Abstract
Software Defined Networking (SDN) extends capabilities of existing networks by providing various functionalities, such as flexible networking controls. However, there are many security threat vectors in SDN, including existing and emerging ones arising from new functionalities, that may hinder the use of SDN. To tackle this problem, many countermeasures have been developed to mitigate various threats faced in SDN. However, their effectiveness must be analyzed and compared to fully understand how security posture of SDN changes when the countermeasure is adopted. Also, it becomes difficult to optimize the security of SDN without using a systematic approach to evaluate the security posture of SDN. In this paper, we propose a novel framework to systematically model and analyze the security posture of SDN. We develop a novel graphical security model formalism named Threat Vector Hierarchical Attack Representation Model (TV-HARM), which provides a systematic approach to evaluate threats, attacks and countermeasures for SDN. The TV-HARM captures different threats and their combinations, enabling security risk assessment of SDN. In addition, we define three new security metrics to represent security of SDN. Our experimental results showed that the proposed security assessment framework can capture and evaluate various security threats to SDN, demonstrating the applicability and feasibility of the proposed framework.
Highlights
Software Defined Networking (SDN) is one of emerging networking technologies, allowing system administrators to modify network configurations in real-time for performing various network optimization functionalities
If a security problem occurs in SDN, it can have a catastrophic impact on those promising applications and other systems relying on the operations of SDN
We develop a novel graphical security model named Threat Vector HARM (TV-HARM) that extends the capabilities of the Hierarchical Attack Representation Models (HARM) [13]
Summary
Software Defined Networking (SDN) is one of emerging networking technologies, allowing system administrators to modify network configurations in real-time for performing various network optimization functionalities (e.g., optimizing network performance through load balancing [1]). These new functionalities allow more efficient network management and control without disrupting network operations. Because of this, it has been used as the new networking architecture for promising applications such as mobile edge computing, fast networking, and tactile internet [2]–[4].
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
