Skip to main content

CROCUS: An Objective Approach for SDN Controllers Security Assessment

  • Conference paper
  • First Online:
Security and Privacy in Communication Networks (SecureComm 2021)

Abstract

Software Defined Networking (SDN) facilitates the orchestration and configuration of network resources in a flexible and scalable form, where policies are managed by controller components that interact with network elements through multiple interfaces. The ubiquitous adoption of SDN leads to the availability of multiple SDN controllers, which have different characteristics in terms of performance and security support. SDN controllers are a common target in network attacks since their compromise leads to the capability of impairing the entire network. Thus, the choice of a SDN controller must be a meticulous process from early phases (design to production). CROCUS, herein proposed, provides a mechanism to enable an objective assessment of the security support of SDN controllers. CROCUS relies on the information provided by the Common Vulnerability Scoring System (CVSS) and considers security features derived from scenarios with stringent security requirements. Considering a vehicular communication scenario supported by multiple technologies, we narrow the selection of SDN controllers to OpenDayLight and ONOS choices. The results put in evidence that both controllers have security features relevant for demanding scenarios with ONOS excelling in some aspects .

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://github.com/bmsousa/MeTHODICAL.

References

  1. Taneja, M., Davy, A.: Resource aware placement of IoT application modules in fog-cloud computing paradigm. In: IFIP/IEEE IM. IEEE (2017)

    Google Scholar 

  2. Cohen, A., et al.: Bringing network coding into SDN: a case-study for highly meshed heterogeneous communications. CoRR, vol. abs/2010.00343 (2020)

    Google Scholar 

  3. Scott-Hayward, S.: Design and deployment of secure, robust, and resilient SDN controllers. In: IEEE NetSoft (2015)

    Google Scholar 

  4. Singh, M.P., Bhandari, A.: New-flow based DDoS attacks in SDN: taxonomy, rationales, and research challenges. Comput. Comm. 154, 509–527 (2020)

    Article  Google Scholar 

  5. Abdou, A.R., van Oorschot, C., Wan, T.: A framework and comparative analysis of control plane security of SDN and conventional networks. arXiv (2017)

    Google Scholar 

  6. Yoon, S., et al.: A security-mode for carrier-grade SDN controllers. In: ACM ACSAC. ACM, December 2017

    Google Scholar 

  7. Mamushiane, L., Lysko, A., Dlamini, S.: A comparative evaluation of the performance of popular SDN controllers. IFIP Wireless Days, April 2018

    Google Scholar 

  8. Sousa, B., Pentikousis, K., Curado, M.: Methodical: towards the next generation of multihomed applications. Comput. Netw. 65, 21–40 (2014)

    Article  Google Scholar 

  9. Baghla, S., Bansal, S.: VIKOR MADM based optimization method for vertical handover in heterogeneous networks. Adv. Syst. Sci. Appl. 18(3), 90–110 (2018)

    Google Scholar 

  10. Khondoker, R., Zaalouk, A., Marx, R., Bayarou, K.: Feature-based comparison and selection of software defined networking controllers. In: WCCAIS 2014

    Google Scholar 

  11. Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., Sommerlad, P.: Security Patterns: Integrating Security and Systems Engineering. Wiley, Hoboken (2005)

    Google Scholar 

  12. Arbettu, R.K., Khondoker, R., Bayarou, K., Weber, F.: Security analysis of OpenDaylight, ONOS, Rosemary and Ryu SDN controllers. In: 17th Networks Symposium (2016)

    Google Scholar 

  13. Microsoft: The STRIDE Threat Model (2009)

    Google Scholar 

  14. NIST Itl National Vulnerability Database: Common vulnerability scoring system calculator. https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator

  15. Araújo, M.C., Sousa, B., Curado, M., Bittencourt, L.F.: CMFog: proactive content migration using markov Chain and MADM in fog computing. In: 2020 IEEE/ACM UCC (2020)

    Google Scholar 

  16. Sousa, B., Pentikousis, K., Curado, M.: Optimizing quality of resilience in the cloud. In: 2014 IEEE Global Communications Conference (2014)

    Google Scholar 

  17. Zhu, L., et al.: Sdn controllers: a comprehensive analysis and performance evaluation study. ACM Comput. Surv. 53(6), 1–40 (2020)

    Article  Google Scholar 

  18. Schehlmann, L., Abt, S., Baier, H.: Blessing or curse? Revisiting security aspects of software-defined networking. In: CNSM (2014)

    Google Scholar 

  19. Xu, Y., Liu, Y.: DDoS attack detection under SDN context. In: IEEE INFOCOM 2016. IEEE Press (2016)

    Google Scholar 

  20. O.N.F. (ONF): SDN Architecture 1.0 Overview, November 2014

    Google Scholar 

  21. Sanvito, D., Moro, D., Gulli, M., Filippini, I., Capone, A., Campanella, A.: ONOS intent monitor and reroute service: enabling plug&play routing logic. In: 2018 4th IEEE NetSoft. IEEE, June 2018

    Google Scholar 

  22. FIRST: Common vulnerability scoring system version 3.1: user guide (2021). https://www.first.org/cvss/user-guide,

  23. Martini, B., Gharbaoui, M., Adami, D., Castoldi, P., Giordano, S.: Experimenting SDN and cloud orchestration in virtualized testing facilities: performance results and comparison. IEEE TNSM 16(3), 965–979 (2019)

    Google Scholar 

  24. Hamid, S., Zakaria, N., Ahmed, J.: ReCSDN: resilient controller for software defined networks. Int. J. Adv. Comput. Sci. Appl. 8(8), 202–208 (2017)

    Google Scholar 

  25. Badotra, S., Panda, S.N.: Evaluation and comparison of OpenDayLight and open networking operating system in software-defined networking. Cluster Comput. 23(2), 1281–1291 (2019). https://doi.org/10.1007/s10586-019-02996-0

    Article  Google Scholar 

  26. Ujcich. B.E., et al.: Automated discovery of cross-plane event-based vulnerabilities in software-defined networking. In: NDSS Symposium. Internet Society, February 2020

    Google Scholar 

Download references

Acknowledgements

This work was funded by the European Regional Development Fund (FEDER), through the Regional Operational Programme of Centre (CENTRO 2020) of the Portugal 2020 framework and FCT under the MIT Portugal Program [Project SNOB-5G with Nr. 045929 (CENTRO-01–0247-FEDER-045929)].

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Carlos Silva .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Silva, C., Sousa, B., Vilela, J.P. (2021). CROCUS: An Objective Approach for SDN Controllers Security Assessment. In: Garcia-Alfaro, J., Li, S., Poovendran, R., Debar, H., Yung, M. (eds) Security and Privacy in Communication Networks. SecureComm 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 398. Springer, Cham. https://doi.org/10.1007/978-3-030-90019-9_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-90019-9_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-90018-2

  • Online ISBN: 978-3-030-90019-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics