Abstract
Software-defines networkstransfer the control of the entire network to a single autonomous software system. One outcome is the ability to flexibly configure and manage the network, but at the same time it opens up several new attack vectors. As the impact of compromised devices increases significantly, the development of SDN devices must be subject to ongoing threat analysis.
 A STRIDE-based security analysis of the SDN, presented in this paper, reveals a wide range of SDN-specific threats, which have not yet been counteracted adequately. Some of them are inherently tied to SDN design principles, such as controllers becoming potential central attack targets; others are inherited from the underlying infrastructure, e. g., the susceptibility to Spoofing.Based on the results of this analysis, this article identifies the main threats and proposes solutions that allow the development of a secure SDN architecture. It also emphasizes the role of authenticity and integrity controls for the involved components and the management protocol messages exchanged between them. A key element of the proposed model is to ensure that security measures not only prevent, but also detect attempts and successful attacks on SDN components. It is also worth noting that securing the management communication still has to rely on well-established traditional concepts, such as out-of-band management or at least separate management VLANs. Furthermore, solutions to prevent flow table flooding, e. g., as a result of DoS attacks, will need to be designed and deployed.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
