Do you want to publish a course? Click here

Software-Defined Network (SDN) Data Plane Security: Issues, Solutions and Future Directions

84   0   0.0 ( 0 )
 Added by Arash Shaghaghi
 Publication date 2018
and research's language is English




Ask ChatGPT about the research

Software-Defined Network (SDN) radically changes the network architecture by decoupling the network logic from the underlying forwarding devices. This architectural change rejuvenates the network-layer granting centralized management and re-programmability of the networks. From a security perspective, SDN separates security concerns into control and data plane, and this architectural recomposition brings up exciting opportunities and challenges. The overall perception is that SDN capabilities will ultimately result in improved security. However, in its raw form, SDN could potentially make networks more vulnerable to attacks and harder to protect. In this paper, we focus on identifying challenges faced in securing the data plane of SDN - one of the least explored but most critical components of this technology. We formalize this problem space, identify potential attack scenarios while highlighting possible vulnerabilities and establish a set of requirements and challenges to protect the data plane of SDNs. Moreover, we undertake a survey of existing solutions with respect to the identified threats, identifying their limitations and offer future research directions.



rate research

Read More

We experimentally demonstrate, for the first time, DDoS mitigation of QKD-based networks utilizing a software defined network application. Successful quantum-secured link allocation is achieved after a DDoS attack based on real-time monitoring of quantum parameters
As networks expand in size and complexity, they pose greater administrative and management challenges. Software Defined Networks (SDN) offer a promising approach to meeting some of these challenges. In this paper, we propose a policy driven security architecture for securing end to end services across multiple SDN domains. We develop a language based approach to design security policies that are relevant for securing SDN services and communications. We describe the policy language and its use in specifying security policies to control the flow of information in a multi-domain SDN. We demonstrate the specification of fine grained security policies based on a variety of attributes such as parameters associated with users and devices/switches, context information such as location and routing information, and services accessed in SDN as well as security attributes associated with the switches and Controllers in different domains. An important feature of our architecture is its ability to specify path and flow based security policies, which are significant for securing end to end services in SDNs. We describe the design and the implementation of our proposed policy based security architecture and demonstrate its use in scenarios involving both intra and inter-domain communications with multiple SDN Controllers. We analyse the performance characteristics of our architecture as well as discuss how our architecture is able to counteract various security attacks. The dynamic security policy based approach and the distribution of corresponding security capabilities intelligently as a service layer that enable flow based security enforcement and protection of multitude of network devices against attacks are important contributions of this paper.
This paper embodies the usage of Big Data in Healthcare. It is important to note that big data in terms of Architecture and implementation might be or has already or will continue to assist the continuous growth in the field of healthcare. The main important aspects of this study are the general importance of big data in healthcare, the positives big data will help tackle and enhance in this field and not to also forget to mention the tremendous downside big data has on healthcare that is still needed to improve or putting extensive research on. We believe there is still a long way in which institutions and individuals understand the hidden truth about big data. We have highlighted the various ways one could be confidently relied on big data and on the other hand highlighted the weighted importance of big problem big data and expected solutions.
Networks are vulnerable to disruptions caused by malicious forwarding devices. The situation is likely to worsen in Software Defined Networks (SDNs) with the incompatibility of existing solutions, use of programmable soft switches and the potential of bringing down an entire network through compromised forwarding devices. In this paper, we present WedgeTail, an Intrusion Prevention System (IPS) designed to secure the SDN data plane. WedgeTail regards forwarding devices as points within a geometric space and stores the path packets take when traversing the network as trajectories. To be efficient, it prioritizes forwarding devices before inspection using an unsupervised trajectory-based sampling mechanism. For each of the forwarding device, WedgeTail computes the expected and actual trajectories of packets and `hunts for any forwarding device not processing packets as expected. Compared to related work, WedgeTail is also capable of distinguishing between malicious actions such as packet drop and generation. Moreover, WedgeTail employs a radically different methodology that enables detecting threats autonomously. In fact, it has no reliance on pre-defined rules by an administrator and may be easily imported to protect SDN networks with different setups, forwarding devices, and controllers. We have evaluated WedgeTail in simulated environments, and it has been capable of detecting and responding to all implanted malicious forwarding devices within a reasonable time-frame. We report on the design, implementation, and evaluation of WedgeTail in this manuscript.
Software defined networking (SDN) has been adopted to enforce the security of large-scale and complex networks because of its programmable, abstract, centralized intelligent control and global and real-time traffic view. However, the current SDN-based security enforcement mechanisms require network managers to fully understand the underlying configurations of network. Facing the increasingly complex and huge SDN networks, we urgently need a novel security policy management mechanism which can be completely transparent to any underlying information. That is it can permit network managers to define upper-level security policies without containing any underlying information of network, and by means of model transformation system, these upper-level security policies can be transformed into their corresponding lower-level policies containing underlying information automatically. Moreover, it should ensure system model updated by the generated lower-level policies can hold all of security properties defined in upper-level policies. Based on these insights, we propose a security policy model transformation and verification approach for SDN in this paper. We first present the formal definition of a security policy model (SPM) which can be used to specify the security policies used in SDN. Then, we propose a model transformation system based on SDN system model and mapping rules, which can enable network managers to convert SPM model into corresponding underlying network configuration policies automatically, i.e., flow table model (FTM). In order to verify SDN system model updated by the generated FTM models can hold the security properties defined in SPM models, we design a security policy verification system based on model checking. Finally, we utilize a comprehensive case to illustrate the feasibility of the proposed approach.
comments
Fetching comments Fetching comments
Sign in to be able to follow your search criteria
mircosoft-partner

هل ترغب بارسال اشعارات عن اخر التحديثات في شمرا-اكاديميا