A Comprehensive Security Analysis Checksheet for OpenFlow Networks
نویسندگان
چکیده
Software-defined networking (SDN) enables the flexible and dynamic configuration of a network, and OpenFlow is one practical SDN implementation. Although it has been widely deployed in actual environments, it can cause fatal flows. In this paper, we consolidate the security threats to OpenFlow mentioned in previous work and introduce a new security checksheet that includes risk assessment methods. We compare the Kreutz et al. threat vectors with the SDNSecurity.org attack list to discover new threats. Our checksheet enables the security of a given OpenFlow network design to be comprehensively assessed. Furthermore, we evaluate the performance of an OpenFlow network with two attack scenarios using the checksheet and identify critical performance degradations.
منابع مشابه
FRESCO: Modular Composable Security Services for Software-Defined Networks
OpenFlow is an open standard that has gained tremendous interest in the last few years within the network community. It is an embodiment of the software-defined networking paradigm, in which higher-level flow routing decisions are derived from a control layer that, unlike classic network switch implementations, is separated from the data handling layer. The central attraction to this paradigm i...
متن کاملA Packet-In Message Filtering Mechanism for Protection of Control Plane in OpenFlow Switches
Protecting control planes in networking hardware from high rate packets is a critical issue for networks under operation. One common approach for conventional networking hardware is to offload expensive functions onto hard-wired offload engines as ASICs. This approach is inadequate for OpenFlow networks because it restricts a certain amount of flexibility for network control that OpenFlow tries...
متن کاملP Ractical Security Analysis of O Pen F Low U Niversity of a Msterdam
OpenFlow allows network administrators to manage the behavior of their network by running a software application on a network controller device. This network element can insert dynamic control flow policies by modifying the flow tables of each switch and create interconnecting paths between the other elements of the network. Due to the fact that Software Defined Networking is a new concept prom...
متن کاملFloware: Balanced Flow Monitoring in Software Defined Networks
OpenFlow is a protocol-implementing Software Defined Networking, a new networking paradigm, which segregates packet forwarding and accounting from the routing decisions and advanced protocols. This segregation increases agility and flexibility and reduces operational expenses of the networking infrastructure. Despite the apparent benefits, many companies are unable to upgrade their networks to ...
متن کاملSecuring the Software Defined Network Control Layer
Software-defined networks (SDNs) pose both an opportunity and challenge to the network security community. The opportunity lies in the ability of SDN applications to express intelligent and agile threat mitigation logic against hostile flows, without the need for specialized inline hardware. However, the SDN community lacks a secure control-layer to manage the interactions between the applicati...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2016