, M., Nguyen, X.N., Obraczka, K., Turletti, T., A survey of software-defined networking: past, present, and future of programmable networks (2014) IEEE Commun. Surv. Tutor., 16 (3), pp. 1617-1634
Oehlert, P., Violating assumptions with fuzzing (2005) IEEE Secur. Priv., 3 (2), pp. 58-62
Omnes, N., Bouillon, M., Fromentoux, G., Grand, O.L., A programmable and virtualized network it infrastructure for the internet of things: how can nfv sdn help for facing the upcoming challenges (2015) 2015 18th International Conference on Intelligence in Next Generation Networks, pp. 64-69
Ordonez-Lucena, J., Ameigeiras, P., Lopez, D., Ramos-Munoz, J.J., Lorca, J., Folgueira, J., Network slicing for 5g with sdn/nfv: concepts, architectures, and challenges (2017) IEEE Commun. Mag., 55 (5), pp. 80-87
Pfaff, B., Lantz, B., Heller, B., Openflow Switch Specification (2014)
Pontarelli, S., Bonola, M., Bianchi, G., Smashing sdn built-in actions: programmable data plane packet manipulation in hardware (2017) 2017 IEEE Conference on Network Softwarization (NetSoft), pp. 1-9. , IEEE
Porras, P., Shin, S., Yegneswaran, V., Fong, M., Tyson, M., Gu, G., A security enforcement kernel for openflow networks (2012) Proceedings of the First Workshop on Hot Topics in Software Defined Networks, pp. 121-126. , ACM
Porras, P.A., Cheung, S., Fong, M.W., Skinner, K., Yegneswaran, V., Securing the software defined network control layer (2015) Proceedings of the 2015 Network and Distributed System Security Symposium (NDSS), pp. 1-15. , Internet Society
Qiu, X., Zhang, K., Ren, Q., Global flow table: a convincing mechanism for security operations in sdn (2017) Comput. Network., 120, pp. 56-70
Ranjbar, A., Komu, M., Salmela, P., Aura, T., An sdn-based approach to enhance the end-to-end security: ssl/tls case study (2016) NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium, pp. 281-288
Rawat, D.B., Reddy, S.R., Software defined networking architecture, security and energy efficiency: a survey (2017) IEEE Commun. Surv. Tutor., 19 (1), pp. 325-346
Rpke, C., Sdn Malware: Problems of Current Protection Systems and Potential Countermeasures (2016), Sicherheit Sicherheit, Schutz und Zuverlssigkeit
Rpke, C., Holz, T., Sdn rootkits: subverting network operating systems of software-defined networks (2015) International Workshop on Recent Advances in Intrusion Detection, pp. 339-356. , Springer
Sahay, R., Blanc, G., Zhang, Z., Toumi, K., Debar, H., Adaptive policy-driven attack mitigation in sdn (2017) Proceedings of the 1st International Workshop on Security and Dependability of Multi-Domain Infrastructures, p. 4. , ACM
Sama, M.R., Said, S.B.H., Guillouard, K., Suciu, L., Enabling network programmability in lte/epc architecture using openflow (2014) 2014 12th International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks, pp. 389-396. , WiOpt
Schehlmann, L., Abt, S., Baier, H., Blessing or curse? revisiting security aspects of software-defined networking (2014) 10th International Conference on Network and Service Management (CNSM) and Workshop, pp. 382-387
Scott-Hayward, S., Design and deployment of secure, robust, and resilient sdn controllers (2015) Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft), pp. 1-5
Scott-Hayward, S., O'Callaghan, G., Sezer, S., Sdn security: a survey (2013) 2013 IEEE SDN for Future Networks and Services (SDN4FNS), pp. 1-7
Scott-Hayward, S., Natarajan, S., Sezer, S., A survey of security in software defined networks (2016) IEEE Commun. Surv. Tutor., 18 (1), pp. 623-654
Sezer, S., Scott-Hayward, S., Chouhan, P.K., Fraser, B., Lake, D., Finnegan, J., Viljoen, N., Rao, N., Are we ready for sdn? implementation challenges for software-defined networks (2013) IEEE Commun. Mag., 51 (7), pp. 36-43
Shaghaghi, A., Kafar, M.A., Buyya, R., Jha, S., (1804), Software-defined network (SDN) data plane security: Issues, solutions and future directions, CoRR abs/1804.00262. arXiv00262. URL
Shin, S., Yegneswaran, V., Porras, P., Gu, G., Avant-guard: scalable and vigilant switch flow management in software-defined networks (2013) Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 413-424. , ACM
Shin, S., Porras, P.A., Yegneswaran, V., Fong, M.W., Gu, G., Tyson, M., Fresco: modular composable security services for software-defined networks (2013) Proceedings of the 2013 Network and Distributed System Security Symposium (NDSS), , Internet Society
Shin, S., Song, Y., Lee, T., Lee, S., Chung, J., Porras, P., Yegneswaran, V., Kang, B.B., Rosemary: a robust, secure, and high-performance network operating system (2014) Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 78-89. , ACM
Shin, S., Xu, L., Hong, S., Gu, G., Enhancing network security through software defined networking (sdn) (2016) 2016 25th International Conference on Computer Communication and Networks, pp. 1-9. , ICCCN
Shu, Z., Wan, J., Li, D., Lin, J., Vasilakos, A.V., Imran, M., Security in software-defined networking: threats and countermeasures (2016) Mobile Network. Appl., 21 (5), pp. 764-776
Simmons, C., Ellis, C., Shiva, S., Dasgupta, D., Wu, Q., Avoidit: a cyber attack taxonomy (2014) 9th Annual Symposium on Information Assurance, pp. 2-12. , ASIA14
Skowyra, R.W., Lapets, A., Bestavros, A., Kfoury, A., Verifiably-safe software-defined networks for cps (2013) Proceedings of the 2nd ACM International Conference on High Confidence Networked Systems, pp. 101-110. , ACM
Sloan, R.H., Warner, R., Unauthorized Access: the Crisis in Online Privacy and Security (2013), CRC press
Stallings, W., Software-defined networks and openflow (2013) Inter. Protocol J., 16 (1), pp. 2-14
Tantar, E., Tantar, A.-A., Kantor, M., Engel, T., On using cognition for anomaly detection in sdn (2018) EVOLVE-A Bridge between Probability, Set Oriented Numerics, and Evolutionary Computation VI, pp. 67-81. , Springer
Tootoonchian, A., Gorbunov, S., Ganjali, Y., Casado, M., Sherwood, R., (2012) On controller performance in software-defined networks., Hot-ICE, 12, pp. 1-6
Toseef, U., Zaalouk, A., Rothe, T., Broadbent, M., Pentikousis, K., C-bas: certificate-based aaa for sdn experimental facilities (2014) 2014 Third European Workshop on Software Defined Networks (EWSDN), pp. 91-96. , IEEE
Van der Merwe, J., Kalmanek, C., Network programmability is the answer (2007) Workshop on Programmable Routers for the Extensible Services of Tomorrow (PRESTO 2007), Princeton, NJ
Vaughan-Nichols, S.J., Openflow: the next generation of the network? (2011) Computer, 44 (8), pp. 13-15
Wen, X., Chen, Y., Hu, C., Shi, C., Wang, Y., Towards a secure controller platform for openflow applications (2013) Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 171-172. , ACM
Wrona, K., Oudkerk, S., Szwaczyk, S., Amanowicz, M., Content-based security and protected core networking with software-defined networks (2016) IEEE Commun. Mag., 54 (10), pp. 138-144
Wrona, K., Amanowicz, M., Szwaczyk, S., Gierowski, K., Sdn testbed for validation of cross-layer data-centric security policies (2017) 2017 International Conference on Military Communications and Information Systems, pp. 1-6. , ICMCIS
Xing, T., Huang, D., Xu, L., Chung, C.J., Khatkar, P., Snortflow: a openflow-based intrusion prevention system in cloud environment (2013) 2013 Second GENI Research and Educational Experiment Workshop, pp. 89-92
Yan, Z., Zhang, P., Vasilakos, A.V., A security and trust framework for virtualized networks and software-defined networking (2016) Secur. Commun. Network., 9 (16), pp. 3059-3069
Yoon, C., Lee, S., Kang, H., Park, T., Shin, S., Yegneswaran, V., Porras, P., Gu, G., Flow wars: systemizing the attack surface and defenses in software-defined networks (2017) IEEE/ACM Trans. Netw., 25 (6), pp. 3514-3530
Yoon, C., Shin, S., Porras, P., Yegneswaran, V., Kang, H., Fong, M., O'Connor, B., Vachuska, T., A security-mode for carrier-grade sdn controllers (2017) Proceedings of the 33rd Annual Computer Security Applications Conference, pp. 461-473. , ACM
Zhang, S.-H., Meng, X.-X., Wang, L.-H., Sdnforensics: a comprehensive forensics framework for software defined network (2017) Development, 3 (4), p. 5
dc.rights.coar.fl_str_mv http://purl.org/coar/access_right/c_16ec
rights_invalid_str_mv http://purl.org/coar/access_right/c_16ec
dc.publisher.none.fl_str_mv Academic Press
dc.publisher.program.none.fl_str_mv Ingeniería de Sistemas
dc.publisher.faculty.none.fl_str_mv Facultad de Ingenierías
publisher.none.fl_str_mv Academic Press
dc.source.none.fl_str_mv Journal of Network and Computer Applications
institution Universidad de Medellín
repository.name.fl_str_mv Repositorio Institucional Universidad de Medellin
repository.mail.fl_str_mv repositorio@udem.edu.co
_version_ 1814159176760295424
spelling 20202020-04-29T14:53:51Z2020-04-29T14:53:51Z10848045http://hdl.handle.net/11407/574310.1016/j.jnca.2020.102595Software Defined Networking (SDN) is a revolutionary paradigm that is maturing along with other network technologies in the next-gen trend. The separation of control and data planes in SDN enables the emergence of novel network features like centralized flow management and network programmability that encourage the introduction of new and enhanced network functions in order to improve prominent network deployment aspects such as flexibility, scalability, network-wide visibility and cost-effectiveness. Although SDN exhibits a rapid evolution that is shaping this technology as a key enabler for future implementations in heterogeneous network scenarios, namely, datacenters, ISPs, corporate, academic and home; the technology is far from being considered secure and dependable to this day which inhibits its agile adoption. In recent years, the scientific community has been attracted to explore the field of SDN security to close the gap to SDN adoption. A twofold research context has been identified: on the one hand, leveraging SDN features to enhance security; while on the other hand one can find the pursue of a secure SDN system architecture. This article includes a description of security threats that menace SDN and a list of attacks that take advantage of vulnerabilities and misconfigurations in SDN constitutive elements. Accordingly, a discussion emphasizing the duality SDN-for-security and SDN-security is also presented. A comprehensive review of state-of-the art is accompanied by a categorization of the current research literature in a taxonomy that highlights the main characteristics and contributions of each proposal. Finally, the identified urgent needs and less explored topics are used to outline the opportunities and future challenges in the field of SDN security. © 2020 Elsevier LtdengAcademic PressIngeniería de SistemasFacultad de Ingenieríashttps://www.scopus.com/inward/record.uri?eid=2-s2.0-85082809201&doi=10.1016%2fj.jnca.2020.102595&partnerID=40&md5=c656cfb5552b37d3391464f8233a240c159Abubakar, A., Pranggono, B., Machine learning based intrusion detection system for software defined networks (2017) 2017 Seventh International Conference on Emerging Security Technologies, pp. 138-143. , ESTAhmad, I., Namal, S., Ylianttila, M., Gurtov, A., Security in software defined networks: a survey (2015) IEEE Commun. Surv. Tutor., 17 (4), pp. 2317-2346Ajaeiya, G.A., Adalian, N., Elhajj, I.H., Kayssi, A., Chehab, A., Flow-based intrusion detection system for sdn (2017) 2017 IEEE Symposium on Computers and Communications, pp. 787-793. , ISCCAkhunzada, A., Ahmed, E., Gani, A., Khan, M.K., Imran, M., Guizani, S., Securing software defined networks: taxonomy, requirements, and open issues (2015) IEEE Commun. Mag., 53 (4), pp. 36-44Akhunzada, A., Gani, A., Anuar, N.B., Abdelaziz, A., Khan, M.K., Hayat, A., Khan, S.U., Secure and dependable software defined networks (2016) J. Netw. Comput. Appl., 61, pp. 199-221Al-Shaer, E., Al-Haj, S., Flowchecker: configuration analysis and verification of federated openflow infrastructures (2010) Proceedings of the 3rd ACM Workshop on Assurable and Useable Security Configuration, pp. 37-44. , ACMAlEroud, A., Alsmadi, I., Identifying cyber-attacks on software defined networks: an inference-based intrusion detection approach (2017) J. Netw. Comput. Appl., 80, pp. 152-164Ali, S.T., Sivaraman, V., Radford, A., Jha, S., A survey of securing networks using software defined networking (2015) IEEE Trans. Reliab., 64 (3), pp. 1086-1097Alsmadi, I., Xu, D., Security of software defined networks: a survey (2015) Comput. Secur., 53, pp. 79-108Banikazemi, M., Olshefski, D., Shaikh, A., Tracey, J., Wang, G., Meridian: an sdn platform for cloud network services (2013) IEEE Commun. Mag., 51 (2), pp. 120-127Battula, L.R., Network security function virtualization(nsfv) towards cloud computing with nfv over openflow infrastructure: challenges and novel approaches (2014) 2014 International Conference on Advances in Computing, Communications and Informatics, pp. 1622-1628. , ICACCIBenton, K., Camp, L.J., Small, C., Openflow vulnerability assessment (2013) Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 151-152. , ACMBernardo, D.V., Chua, B.B., Introduction and analysis of sdn and nfv security architecture (sn-seca) (2015) 2015 IEEE 29th International Conference on Advanced Information Networking and Applications, pp. 796-801Bianco, A., Birke, R., Giraudo, L., Palacin, M., Openflow switching: data plane performance (2010) 2010 IEEE International Conference on Communications, pp. 1-5Bifulco, R., Rtvri, G., A survey on the programmable data plane: abstractions architectures and open problems (2018) Proc. IEEE HPSR, , IEEEBraun, W., Menth, M., Software-defined networking using openflow: protocols, applications and architectural design choices (2014) Future Internet, 6 (2), pp. 302-336Canini, M., Venzano, D., Peresini, P., Kostic, D., Rexford, J., A nice way to test openflow applications (2012) Proceedings of the 9th USENIX Symposium on Networked Systems Design and Implementation, , NSDI)Caprolu, M., Raponi, S., Di Pietro, R., Fortress: an efficient and distributed firewall for stateful data plane sdn, security and communication networks (2019)Chandrasekaran, B., Benson, T., Tolerating sdn application failures with legosdn (2014) Proceedings of the 13th ACM Workshop on Hot Topics in Networks, pp. 1-7. , ACMCheminod, M., Durante, L., Seno, L., Valenza, F., Valenzano, A., Zunino, C., Leveraging sdn to improve security in industrial networks (2017) 2017 IEEE 13th International Workshop on Factory Communication Systems, pp. 1-7. , WFCSChowdhary, A., Huang, D., Alshamrani, A., Sabur, A., Kang, M.H., Kim, A., Velazquez, A., (1811), Sdfw: Sdn-based stateful distributed firewall, CoRR abs/1811.00634. arXiv00634. URLChung, C.-J., Khatkar, P., Xing, T., Lee, J., Huang, D., Nice: network intrusion detection and countermeasure selection in virtual network systems (2013) IEEE Trans. Dependable Secure Comput., 10 (4), pp. 198-211Conti, M., De Gaspari, F., Mancini, L.V., Know your enemy: stealth configuration-information gathering in sdn (2017) International Conference on Green, Pervasive, and Cloud Computing, pp. 386-401. , SpringerConti, M., Gaspari, F.D., Mancini, L.V., A novel stealthy attack to gather sdn configuration-information (2018) IEEE Trans. Emerg. Top. Comput., pp. 1-12Coughlin, M., A Survey of Sdn Security Research (2014), University of Colorado BoulderCox, J.H., Clark, R., Owen, H., Leveraging sdn and webrtc for rogue access point security (2017) IEEE Trans. Netw. Serv. Manag., 14 (3), pp. 756-770da Silva, A.S., Smith, P., Mauthe, A., Schaeffer-Filho, A., Resilience support in software-defined networking: a survey (2015) Comput. Network., 92, pp. 189-207Dacier, M., Dietrich, S., Kargl, F., Knig, H., Network attack detection and defense: security challenges and opportunities of software-defined networking (2016) Dagstuhl Rep., 6 (9), pp. 1-28Dacier, M.C., Knig, H., Cwalinski, R., Kargl, F., Dietrich, S., Security challenges and opportunities of software-defined networking (2017) IEEE Secur. Priv., 15 (2), pp. 96-100Deng, J., Hu, H., Li, H., Pan, Z., Wang, K.C., Ahn, G.J., Bi, J., Park, Y., Vnguard: an nfv/sdn combination framework for provisioning and managing virtual firewalls (2015) 2015 IEEE Conference on Network Function Virtualization and Software Defined Network (NFV-SDN), pp. 107-114Deng, S., Gao, X., Lu, Z., Gao, X., Packet injection attack and its defense in software-defined networks (2018) IEEE Trans. Inf. Forensics Secur., 13 (3), pp. 695-705Dhawan, M., Poddar, R., Mahajan, K., Mann, V., Sphinx: detecting security attacks in software-defined networks (2015) Proceedings of the 2015 Network and Distributed System Security (NDSS) SymposiumDong, P., Du, X., Zhang, H., Xu, T., A detection method for a novel ddos attack against sdn controllers by vast new low-traffic flows (2016) 2016 IEEE International Conference on Communications, pp. 1-6. , ICCDover, J.M., A Denial of Service Attack against the Open Floodlight Sdn Controller (2013)Dover, J.M., A Switch Table Vulnerability in the Open Floodlight Sdn Controller (2014)Farhady, H., Lee, H., Nakao, A., Software-defined networking: a survey (2015) Comput. Network., 81, pp. 79-95Feamster, N., Rexford, J., Zegura, E., The road to sdn (2013) Queue, 11 (12), p. 20Fernandez, M.P., Comparing openflow controller paradigms scalability: reactive and proactive (2013) 2013 IEEE 27th International Conference on Advanced Information Networking and Applications, pp. 1009-1016. , AINA)Fonseca, P., Bennesby, R., Mota, E., Passito, A., A replication component for resilient openflow-based networking (2012) 2012 IEEE Network Operations and Management Symposium, pp. 933-939Foster, N., Harrison, R., Freedman, M.J., Monsanto, C., Rexford, J., Story, A., Walker, D., Frenetic: a network programming language (2011) ACM Sigplan Not., 46 (9), pp. 279-291Fundation, O.N., Software-defined networking: the new norm for networks (2012) ONF White Paper, 2, pp. 2-6Gray, N., Zinner, T., Tran-Gia, P., Enhancing sdn security by device fingerprinting (2017) 2017 IFIP/IEEE Symposium on Integrated Network and Service Management, pp. 879-880. , IMHaleplidis, E., Salim, J.H., Halpern, J.M., Hares, S., Pentikousis, K., Ogawa, K., Wang, W., Koufopavlou, O., Network programmability with forces (2015) IEEE Commun. Surv. Tutor., 17 (3), pp. 1423-1440Hinrichs, T., Mitchell, J., Gude, N., Shenker, S., Casado, M., Expressing and Enforcing Flow-Based Network Security Policies (2008), Tech. rep University of ChicagoHizver, J., Taxonomic modeling of security threats in software defined networking (2015) Proceedings of BlackHat Conference 2015, pp. 1-16Hogg, S., Sdn Security Attack Vectors and Sdn Hardening: Securing Sdn Deployments Right from the Start (2014)Hong, S., Xu, L., Wang, H., Gu, G., Poisoning network visibility in software-defined networks: new attacks and countermeasures (2015) Proceedings of the 2015 Network and Distributed System Security Symposium (NDSS), 15, pp. 8-11Hu, H., Han, W., Ahn, G.-J., Zhao, Z., Flowguard: building robust firewalls for software-defined networks (2014) Proceedings of the Third Workshop on Hot Topics in Software Defined Networking, pp. 97-102. , ACMHu, F., Hao, Q., Bao, K., A survey on software-defined network and openflow: from concept to implementation (2014) IEEE Commun. Surv. Tutor., 16 (4), pp. 2181-2206Hu, Z., Wang, M., Yan, X., Yin, Y., Luo, Z., A comprehensive security architecture for sdn (2015) 2015 18th International Conference on Intelligence in Next Generation Networks, pp. 30-37Hussein, A., Elhajj, I.H., Chehab, A., Kayssi, A., Sdn security plane: an architecture for resilient security services (2016) 2016 IEEE International Conference on Cloud Engineering Workshop, pp. 54-59. , IC2EWHwang, R.-H., Nguyen, V.-L., Lin, P.-C., Statefit: a security framework for sdn programmable data plane model (2018) 2018 15th International Symposium on Pervasive Systems, Algorithms and Networks (I-SPAN), pp. 168-173. , IEEEHyun, S., Kim, J., Kim, H., Jeong, J., Hares, S., Dunbar, L., Farrel, A., Interface to network security functions for cloud-based security services (2018) IEEE Commun. Mag., 56 (1), pp. 171-178Jain, R., Paul, S., Network virtualization and software defined networking for cloud computing: a survey (2013) IEEE Commun. Mag., 51 (11), pp. 24-31Jarraya, Y., Madi, T., Debbabi, M., A survey and a layered taxonomy of software-defined networking (2014) IEEE Commun. Surv. Tutor., 16 (4), pp. 1955-1980Jarschel, M., Oechsner, S., Schlosser, D., Pries, R., Goll, S., Tran-Gia, P., Modeling and performance evaluation of an openflow architecture (2011) Proceedings of the 23rd International Teletraffic Congress, International Teletraffic Congress, pp. 1-7Jo, H., Nam, J., Shin, S., Nosarmor: Building a Secure Network Operating System, Security and Communication Networks (2018)Jouini, M., Rabai, L.B.A., Aissa, A.B., Classification of security threats in information systems (2014) Procedia Comput. Sci., 32, pp. 489-496Jouini, M., Rabai, L.B.A., Aissa, A.B., Classification of security threats in information systems (2014) Procedia Comput. Sci., 32, pp. 489-496Kaur, S., Singh, J., Ghumman, N.S., Network programmability using pox controller (2014) ICCCS International Conference on Communication, Computing & Systems, IEEE, 138Kendall, K.K.R., A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems (1999), Ph.D. thesis Massachusetts Institute of TechnologyKhan, S., Gani, A., Wahab, A.W.A., Abdelaziz, A., Ko, K., Khan, M.K., Guizani, M., Software-defined network forensics: motivation, potential locations, requirements, and challenges (2016) IEEE Network, 30 (6), pp. 6-13Khurshid, A., Zhou, W., Caesar, M., Godfrey, P., Veriflow: verifying network-wide invariants in real time (2012) Proceedings of the First Workshop on Hot Topics in Software Defined Networks, pp. 49-54. , ACMKim, H., Feamster, N., Improving network management with software defined networking (2013) IEEE Commun. Mag., 51 (2), pp. 114-119Kreutz, D., Ramos, F., Verissimo, P., Towards secure and dependable software-defined networks (2013) Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 55-60. , ACMKreutz, D., Ramos, F.M.V., Verssimo, P.E., Rothenberg, C.E., Azodolmolky, S., Uhlig, S., Software-defined networking: a comprehensive survey (2015) Proc. IEEE, 103 (1), pp. 14-76Kreutz, D., Verssimo, P.J.E., Magalhaes, C., Ramos, F.M.V., The kiss principle in software-defined networking: a framework for secure communications (2018) IEEE Secur. Priv., 16 (5), pp. 60-70Lara, A., Kolasani, A., Ramamurthy, B., Network innovation using openflow: a survey (2014) IEEE Commun. Surv. Tutor., 16 (1), pp. 493-512Lara, A., Kolasani, A., Ramamurthy, B., Network innovation using openflow: a survey (2014) IEEE Commun. Surv. Tutor., 16 (1), pp. 493-512Le, A., Dinh, P., Le, H., Tran, N.C., Flexible network-based intrusion detection and prevention system on software-defined networks (2015) 2015 International Conference on Advanced Computing and Applications, pp. 106-111. , ACOMPLee, W., Kim, N., Security policy scheme for an efficient security architecture in software-defined networking (2017) Information, 8 (2), p. 65Lee, S., Kim, J., Shin, S., Porras, P., Yegneswaran, V., Athena: a framework for scalable anomaly detection in software-defined networks (2017) 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 249-260. , DSNLee, S., Yoon, C., Lee, C., Shin, S., Yegneswaran, V., Porras, P., Delta: a security assessment framework for software-defined networks (2017) Proceedings of the 2017 Network and Distributed System Security (NDSS) Symposium, 17Leng, J., Zhou, Y., Zhang, J., Tang, Y., Chen, K., Exploiting the Vulnerability of Flow Table Overflow in Software-Defined Network: Attack Model, Evaluation, and Defense, Security and Communication Networks (2018)Li, C.-S., Liao, W., Software defined networks (2013) IEEE Commun. Mag., 51 (2). , 113113Lin, Z., Tao, D., Wang, Z., Dynamic construction scheme for virtualization security service in software-defined networks (2017) Sensors, 17 (4), p. 920Lindqvist, U., Jonsson, E., How to systematically classify computer security intrusions (1997) Proceedings. 1997 IEEE Symposium on Security and Privacy, pp. 154-163. , IEEE Cat. No. 97CB36097Liyanage, M., Ylianttila, M., Gurtov, A., Securing the control channel of software-defined mobile networks (2014) Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014, pp. 1-6Loch, K.D., Carr, H.H., Warkentin, M.E., Threats to information systems: today's reality, yesterday's understanding (1992) MIS Q., 16 (2), pp. 173-186Lorenz, C., Hock, D., Scherer, J., Durner, R., Kellerer, W., Gebert, S., Gray, N., Tran-Gia, P., An sdn/nfv-enabled enterprise network architecture offering fine-grained security policy enforcement (2017) IEEE Commun. Mag., 55 (3), pp. 217-223Matias, J., Garay, J., Toledo, N., Unzilla, J., Jacob, E., Toward an sdn-enabled nfv architecture (2015) IEEE Commun. Mag., 53 (4), pp. 187-193Mattos, D.M.F., Duarte, O.C.M.B., Authflow: authentication and access control mechanism for software defined networking (2016) Ann. Telecommun., 71 (1112), pp. 607-615McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., Shenker, S., Turner, J., Openflow: enabling innovation in campus networks (2008) Comput. Commun. Rev., 38 (2), pp. 69-74Nguyen, T.-H., Yoo, M., Analysis of link discovery service attacks in sdn controller (2017) 2017 International Conference on Information Networking, pp. 259-261. , ICOINNunes, B.A.A., Mendonca, M., Nguyen, X.N., Obraczka, K., Turletti, T., A survey of software-defined networking: past, present, and future of programmable networks (2014) IEEE Commun. Surv. Tutor., 16 (3), pp. 1617-1634Oehlert, P., Violating assumptions with fuzzing (2005) IEEE Secur. Priv., 3 (2), pp. 58-62Omnes, N., Bouillon, M., Fromentoux, G., Grand, O.L., A programmable and virtualized network it infrastructure for the internet of things: how can nfv sdn help for facing the upcoming challenges (2015) 2015 18th International Conference on Intelligence in Next Generation Networks, pp. 64-69Ordonez-Lucena, J., Ameigeiras, P., Lopez, D., Ramos-Munoz, J.J., Lorca, J., Folgueira, J., Network slicing for 5g with sdn/nfv: concepts, architectures, and challenges (2017) IEEE Commun. Mag., 55 (5), pp. 80-87Pfaff, B., Lantz, B., Heller, B., Openflow Switch Specification (2014)Pontarelli, S., Bonola, M., Bianchi, G., Smashing sdn built-in actions: programmable data plane packet manipulation in hardware (2017) 2017 IEEE Conference on Network Softwarization (NetSoft), pp. 1-9. , IEEEPorras, P., Shin, S., Yegneswaran, V., Fong, M., Tyson, M., Gu, G., A security enforcement kernel for openflow networks (2012) Proceedings of the First Workshop on Hot Topics in Software Defined Networks, pp. 121-126. , ACMPorras, P.A., Cheung, S., Fong, M.W., Skinner, K., Yegneswaran, V., Securing the software defined network control layer (2015) Proceedings of the 2015 Network and Distributed System Security Symposium (NDSS), pp. 1-15. , Internet SocietyQiu, X., Zhang, K., Ren, Q., Global flow table: a convincing mechanism for security operations in sdn (2017) Comput. Network., 120, pp. 56-70Ranjbar, A., Komu, M., Salmela, P., Aura, T., An sdn-based approach to enhance the end-to-end security: ssl/tls case study (2016) NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium, pp. 281-288Rawat, D.B., Reddy, S.R., Software defined networking architecture, security and energy efficiency: a survey (2017) IEEE Commun. Surv. Tutor., 19 (1), pp. 325-346Rpke, C., Sdn Malware: Problems of Current Protection Systems and Potential Countermeasures (2016), Sicherheit Sicherheit, Schutz und ZuverlssigkeitRpke, C., Holz, T., Sdn rootkits: subverting network operating systems of software-defined networks (2015) International Workshop on Recent Advances in Intrusion Detection, pp. 339-356. , SpringerSahay, R., Blanc, G., Zhang, Z., Toumi, K., Debar, H., Adaptive policy-driven attack mitigation in sdn (2017) Proceedings of the 1st International Workshop on Security and Dependability of Multi-Domain Infrastructures, p. 4. , ACMSama, M.R., Said, S.B.H., Guillouard, K., Suciu, L., Enabling network programmability in lte/epc architecture using openflow (2014) 2014 12th International Symposium on Modeling and Optimization in Mobile, Ad Hoc, and Wireless Networks, pp. 389-396. , WiOptSchehlmann, L., Abt, S., Baier, H., Blessing or curse? revisiting security aspects of software-defined networking (2014) 10th International Conference on Network and Service Management (CNSM) and Workshop, pp. 382-387Scott-Hayward, S., Design and deployment of secure, robust, and resilient sdn controllers (2015) Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft), pp. 1-5Scott-Hayward, S., O'Callaghan, G., Sezer, S., Sdn security: a survey (2013) 2013 IEEE SDN for Future Networks and Services (SDN4FNS), pp. 1-7Scott-Hayward, S., Natarajan, S., Sezer, S., A survey of security in software defined networks (2016) IEEE Commun. Surv. Tutor., 18 (1), pp. 623-654Sezer, S., Scott-Hayward, S., Chouhan, P.K., Fraser, B., Lake, D., Finnegan, J., Viljoen, N., Rao, N., Are we ready for sdn? implementation challenges for software-defined networks (2013) IEEE Commun. Mag., 51 (7), pp. 36-43Shaghaghi, A., Kafar, M.A., Buyya, R., Jha, S., (1804), Software-defined network (SDN) data plane security: Issues, solutions and future directions, CoRR abs/1804.00262. arXiv00262. URLShin, S., Yegneswaran, V., Porras, P., Gu, G., Avant-guard: scalable and vigilant switch flow management in software-defined networks (2013) Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 413-424. , ACMShin, S., Porras, P.A., Yegneswaran, V., Fong, M.W., Gu, G., Tyson, M., Fresco: modular composable security services for software-defined networks (2013) Proceedings of the 2013 Network and Distributed System Security Symposium (NDSS), , Internet SocietyShin, S., Song, Y., Lee, T., Lee, S., Chung, J., Porras, P., Yegneswaran, V., Kang, B.B., Rosemary: a robust, secure, and high-performance network operating system (2014) Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 78-89. , ACMShin, S., Xu, L., Hong, S., Gu, G., Enhancing network security through software defined networking (sdn) (2016) 2016 25th International Conference on Computer Communication and Networks, pp. 1-9. , ICCCNShu, Z., Wan, J., Li, D., Lin, J., Vasilakos, A.V., Imran, M., Security in software-defined networking: threats and countermeasures (2016) Mobile Network. Appl., 21 (5), pp. 764-776Simmons, C., Ellis, C., Shiva, S., Dasgupta, D., Wu, Q., Avoidit: a cyber attack taxonomy (2014) 9th Annual Symposium on Information Assurance, pp. 2-12. , ASIA14Skowyra, R.W., Lapets, A., Bestavros, A., Kfoury, A., Verifiably-safe software-defined networks for cps (2013) Proceedings of the 2nd ACM International Conference on High Confidence Networked Systems, pp. 101-110. , ACMSloan, R.H., Warner, R., Unauthorized Access: the Crisis in Online Privacy and Security (2013), CRC pressStallings, W., Software-defined networks and openflow (2013) Inter. Protocol J., 16 (1), pp. 2-14Tantar, E., Tantar, A.-A., Kantor, M., Engel, T., On using cognition for anomaly detection in sdn (2018) EVOLVE-A Bridge between Probability, Set Oriented Numerics, and Evolutionary Computation VI, pp. 67-81. , SpringerTootoonchian, A., Gorbunov, S., Ganjali, Y., Casado, M., Sherwood, R., (2012) On controller performance in software-defined networks., Hot-ICE, 12, pp. 1-6Toseef, U., Zaalouk, A., Rothe, T., Broadbent, M., Pentikousis, K., C-bas: certificate-based aaa for sdn experimental facilities (2014) 2014 Third European Workshop on Software Defined Networks (EWSDN), pp. 91-96. , IEEEVan der Merwe, J., Kalmanek, C., Network programmability is the answer (2007) Workshop on Programmable Routers for the Extensible Services of Tomorrow (PRESTO 2007), Princeton, NJVaughan-Nichols, S.J., Openflow: the next generation of the network? (2011) Computer, 44 (8), pp. 13-15Wen, X., Chen, Y., Hu, C., Shi, C., Wang, Y., Towards a secure controller platform for openflow applications (2013) Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 171-172. , ACMWrona, K., Oudkerk, S., Szwaczyk, S., Amanowicz, M., Content-based security and protected core networking with software-defined networks (2016) IEEE Commun. Mag., 54 (10), pp. 138-144Wrona, K., Amanowicz, M., Szwaczyk, S., Gierowski, K., Sdn testbed for validation of cross-layer data-centric security policies (2017) 2017 International Conference on Military Communications and Information Systems, pp. 1-6. , ICMCISXing, T., Huang, D., Xu, L., Chung, C.J., Khatkar, P., Snortflow: a openflow-based intrusion prevention system in cloud environment (2013) 2013 Second GENI Research and Educational Experiment Workshop, pp. 89-92Yan, Z., Zhang, P., Vasilakos, A.V., A security and trust framework for virtualized networks and software-defined networking (2016) Secur. Commun. Network., 9 (16), pp. 3059-3069Yoon, C., Lee, S., Kang, H., Park, T., Shin, S., Yegneswaran, V., Porras, P., Gu, G., Flow wars: systemizing the attack surface and defenses in software-defined networks (2017) IEEE/ACM Trans. Netw., 25 (6), pp. 3514-3530Yoon, C., Shin, S., Porras, P., Yegneswaran, V., Kang, H., Fong, M., O'Connor, B., Vachuska, T., A security-mode for carrier-grade sdn controllers (2017) Proceedings of the 33rd Annual Computer Security Applications Conference, pp. 461-473. , ACMZhang, S.-H., Meng, X.-X., Wang, L.-H., Sdnforensics: a comprehensive forensics framework for software defined network (2017) Development, 3 (4), p. 5Journal of Network and Computer ApplicationsAttack detectionForensicsNetwork applicationsNetwork monitoringNetwork securityOpenflowProgrammable networksSecurity threatsSoftware defined networkingThreats mitigationTraffic inspectionVirtualized network functionsVulnerabilitiesApplication programsCost effectivenessHeterogeneous networksInformation managementNetwork function virtualizationSecurity systemsSoftware defined networkingTransfer functionsAttack detectionForensicsNetwork applicationsNetwork functionsNetwork MonitoringOpenflowProgrammable networkSecurity threatsThreats mitigationsVulnerabilitiesNetwork securitySecurity in SDN: A comprehensive surveyReviewinfo:eu-repo/semantics/articlehttp://purl.org/coar/version/c_970fb48d4fbd8a85http://purl.org/coar/resource_type/c_2df8fbb1Correa Chica, J.C., Universidad de Antioquia and Instituto Tecnológico Metropolitano de Medellín, Universidad de Medellín, Universidad de Antioquia Calle, 67 # 53 108, Medellín, Colombia; Imbachi, J.C., Universidad de Antioquia and Instituto Tecnológico Metropolitano de Medellín, Universidad de Medellín, Universidad de Antioquia Calle, 67 # 53 108, Medellín, Colombia; Botero Vega, J.F., Universidad de Antioquia and Instituto Tecnológico Metropolitano de Medellín, Universidad de Medellín, Universidad de Antioquia Calle, 67 # 53 108, Medellín, Colombiahttp://purl.org/coar/access_right/c_16ecCorrea Chica J.C.Imbachi J.C.Botero Vega J.F.11407/5743oai:repository.udem.edu.co:11407/57432020-05-27 17:43:13.556Repositorio Institucional Universidad de Medellinrepositorio@udem.edu.co

Publicaciones similares