619 Hits in 4.9 sec

Cloud-Scale SDN Network Security in TeraFlow

Alberto Mozo, Stanislav Vakaruk, Antonio Pastor, Rahul Bobba, Carlos Natalino, Marija Furdek, Raül Muñoz, Ramon Casellas, Ricardo Martínez, Juan Pedro Fernández-Palacios, Ricard Vilalta
2021 Zenodo  
Two key contributions of this project will be the incorporation by design in the TeraFlow controller of (i) security using advanced Machine Learning (ML) techniques both in the data and control planes  ...  TeraFlow proposes a new type of secure, cloudnative Software Defined Networking controller that will radically advance the state-of-the-art in beyond 5G networks by introducing novel micro-services architecture  ...  Based on the real time identification of malicious flows, the ML model will be able to report insights to the Teraflow SDN controller at scale to perform security assessment.  ... 
doi:10.5281/zenodo.5089918 fatcat:4s7kimfmcfcmto6igrjejudhwa

TeraFlow: Secured Autonomic Traffic Management for a Tera of SDN Flows

Ricard Vilalta, Raül Muñoz, Ramon Casellas, Ricardo Martínez, Víctor López, Óscar González de Dios, Antonio Pastor, Georgios P. Katsikas, Felix Klaedtke, Paolo Monti, Alberto Mozo, Thomas Zinner (+5 others)
2021 Zenodo  
TeraFlow proposes a new type of secure, cloudnative Software Defined Networking (SDN) controller that will radically advance the state-of-the-art in beyond 5G networks by introducing novel micro-services  ...  TeraFlow will also incorporate security using Machine Learning (ML) and forensic evidence for multi-tenancy based on Distributed Ledgers.  ...  Table I sumarizes the main addressed topics by each SDN controller: micro-service architecture, suported data models, security mechanisms and NFV MANO support.  ... 
doi:10.5281/zenodo.5089970 fatcat:gp5he2e45ncf3jb35aukon3i3a

A Systematic Treat Model for Software-Defined Networking

2021 KSII Transactions on Internet and Information Systems  
security status of SDN.  ...  Software-Defined Networking (SDN) has three key features: separation of control and forwarding, centralized control, and network programmability.  ...  Acknowledgement We thank the reviewers for their constructive comments. This work was supported by the National Key Research and Development Program of China under Grant 2016QY07X1404, 2019QY0501.  ... 
doi:10.3837/tiis.2021.02.011 fatcat:qeoaalgjbrcihipjwt732pkuqe

Rule-Based Synthesis of Chains of Security Functions for Software-Defined Networks

Nicolas Schnepf, Remi Badonnel, Abdelkader Lahmadi, Stephan Merz
2019 Electronic Communications of the EASST  
This representation is then translated into a concrete implementation of the chain in pyretic, a domain-specific language for programming SDN controllers.  ...  We propose in this paper a rule-based system for automating the composition and configuration of such chains for Android applications.  ...  We previously [21] introduced the Synaptic checker for the verification of both control and data plane properties of an SDN policy.  ... 
doi:10.14279/tuj.eceasst.76.1075 dblp:journals/eceasst/SchnepfBLM18 fatcat:ht62yfmmybf2vgsktmpsitemjm

Usage Control Policy Enforcement In Sdn-Based Clouds: A Dynamic Availability Service Use Case

Khalifa Toumi, Muhammad Idrees Sabir, Fabien Charmet, Reda Yaich, Gregory Blanc
2016 Zenodo  
In this paper, we present a novel solution to answer those needs with usage control policies. We design a policy based management framework offering SDN network security policies.  ...  to fit corporate needs, like firewalls, load balancers and security services.  ...  The SDN controller receives notification about a new security policy to be deployed, or about changes on the current security policies deployed and generates a new security adaptation plan (a list of actions  ... 
doi:10.5281/zenodo.439061 fatcat:z5apm7fygffivahoaryx7bkclq

A Survey of the Main Security Issues and Solutions for the SDN Architecture

Maria B. Jimenez, David Fernandez, Jorge Eduardo Rivadeneira, Luis Bellido, Andres Cardenas
2021 IEEE Access  
INDEX TERMS SDN interfaces, SDN planes, SDN security, STRIDE. 122016 This work is licensed under a Creative Commons Attribution 4.0 License.  ...  The software-defined networking (SDN) paradigm proposes the decoupling of control and data planes and a centralized software-oriented management approach based on a central controller, easing the development  ...  In [7] , the authors conduct a broad and general review of SDN, including architecture security.  ... 
doi:10.1109/access.2021.3109564 fatcat:3htjngdhvvac3gkofhjlutxg2a

Architecture of homeostatic security control for digital manufacture systems based on software-defined networks

Evgeny Pavlenko, Dmitry Zegzhda, A. Sarygulov, V. Sergeev, L. Ungvári, W. Semmler
2018 SHS Web of Conferences  
existing security paradigm for digital manufacture.  ...  We have proposed and described in detail the homeostatic security control system architecture including three generalized components: monitoring unit, decision-making unit, protection and control unit.  ...  The SDN technology makes it possible to divide the network equipment control plane and data transmission plane, which significantly enhances the SDN-based digital manufacture system security level.  ... 
doi:10.1051/shsconf/20184400067 fatcat:nz4xzu4ohnecvihfovcdhz5gsu

Improving Software Defined Cognitive and Secure Networking [article]

Ijaz Ahmad
2020 arXiv   pre-print
Therefore, this thesis finds potential security vulnerabilities in SDN, studies proposed security platforms and architectures for those vulnerabilities, and presents future directions for unresolved security  ...  Since SDN enables applications to change the network behavior and centralizes the network control plane to oversee the whole network, it is highly important to investigate security of SDNs.  ...  Moreover, SDN can also be used to automate network security, however, security automation using SDN is yet to be explored.  ... 
arXiv:2007.05296v1 fatcat:pda2czqmxbavhpc6bk3bdciyay

Generation of SDN policies for protecting android environments based on automata learning

Nicolas Schnepf, Remi Badonnel, Abdelkader Lahmadi, Stephan Merz
2018 NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium  
We propose an automated strategy for learning the networking behavior of end applications using algorithms for generating finite state models.  ...  These models can be exploited for inferring SDN policies ensuring that applications respect the observed behavior: such policies can be formally verified and deployed on SDN infrastructures in a dynamic  ...  It relies on a security manager that is responsible for the orchestration of security chains on top of an SDN controller.  ... 
doi:10.1109/noms.2018.8406153 dblp:conf/noms/SchnepfBLM18a fatcat:glv5dxijczecpmvqgjnufmsfie

Enabling Dynamic Access Control for Controller Applications in Software-Defined Networks

Hitesh Padekar, Younghee Park, Hongxin Hu, Sang-Yoon Chang
2016 Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies - SACMAT '16  
Through the run-time verification of API calls, AEGIS performs a finegrained access control for important controller APIs that can be misused by malicious applications.  ...  The usage of API calls is verified in real time by sophisticated security access rules that are defined based on the relationships between applications and data in the SDN controller.  ...  Semi-automated Security Access Rules Generation: In general, security access rules can be manually defined through observation and analysis, but we achieved semi-automation for the rule generation in AEGIS  ... 
doi:10.1145/2914642.2914647 dblp:conf/sacmat/PadekarPHC16 fatcat:scywvflnhbhvjbqfnqa3yo5req

Trailing the Snail: SDN Controller Security Evolution [article]

Sandra Scott-Hayward
2017 arXiv   pre-print
However, despite increasing adoption of SDN, the security of the SDN control plane has developed at a snail's pace. In this paper, the evolution of ONOS and ODL security is discussed.  ...  The reflection of this on secure SDN Controller design is analyzed.  ...  , automating checks for known-vulnerable dependencies, and automating static analysis checks.  ... 
arXiv:1711.08406v1 fatcat:5r23ezj3hrh6bm7onmijq3ffxa


Ehab Al-Shaer, Saeed Al-Haj
2010 Proceedings of the 3rd ACM workshop on Assurable and usable security configuration - SafeConfig '10  
Existing tools to assist operators primarily focus on analyzing control plane configuration.  ...  We present Anteater, a tool for checking invariants in the data plane.  ...  Categories and Subject Descriptors General Terms Algorithms, Reliability Keywords Data Plane Analysis, Network Troubleshooting, Boolean Satisfiability Permission to make digital or hard copies of all  ... 
doi:10.1145/1866898.1866905 dblp:conf/safeconfig/Al-ShaerA10 fatcat:hejxv4cdl5g4bhhm4cwk4m5v2u


Hamza Mutaher
2018 International Journal of Advanced Research in Computer Science  
SDN decouples network control plane from data plane enabling network centralization control and network programmability. Thus simplifying network scalability.  ...  Moreover, various methods of protecting the controller from such attacks have been discussed which deemed as the valuable contribution in the research field of SDN security.  ...  SECURITY ISSUES FOR OPENFLOW CONTROLLER BASED SDN: Security issues in OpenFlow controller-based SDN mostly refer to the vulnerabilities at the control plane in which attacker can compromise SDN.  ... 
doi:10.26483/ijarcs.v9i1.5498 fatcat:337gn6cryjds5ew5fm2wakrmoy

Security Enhancement in Software Defined Networking (SDN): A Threat Model

Pradeep Kumar Sharma, S. S Tyagi
2021 International Journal of Advanced Computer Science and Applications  
In this paper we are analyzing the SDN security issues with their countermeasures. We have generalized four use cases threat model that should cover security requirements of SDN.  ...  A framework for the development of a SDN security application has been presented based on ryu controller.  ...  Each of the use case has its own importance and security goals. Fig. 4 shows the Threat model for security requirement of SDN.  ... 
doi:10.14569/ijacsa.2021.0120925 fatcat:i6ceqlgn7zfyfdncnad2xtar4i

SDN Security Review: Threat Taxonomy, Implications, and Open Challenges

Mohamed Rahouti, Kaiqi Xiong, Yufeng Xin, Senthil Kumar Jagatheesaperumal, Moussa Ayyash, Maliha Shaheed
2022 IEEE Access  
of the control plane and data plane.  ...  It also introduces new security vulnerabilities, primarily due to its logically centralized control plane infrastructure and functions.  ...  For the examination of LFA in SDN, Khan et al.  ... 
doi:10.1109/access.2022.3168972 fatcat:wdjp2kzohjbhvefsjebln2buly
« Previous Showing results 1 — 15 out of 619 results