Abstract
Broadly construed, Software-Defined Networking (SDN) refers to the use of a standards-based open architecture and its supporting open source and open interfaces technologies to enable the deployment, management, and operation of networks. While traditional network management relies on vendor-specific hardware, protocols, and software, SDN systems are architected to have well-defined control and data planes offering flexible management interfaces. The enhanced control enabled by SDN opens opportunities for better cloud security engineering. At the same time, new vulnerabilities are potentially exposed as new technologies are introduced. This chapter discusses how SDN impacts cloud security, and potential risks that need to be addressed when SDN is deployed within and across clouds.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Apache CloudStack Project. http://www.cloudstack.org. Cited 14 June 2013.
Bernstein D and Vij D (2010) Intercloud Security Considerations. In 2010 IEEE Second International Conference on Cloud Computing Technology and Science (CloudCom). 537–44. IEEE, Indianapolis, USA. doi:10.1109/CloudCom.2010.82.
Bernstein D, Ludvigson E, Sankar K, Diamond S, and Morrow M (2009) Blueprint for the Intercloud - Protocols and Formats for Cloud Computing Interoperability. In Fourth International Conference on Internet and Web Applications and Services 2009 (ICIW ’09). 328–36. Venice/Mestre. doi:10.1109/iciw.2009.55.
Case JD, Fedor M, Schoffstall ML, and Davin J (1990) A Simple Network Management Protocol (SNMP). IETF RFC 1157, 1–36.
Google - IPv6 statistics. http://www.google.com/intl/en/ipv6/statistics.html. Cited 14 June 2013.
Greene K (2009) TR10: Software-Defined Networking. Technology Review (MIT). http://www2.technologyreview.com/article/412194/tr10-software-defined-networking/. Accessed 14 June 2013.
Gude N, Koponen T, Pettit J, Pfaff B, Casado M, McKeown N et al. (2008) NOX: towards an operating system for networks. ACM SIGCOMM Computer Communication Review 38, 105–10. doi:10.1145/1384609.1384625.
Handigol N, Heller B, Jeyakumar V, Maziéres D, and McKeown N (2012) Where is the debugger for my software-defined network? In Proceedings of the first workshop on Hot topics in software defined networks. Vol. pp. 55–60, ACM, Helsinki.
Hölzle U (2012) OpenFlow@Google. Open Networking Summit 2012. http://www.youtube.com/watch?v=VLHJUfgxEO4. Accessed 14 June 2013.
Internet Engineering Task Force. http://www.ietf.org. Cited 14 June 2013.
Internet2 (2012) Internet2 Innovation Platform FAQ. Internet2. http://www.internet2.edu/pubs/Internet2-Innovation-Platform-FAQ.pdf. Accessed 14 June 2013.
Interworking Task Group of IEEE 802.1 (2011) IEEE Standard for Local and metropolitan area networks–Media Access Control (MAC) Bridges and Virtual Bridged Local Area Networks. IEEE Std 802.1Q-2011 (Revision of IEEE Std 802.1Q-2005) 1–1364. doi:10.1109/ieeestd.2011.6009146.
Keahey K, Tsugawa M, Matsunaga A, and Fortes JAB (2009) Sky Computing. In IEEE Internet Computing. Vol. 13, pp. 43–51.
McKeown N (2008) Why can’t I innovate in my wiring closet? The Stanford Clean Slate Program. http://www.openflow.org/documents/OpenFlow.ppt. Accessed 14 June 2013.
McKeown N, Anderson T, Balakrishnan H, Parulkar G, Peterson L, Rexford J et al. (2008) OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Computer Communication Review 38, 69–74. doi:10.1145/1355734.1355746.
Mehdi SA, Khalid J, and Khayam SA (2011) Revisiting traffic anomaly detection using software defined networking. In Proceedings of the 14th international conference on Recent Advances in Intrusion Detection (RAID’11). 161–80. Springer-Verlag, Menlo Park, CA. doi:10.1007/978-3-642-23644-0_9.
Nadeau T and Pan P (2011) Software Driven Networks Problem Statement. IETF Internet-Draft (work-in-progress) draft-nadeau-sdnproblem-statement-01.
Nascimento MR, Rothenberg CE, Salvador MR, Corrêa CNA, Lucena SCd, and Magalhães MF (2011) Virtual routers as a service: the RouteFlow approach leveraging software-defined networks. In Proceedings of the 6th International Conference on Future Internet Technologies. 34–7. ACM, New York, NY, Seoul, Republic of Korea. doi:10.1145/2002396.2002405.
Nayak AK, Reimers A, Feamster N, and Clark R (2009) Resonance: dynamic access control for enterprise networks. In Proceedings of the 1st ACM workshop on Research on enterprise networking. 11–8. ACM, doi:10.1145/1592681.1592684.
NOX OpenFlow Controller. http://www.noxrepo.org. Cited 14 June 2013.
OpenFlow. http://www.openflow.org. Cited 14 June 2013.
OpenFlowSec. http://www.openflowsec.org. Cited 14 June 2013.
Open Networking Foundation. http://www.opennetworking.org. Cited 14 June 2013.
Open Networking Summit. http://www.opennetsummit.org. Cited 14 June 2013.
Piper S (2013) In Big Data Security for Dummies. John Wiley & Sons, Inc.
Porras P, Shin S, Yegneswaran V, Fong M, Tyson M, and Gu G (2012) A security enforcement kernel for OpenFlow networks. In Proceedings of the first workshop on Hot topics in software defined networks. 121–6. ACM, New York, NY, Helsinki, Finland. doi:10.1145/2342441.2342466.
Reitblatt M, Foster N, Rexford J, and Walker D (2011) Consistent updates for software-defined networks: Change you can believe in! In Proceedings of the 10th ACM Workshop on Hot Topics in Networks. ACM, Cambridge. doi:10.1145/2070562.2070569.
Rothenberg CE, Nascimento MR, Salvador MR, Corrêa CNA, Lucena SCd, and Raszuk R (2012) Revisiting routing control platforms with the eyes and muscles of software-defined networking. In Proceedings of the first workshop on Hot topics in software defined networks. 13–8. ACM, Helsinki, Finland. doi:10.1145/2342441.2342445.
Sherwood R, Gibb G, Yap K-K, Appenzeller G, Casado M, McKeown N et al. (2009) FlowVisor: A Network Virtualization Layer. OpenFlow Switch Consortium, Tech. Rep. OPENFLOW-TR-2009-1.
Sherwood R, Gibb G, Yap K-K, Appenzeller G, Casado M, McKeown N et al. (2010) Can the Production Network Be the Testbed? In 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI). 365–78. USENIX Association, Vancouver, BC, Canada.
Shin S and Gu G (2012) CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?). In 2012 20th IEEE International Conference on Network Protocols (ICNP). 1–6. Austin, TX. doi:10.1109/icnp.2012.6459946.
Skowyra R, Lapets A, Bestavros A, and Kfoury A (2013) Verifiably-Safe Software-Defined Networks for CPS. In Proceedings of the 2nd ACM International Conference on High Confidence Networked Systems (HiCoNS 2013), Philedelphia, PA, USA. ACM, Philadelphia.
Stabler G, Rosen A, Goasguen S, and Wang K-C (2012) Elastic IP and security groups implementation using OpenFlow. In Proceedings of the 6th international workshop on Virtualization Technologies in Distributed Computing Date. ACM, Delft, The Netherlands. doi:10.1145/2287056.2287069.
Waite A (2010) InfoSec Triads: Security/Functionality/Ease-of-use. http://blog.infosanity.co.uk/2010/06/12/infosec-triads-securityfunctionalityease-of-use/. Accessed 14 June 2013.
Yap K-K, Yiakoumis Y, Kobayashi M, Katti S, Parulkar G, and McKeown N (2011) Separating authentication, access and accounting: A case study with OpenWiFi. Technical report, OpenFlow 2011-1.
Acknowledgements
This work is supported in part by National Science Foundation (NSF) grants No. 0910812, 1139707, 1240171 and the AT&T Foundation. Any opinions, findings and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the NSF, and AT&T Foundation.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer Science+Business Media New York
About this chapter
Cite this chapter
Tsugawa, M., Matsunaga, A., Fortes, J.A.B. (2014). Cloud Computing Security: What Changes with Software-Defined Networking?. In: Jajodia, S., Kant, K., Samarati, P., Singhal, A., Swarup, V., Wang, C. (eds) Secure Cloud Computing. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-9278-8_4
Download citation
DOI: https://doi.org/10.1007/978-1-4614-9278-8_4
Published:
Publisher Name: Springer, New York, NY
Print ISBN: 978-1-4614-9277-1
Online ISBN: 978-1-4614-9278-8
eBook Packages: Computer ScienceComputer Science (R0)