Abstract

Software Defined Networking (SDN) extends capabilities of existing networks by providing various functionalities, such as flexible networking controls. However, there are many security threat vectors in SDN, including existing and emerging ones arising from new functionalities, that may hinder the use of SDN. To tackle this problem, many countermeasures have been developed to mitigate various threats faced in SDN. However, their effectiveness must be analyzed and compared to fully understand how security posture of SDN changes when the countermeasure is adopted. Also, it becomes difficult to optimize the security of SDN without using a systematic approach to evaluate the security posture of SDN. In this paper, we propose a novel framework to systematically model and analyze the security posture of SDN. We develop a novel graphical security model formalism named Threat Vector Hierarchical Attack Representation Model (TV-HARM), which provides a systematic approach to evaluate threats, attacks and countermeasures for SDN. The TV-HARM captures different threats and their combinations, enabling security risk assessment of SDN. In addition, we define three new security metrics to represent security of SDN. Our experimental results showed that the proposed security assessment framework can capture and evaluate various security threats to SDN, demonstrating the applicability and feasibility of the proposed framework.

Highlights

  • Software Defined Networking (SDN) is one of emerging networking technologies, allowing system administrators to modify network configurations in real-time for performing various network optimization functionalities

  • If a security problem occurs in SDN, it can have a catastrophic impact on those promising applications and other systems relying on the operations of SDN

  • We develop a novel graphical security model named Threat Vector HARM (TV-HARM) that extends the capabilities of the Hierarchical Attack Representation Models (HARM) [13]

Read more

Summary

Introduction

Software Defined Networking (SDN) is one of emerging networking technologies, allowing system administrators to modify network configurations in real-time for performing various network optimization functionalities (e.g., optimizing network performance through load balancing [1]). These new functionalities allow more efficient network management and control without disrupting network operations. Because of this, it has been used as the new networking architecture for promising applications such as mobile edge computing, fast networking, and tactile internet [2]–[4].

Methods
Findings
Discussion
Conclusion

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.