Abstract
The deployment of Software Defined Networking (SDN) and Network Functions Virtualization (NFV) technologies is increasing, with security as a recognized application driving adoption. However, despite the potential with SDN/NFV for automated and adaptive network security services, the controller interaction presents both a performance and scalability challenge, and a threat vector. To overcome the performance issue, stateful data-plane designs have been proposed. However, these solutions do not offer protection from SDN-specific attacks linked to necessary control functions such as link reconfiguration and switch identification. In this work, we leverage the OpenState framework to introduce state-based SDN security protection mechanisms. The extensions required for this design are presented with respect to an SDN configuration-based attack. The demonstration shows the ability of the SDN Configuration (CFG) security protection mechanism to support legitimate relocation requests and to protect against malicious connection attempts.
Original language | English |
---|---|
Title of host publication | NOF 2017 Conference Proceedings |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
DOIs | |
Publication status | Published - 11 Jan 2018 |
Event | Network of the Future 2017 - London, United Kingdom Duration: 22 Nov 2017 → 24 Nov 2017 https://nof17.lip6.fr/author-guidelines.php |
Conference
Conference | Network of the Future 2017 |
---|---|
Abbreviated title | NOF 2017 |
Country/Territory | United Kingdom |
City | London |
Period | 22/11/2017 → 24/11/2017 |
Internet address |
Fingerprint
Dive into the research topics of 'Demonstrating State-based Security Protection Mechanisms in Software Defined Networks'. Together they form a unique fingerprint.Prizes
-
Best Demo/Poster Award, International Conference on Network of the Future, London, U.K.
Arumugam, T. (Recipient) & Scott-Hayward, S. (Recipient), Nov 2017
Prize: Prize (including medals and awards)