Top

Published in:

2017 | OriginalPaper | Chapter

Vulnerability Analysis of Software Defined Networking

Authors : Salaheddine Zerkane, David Espes, Philippe Le Parc, Fréderic Cuppens

Published in: Foundations and Practice of Security

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Security of Software Defined Networking (SDN) is an open issue because of many reasons. Security requirements were not considered in the primary definition of SDN. Consequently, SDN enlarges the network vulnerability surface by introducing new vulnerabilities that do not exist in the conventional networking architecture. In addition, there are neither security risk management processes nor mathematical models that specifically address SDN security and the influence of its specific features. We provide a vulnerability analysis for SDN to study these weaknesses and to measure their impacts. Our analysis specifies a model of SDN assets that needs to be protected. Then, it derives 114 SDN generic vulnerabilities using standardized security objectives. It relies on an open standardized semi qualitative semi quantitative scoring system to calculate the severities of theses vulnerabilities. Then, it adapts them to SDN specific features using Analytical Hierarchical Process (AHP).

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Attack Mitigation by Data Structure Randomization

next chapter Towards Metric-Driven, Application-Specific Visualization of Attack Graphs

Available only for authorised users

STRIDE is a threat model proposed by Microsoft. Its name comes from the initials of the following security categories: Spoofing identity, Tampering with data, Repudiation, Information disclosure, Denial of service, and Elevation of privilege.

Soo Hoo, K.J.: How Much Is Enough? A Risk Management Approach to Computer Security, Center for International Security and Cooperation, Palo Alto, CA (2000)

Ranjan, P., Pande, P., Oswal, R., Qurani, Z., Bedi, R.: A survey of past, present and future of software defined networking. Int. J. Adv. Res. Comput. Sci. Manage. Stud. 2(4), 238–248 (2014)

Hu, F., Hao, Q., Bao, K.: A survey on software-defined network and OpenFlow: from concept to implementation. IEEE Commun. Surv. Tutorials 16(4), 2181–2206 (2014)CrossRef

Nunes, B.A.A., Mendonca, M., Nguyen, X.N., Obraczka, K., Turletti, T.: A survey of software-defined networking: past, present, and future of programmable networks. IEEE Commun. Surv. Tutorials 16(3), 1617–1634 (2014)CrossRef

Fanning, E.: Software-defined networks. COMPUTERWORLD, Framingham (2015)

Igure, V.M., Williams, R.D.: Taxonomies of attacks and vulnerabilities in computer systems. IEEE Commun. Surv. Tutorials 10(1), 6–19 (2008)CrossRef

Scarfone, K.: Common Vulnerability Scoring System (CVSS) Version 2. National Institute of Standards and Technology (NIST), USA (2007)

FIRST and C. SIG teams, Common Vulnerability Scoring System v3.0: Specification Document, Morrisville (2015)

Teknomo, K.: Analytic Hierarchy Process (AHP) Tutorial, Revoledu.com (2012)

10.

Saaty, T.L.: Decision making with the analytic hierarchy process. Int. J. Serv. Sci. 1(1), 83–98 (2008)MathSciNet

11.

Wang, Z., Zeng, H.: Study on the risk assessment quantitative method of information security. In: 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE), pp. 529–533 (2010)

12.

Luo, S., Dong, M., Ota, K., Wu, J., Li, J.: A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks, Sensors 2015, pp. 31843–31848, 9 November 2015

13.

Open Networking Foundation, Principles and Practices for Securing Software-Defined Networks, ONF, Palo Alto (2015)

14.

Wasserman, M., Hartman, S.: Security Analysis of the Open Networking Foundation (ONF) OpenFlow, Network Working Group (2013)

15.

Kulkarni, V., Kawli, J.: Analysis of OpenFlow Networks (2013)

16.

You, W., Qian, K., He, X., Qian, Y.: OpenFlow security threat detection and defense services. Int. J. Adv. Networking Appl. 6(3), 2347–2351 (2014)

17.

Romão, D., Van Dijkhuizen, N., Konstantaras, S., Thessalonikefs, G.: Practical Security Analysis of Openflow. University of Amsterdam, Amsterdam (2013)

18.

Open Networking Foundation, OpenFlow Switch Specification, ONF, Palo Alto (2014)

19.

Kloti, R.: OpenFlow: A Security Analysis, Master dissertation, Zurich (2013)

20.

Palanive, M., Selvadurai, K.: Risk-driven security testing using risk analysis with threat modeling approach. Springerplus 3(754), 1–14 (2014)

21.

Benton, K., Camp, L.J., Small, C.: OpenFlow Vulnerability Assessment, SIGCOMM HOTSDN, pp. 151–152 (2013)

22.

Kreutz, D., Ramos, F.M.V., Verissimo, P.: Towards secure and dependable software-defined networks, SIGCOMM HotSDN, pp. 55–60, (2013)

23.

Coughlin, M.: A Survey of SDN Security Research. University of Colorado Boulder (2014)

24.

Taha Ali, S., Sivaraman, V., Radford, A., Jha, S.: A survey of securing networks using software defined networking. IEEE Trans. Reliab. 64(3), 1086–1097 (2015)CrossRef

25.

Scott-Hayward, S., Natarajan, S., Sezer, S.: A survey of security in software defined networks. IEEE Commun. Surv. Tutorials 18(1), 623–654 (2016)CrossRef

26.

Open Networking Foundation, SDN architecture, ONF, Palo Alto (2014)

27.

Jarraya, Y., Madi, T., Debbabi, M.: A survey and a layered taxonomy of software-defined networking. IEEE Commun. Surv. Tutorials 16(4), 1955–1980 (2014)CrossRef

28.

Rowshanrad, S., Namvarasl, S., Abdi, V., Hajizadeh, M., Keshtgary, M.: A survey on SDN, the future of networking. J. Adv. Comput. Sci. Technol. 3(2), 232–248 (2014)CrossRef

29.

openstack, Rackspace Cloud Computing. http://www.openstack.org/. Accessed 25 Sept 2016

30.

RYU Community, Component-Based Software Defined Networking Framework (2014). http://osrg.github.io/ryu/. Accessed 25 Sept 2016

31.

Production Quality, Multilayer Open Virtual Switch, Linux Foundation (2016). http://openvswitch.org/. Accessed 25 Sept 2016

32.

Bazaz, B., Arthur, J.D.: Towards a taxonomy of vulnerabilities. In: Proceedings of the 40th Hawaii International Conference on System Sciences, pp. 163–174 (2007)

33.

Standardization and Telecommunication Sector, Security architecture for systems providing end-to-end communications, International Communication Union, Geneva, Switzerland (2003)

34.

FIRST Team, Common Vulnerability Scoring System Version 3.0 Calculator, FIRST.org (2016). https://www.first.org/cvss/calculator/3.0. Accessed 24 June 2016

35.

Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.3, Network Working Group (2015)

36.

Kandoi, R., Antikainen, M.: Denial-of-service attacks in OpenFlow SDN networks. In: IFIP/IEEE International Symposium on Integrated Network Management (IM), pp. 1322–1326, 11–15 May 2015

37.

Jain, R., Paul, S.: Network virtualization and software defined networking for cloud computing: a survey. IEEE Commun. Mag. Cloud Networking Commun. 51(11), 24–31 (2013)CrossRef

38.

Antonio, J.: Alonso. Consistency in the analytic hierarchy process: a new approach, international journal of uncertainty, fuzziness and knowledge-based systems 14(4), 445–459 (2006)

39.

Alexander, M.: Decision-making using the analytic hierarchy process (AHP) and SAS/IML. In: 20th Annual South East SAS Users Group (SESUG) Conference, pp. 1–12 (2012)

Title: Vulnerability Analysis of Software Defined Networking
Authors: Salaheddine Zerkane
David Espes
Philippe Le Parc
Fréderic Cuppens
Publisher: Springer International Publishing
Book: Foundations and Practice of Security
Print ISBN: 978-3-319-51965-4

Electronic ISBN: 978-3-319-51966-1

Copyright Year: 2017
DOI: https://doi.org/10.1007/978-3-319-51966-1_7

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner