Demonstrating State-based Security Protection Mechanisms in Software Defined Networks

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)
332 Downloads (Pure)


The deployment of Software Defined Networking (SDN) and Network Functions Virtualization (NFV) technologies is increasing, with security as a recognized application driving adoption. However, despite the potential with SDN/NFV for automated and adaptive network security services, the controller interaction presents both a performance and scalability challenge, and a threat vector. To overcome the performance issue, stateful data-plane designs have been proposed. However, these solutions do not offer protection from SDN-specific attacks linked to necessary control functions such as link reconfiguration and switch identification. In this work, we leverage the OpenState framework to introduce state-based SDN security protection mechanisms. The extensions required for this design are presented with respect to an SDN configuration-based attack. The demonstration shows the ability of the SDN Configuration (CFG) security protection mechanism to support legitimate relocation requests and to protect against malicious connection attempts.
Original languageEnglish
Title of host publicationNOF 2017 Conference Proceedings
PublisherInstitute of Electrical and Electronics Engineers (IEEE)
Publication statusPublished - 11 Jan 2018
EventNetwork of the Future 2017 - London, United Kingdom
Duration: 22 Nov 201724 Nov 2017


ConferenceNetwork of the Future 2017
Abbreviated titleNOF 2017
Country/TerritoryUnited Kingdom
Internet address


Dive into the research topics of 'Demonstrating State-based Security Protection Mechanisms in Software Defined Networks'. Together they form a unique fingerprint.

Cite this