Software-Defined Networks (SDN) have recently received much attention and deployment as a new technology that offers more flexibility and efficiency than traditional networks. SDN is a paradigm shift that revolutionizes traditional network design and makes future networks programmable, manageable, and affordable. The use of the SDN in modern networks provides much needed flexibility and transparency to organize and deploy network solutions. It is a new model that separates forwarding & controlling planes, and centralized architecture designed to increase network speed and programming capability. However, from the current security point of view, the SDN still has some problems, especially for the advanced persistent attacks such as the DDOS, the side channel attacks in Clouds, the SDN stack control plane saturation attacks, and the switch flow table exhaustion attacks. Also, the existing SDN-based security systems are constrained by a central framework that provides significant overheads for the control plane, leading to the breakdown of vital control links. In this paper, we will present the vulnerabilities and security threats in the SDN network, define the various approaches to solve these problems, and deploy the SDN securely in the production environments. We will survey existing research on distributed SDN security frameworks, there is a number of security frameworks and applications that have been proposed previously, and each one of them builds on a selection of the SDN characteristics.
Read full abstract