Abstract
Software Defined Networking (SDN) facilitates the orchestration and configuration of network resources in a flexible and scalable form, where policies are managed by controller components that interact with network elements through multiple interfaces. The ubiquitous adoption of SDN leads to the availability of multiple SDN controllers, which have different characteristics in terms of performance and security support. SDN controllers are a common target in network attacks since their compromise leads to the capability of impairing the entire network. Thus, the choice of a SDN controller must be a meticulous process from early phases (design to production). CROCUS, herein proposed, provides a mechanism to enable an objective assessment of the security support of SDN controllers. CROCUS relies on the information provided by the Common Vulnerability Scoring System (CVSS) and considers security features derived from scenarios with stringent security requirements. Considering a vehicular communication scenario supported by multiple technologies, we narrow the selection of SDN controllers to OpenDayLight and ONOS choices. The results put in evidence that both controllers have security features relevant for demanding scenarios with ONOS excelling in some aspects .
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Taneja, M., Davy, A.: Resource aware placement of IoT application modules in fog-cloud computing paradigm. In: IFIP/IEEE IM. IEEE (2017)
Cohen, A., et al.: Bringing network coding into SDN: a case-study for highly meshed heterogeneous communications. CoRR, vol. abs/2010.00343 (2020)
Scott-Hayward, S.: Design and deployment of secure, robust, and resilient SDN controllers. In: IEEE NetSoft (2015)
Singh, M.P., Bhandari, A.: New-flow based DDoS attacks in SDN: taxonomy, rationales, and research challenges. Comput. Comm. 154, 509–527 (2020)
Abdou, A.R., van Oorschot, C., Wan, T.: A framework and comparative analysis of control plane security of SDN and conventional networks. arXiv (2017)
Yoon, S., et al.: A security-mode for carrier-grade SDN controllers. In: ACM ACSAC. ACM, December 2017
Mamushiane, L., Lysko, A., Dlamini, S.: A comparative evaluation of the performance of popular SDN controllers. IFIP Wireless Days, April 2018
Sousa, B., Pentikousis, K., Curado, M.: Methodical: towards the next generation of multihomed applications. Comput. Netw. 65, 21–40 (2014)
Baghla, S., Bansal, S.: VIKOR MADM based optimization method for vertical handover in heterogeneous networks. Adv. Syst. Sci. Appl. 18(3), 90–110 (2018)
Khondoker, R., Zaalouk, A., Marx, R., Bayarou, K.: Feature-based comparison and selection of software defined networking controllers. In: WCCAIS 2014
Schumacher, M., Fernandez-Buglioni, E., Hybertson, D., Buschmann, F., Sommerlad, P.: Security Patterns: Integrating Security and Systems Engineering. Wiley, Hoboken (2005)
Arbettu, R.K., Khondoker, R., Bayarou, K., Weber, F.: Security analysis of OpenDaylight, ONOS, Rosemary and Ryu SDN controllers. In: 17th Networks Symposium (2016)
Microsoft: The STRIDE Threat Model (2009)
NIST Itl National Vulnerability Database: Common vulnerability scoring system calculator. https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator
Araújo, M.C., Sousa, B., Curado, M., Bittencourt, L.F.: CMFog: proactive content migration using markov Chain and MADM in fog computing. In: 2020 IEEE/ACM UCC (2020)
Sousa, B., Pentikousis, K., Curado, M.: Optimizing quality of resilience in the cloud. In: 2014 IEEE Global Communications Conference (2014)
Zhu, L., et al.: Sdn controllers: a comprehensive analysis and performance evaluation study. ACM Comput. Surv. 53(6), 1–40 (2020)
Schehlmann, L., Abt, S., Baier, H.: Blessing or curse? Revisiting security aspects of software-defined networking. In: CNSM (2014)
Xu, Y., Liu, Y.: DDoS attack detection under SDN context. In: IEEE INFOCOM 2016. IEEE Press (2016)
O.N.F. (ONF): SDN Architecture 1.0 Overview, November 2014
Sanvito, D., Moro, D., Gulli, M., Filippini, I., Capone, A., Campanella, A.: ONOS intent monitor and reroute service: enabling plug&play routing logic. In: 2018 4th IEEE NetSoft. IEEE, June 2018
FIRST: Common vulnerability scoring system version 3.1: user guide (2021). https://www.first.org/cvss/user-guide,
Martini, B., Gharbaoui, M., Adami, D., Castoldi, P., Giordano, S.: Experimenting SDN and cloud orchestration in virtualized testing facilities: performance results and comparison. IEEE TNSM 16(3), 965–979 (2019)
Hamid, S., Zakaria, N., Ahmed, J.: ReCSDN: resilient controller for software defined networks. Int. J. Adv. Comput. Sci. Appl. 8(8), 202–208 (2017)
Badotra, S., Panda, S.N.: Evaluation and comparison of OpenDayLight and open networking operating system in software-defined networking. Cluster Comput. 23(2), 1281–1291 (2019). https://doi.org/10.1007/s10586-019-02996-0
Ujcich. B.E., et al.: Automated discovery of cross-plane event-based vulnerabilities in software-defined networking. In: NDSS Symposium. Internet Society, February 2020
Acknowledgements
This work was funded by the European Regional Development Fund (FEDER), through the Regional Operational Programme of Centre (CENTRO 2020) of the Portugal 2020 framework and FCT under the MIT Portugal Program [Project SNOB-5G with Nr. 045929 (CENTRO-01–0247-FEDER-045929)].
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Silva, C., Sousa, B., Vilela, J.P. (2021). CROCUS: An Objective Approach for SDN Controllers Security Assessment. In: Garcia-Alfaro, J., Li, S., Poovendran, R., Debar, H., Yung, M. (eds) Security and Privacy in Communication Networks. SecureComm 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 398. Springer, Cham. https://doi.org/10.1007/978-3-030-90019-9_22
Download citation
DOI: https://doi.org/10.1007/978-3-030-90019-9_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-90018-2
Online ISBN: 978-3-030-90019-9
eBook Packages: Computer ScienceComputer Science (R0)