Research on the security of software defined network architecture

doi:10.12267/j.issn.2096-5931.2023.02.006

Abstract

Abstract:

SDN network realizes the separation of control and forwarding, and meets the requirements of computing and storage that change continuous, so it is widely used in new technologies in recent years. With the continuous development and deployment of SDN network, it faces more and more security threats and risks. SDN security has become an important research direction in the field of network security. This paper starts with the SDN three-tier architecture, analyzes and summarizes the main security problems faced by the SDN network, discusses the current main measures for security problems, mainly introduces the research results of DDoS attack prevention, and looks forward to the next research direction.

Key words: software defined network, centralized control, security risk, countermeasures, distributed denial of service

CLC Number:

TN929.11

ZHANG Jian, CAO Heng, WANG Zhe. Research on the security of software defined network architecture[J]. Information and Communications Technology and Policy, 2023, 49(2): 35-42.

Add to citation manager EndNote|Ris|BibTeX

URL:

http://ictp.caict.ac.cn/EN/10.12267/j.issn.2096-5931.2023.02.006

http://ictp.caict.ac.cn/EN/Y2023/V49/I2/35

Figures/Tables 4

References 44

[1]	Stanford University. Clean slate program[R], 2006.
[2]	MCKEOWN N. Software-Defined metworking[C]. In Proc. of the INFOCOM Key Note, 2009.
[3]	Software-Defined Networking (SDN) definition-open networking foundation[R], 2018.
[4]	ALHAZMI A, SHAMI, REFAEY A. Optimized provisioning of SDN enabled virtual networks in geo-distributed cloud computing datacenters[J]. Commun. Netw, 2017, 19(4): 402-415.
[5]	MARíA B, JIMéNEZ F, JORGE E, et al. A Survey of the main security issues and solutions for the SDN architecture[J]. IEEE Access, 2021(9):122016-122038.
[6]	RAHOUTI M, XIONG K, XIN Y, et al. SDN security review: threat taxonomy, implications, and open challenges[J]. IEEE Access, 2022(10):45820-45854.
[7]	MUBARAKALI A, ALQAHTANI A S. A survey: security threats and countermeasures in software defined networking[C]. IEEE 2nd International Con. on Information and Computer Technologies, 2019:180-185.
[8]	VAUGHAN-NICHOLS S. OpenFlow: the next generation of the network[J]. Computer, 2011, 44(8): 13-15.
[9]	FEAMSTER N, REXFORD J, ZEGURA E. The road to SDN: an intellectual history of programmable networks[J]. ACM Comput, Commun, 2014, 44(2): 87-98.
[10]	DING A, CROWCROFT J, TARKOMA S, et al. Software defined networking for security enhancement in wireless mobile networks[J]. Computer Networks, 2014(66): 94-101.
[11]	SCOTT-HAYWARD S, O’CALLAGHAN G. SDN security: a survey[C]. in Proc. SDN4FNS Workshop Softw. Defined Netw. Future Netw. Services, 2013:1-7.
[12]	ON Foundation. SDN architecture[R], 2014.
[13]	Danping A, Pourzandi M, Scott-Hayward S, et al. Threat analysis for the SDN architecture[R], 2018.
[14]	LIU Y, ZHAO B, ZHAO P, et al. A survey: typical security issues of software-defined networking[J]. China Communications, 2019, 16(7):13-31.
[15]	NAGARATHNA R, SHALINIE S. SLAMHHA: a supervised learning approach to mitigate host location hijacking attack on SDN controllers[C]// in Proc. 4th Int. Conf. Signal Process.,Commun. Netw, 2017: 1-7.
[16]	SMYTH D, MCSWEENEY S, O’SHEA D, et al. Detecting link fabrication attacks in software-defined networks[C]// in Proc. 26th Int. Conf. Comput. Commun. Netw. (ICCCN), 2017: 1-8.
[17]	BROOKS M, YANG B. A man-in-the-middle attack against OpenDay light SDN controller[C]// in Proc. 4th Annu. ACM Conf. Res. Inf. Technol., 2015:45-49.
[18]	JERO S, KOCH W, SKOWYRA R, et al. Identifier binding attacks and defenses in software-defined networks[C]// in Proc. of 26th USENIX Security Symposium, 2017: 415-432.
[19]	MARIN E, BUCCIOL N, CONTI M. An in-depth look into SDN topology discovery mechanisms: novel attacks and practical countermeasures[C]// in Proc. ACM SIGSAC Conf. Comput. Commun. Secur., 2019: 1101-1114.
[20]	PRADHAN A, MATHEW R. Solutions to vulnerabilities and threats in software defined networking (SDN)[C]// in Proc. Comput. Sci., 2020(171): 2581-2589.
[21]	SALLAM A, REFAEY A, SHAMI A. On the security of SDN: a completed secure and scalable framework using the software-defined perimeter[J]. IEEE Access, 2019(7): 146577-146587.
[22]	WANG M, LIU J, Chen J, et al. Perm-guard: authenticating the validity of flow rules in software defined networking[J]. Signal Process. Syst., 2017, 86(2-3): 157-173.
[23]	XIA J, CAI Z, HU G, et al. An active defense solution for ARP spoofing in OpenFlow network[J]. Chin. J. Electron., 2019, 28(1): 172-178. doi: 10.1049/cje.v28.1 URL
[24]	CAO J, LI Q, XIE R, et al. The crosspath attack: disrupting the SDN control channel via shared links[C]. Proc. 28th USENIX Secur. Symp., 2019:19-36.
[25]	THIMMARAJU K, SCHIFF L, SCHMID S. Outsmarting network security with SDN teleportation[C]// IEEE Eur. Symp. Secur. Privacy, 2017: 563-578.
[26]	KLOTI R. OpenFlow: a security analysis[D]. M.S. thesis, Dept. Inf. Tech. Elec. Eng., Swiss Fed. Inst. Technol.Zurich (ETH), Zurich, Switzerland, 2013.
[27]	SKOWYRA P, XU L, GU G, et al. Effective topology tampering attacks and defenses in software-defined networks[C]// in 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, 2018: 374-385.
[28]	HONG S, XU L, WANG H, et al. Poisoning network visibility in software-defined networks: new attacks and countermeasures[C]// in Proc. Netw. Distrib. Syst. Secur. Symp. (NDSS), 2015(15):8-11.
[29]	MAITY P, SAXENA S, SRIVASTAVA S, et al. An effective probabilistic technique for DDoS detection in OpenFlow controller[J]. IEEE Syetems Journal, 2022, 16(1):1345-1354.
[30]	CAO Y, JIANG H, DENG Y, et al. Detecting and mitigating DDoS attacks in SDN using spatial-temporal graph convolutional network[J]. IEEE Transactions on Dependable and Secure Computing, 2022, 19(6):3855-3872. doi: 10.1109/TDSC.2021.3108782 URL
[31]	Feb. Security-Enhanced Floodlight[R], 2022.
[32]	Feb. Floodlight Controller[R], 2022.
[33]	FERNANDEZ M. Comparing OpenFlow controller paradigms scalability: Reactive and proactive[C]// in Proc. IEEE 27th Int. Conf. Adv. Inf. Netw.Appl., pp. 1009-1016, Mar. 2013.
[34]	Al-SHAER E, Al-HAJ S. FlowChecker: configuration analysis and verification of federated openflow infrastructures[C]// in Proc. 3rd ACM Workshop Assurable Usable Secur. Configuration, 2010: 37-44.
[35]	KHURSHID A, ZHOU W, CAESAR M, et al. VeriFlow: verifying network-wide invariants in real time[C]// in Proc. 1st Workshop Hot Topics Softw. Defined Netw., 2012: 49-54.
[36]	PORRAS P, SHIN S, YEGNESWARAN V, et al. A security enforcement kernel for OpenFlow networks[C]// in Proc. 1st ACM Workshop Hot Hot Topics Softw. Defined Netw., 2012:121-126.
[37]	WEN X, CHEN Y, HU C, et al. Towards a secure controller platform for OpenFlow applications[C]// in Proc. 2nd ACM SIGCOMM Workshop Hot Topics Softw. Defined Netw., 2013: 171-172.
[38]	BECKETT R, ZOU X K, ZHANG S, et al. An assertion language for debugging SDN applications[C]// in Proc.3rd ACM Workshop Hot Topics Softw. Defined Netw., 2014: 91-96.
[39]	Business Wire. Global software-defined networking market (2020 to 2025)-software-defined networking for 5G presents opportunities[R], 2020.
[40]	GOUD K, GIDITURI S. Security challenges and related solutions in software defined networks: a survey[J]. International Journal of Computer Networks and Applications, 2022(9): 22-37.
[41]	MALEH Y, QASMAOUI Y, GHOLAMI K, Y. et al. A comprehensive survey on SDN security: threats, mitigations, and future directions[J]. J. Reliable Intell. Environ., 2022: 1-39.
[42]	AHMAD A, Harjula E, Ylianttila M, et al. Evaluation of machine learning techniques for security in SDN[C]. IEEE Globecom Workshops, 2020.
[43]	ALSHRA, ABDULLAH S, Ahmad F, et al. Deep learning algorithms for detecting denial of service attacks in software-defined networks[J]. Procedia Computer Science, 2021(91): 254-263.
[44]	VARHESE J, MUNIYAL B. An efficient IDS framework for DDoS attacks in SDN environment[J]. IEEE Access, 2021(19): 69680-69699.