Abstract
With the development of information and networking technologies, conventional network has been unable to meet the demands of practical applications and network users. A new network paradigm called Software-Defined Networking (SDN) was proposed and got public attention. By decoupling the forwarding and control planes and applying specific protocols, SDN greatly reduces the cost of network management. Moreover, SDN empowers network managers to program their networks with high flexibility. However, there are many network security issues with regard to SDN, which should be solved in order to ensure the final success of SDN. In this paper, we undertake an SDN security survey. We focus on analyzing SDN’s security problems and reviewing existing countermeasures. Meanwhile, we identify the future research directions of SDN security.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Kreutz, D., Ramos, F.M., Verissimo, P.E., Rothenberg, C.E.: Software-defined networking: a comprehensive survey. Proc. IEEE 103(1), 14–76 (2015)
Ali, S.T., Sivaraman, V., Radford, A., Jha, S.: A survey of securing networks using software defined networking. IEEE Trans. Reliab. 64(3), 1086–1097 (2015)
Hawilo, H., Shami, A., Mirahmadi, M., Asal, R.: NFV: state of the art, challenges, and implementation in next generation mobile networks (vEPC). IEEE Netw. 28(6), 18–26 (2014)
Scott-Hayward, S., Natarajan, S., Sezer, S.: A survey of security in software defined networks. IEEE Commun. Surv. Tutorials 18(1), 623–654 (2016)
Dotcenko, S., Vladyko, A., Letenko, I.: A fuzzy logic-based information security management for software-defined networks. In: 16th International Conference on Advanced Communication Technology, pp. 167–171 (2014)
Klaedtke, F., Karame, G.O., Bifulco, R., Cui, H.: Access control for SDN controllers. In: 3rd Workshop on Hot Topics in Software Defined Networking, pp. 219–220 (2014)
Hu, H., Han, W., Ahn, G.J., Zhao, Z.: FLOWGUARD: building robust firewalls for software-defined networks. In: 3rd Workshop on Hot Topics in Software Defined Networking, pp. 97–102 (2014)
Shin, S., Porras, P.A., Yegneswaran, V., Fong, M.W., Gu, G., Tyson, M.: FRESCO: modular composable security services for software-defined networks. In: The ISOC Network and Distributed System Security Symposium, pp. 1–16 (2013)
Lim, S., Ha, J., Kim, H., Kim, Y., Yang, S.: A SDN-oriented DDoS blocking scheme for botnet-based attacks. In: Sixth International Conference on Ubiquitous and Future Networks, pp. 63–68 (2014)
Lim, S., Yang, S., Kim, Y., Yang, S., Kim, H.: Controller scheduling for continued SDN operation under DDoS attacks. Electron. Lett. 51(16), 1259–1261 (2015)
Mousavi, S.M., St-Hilaire, M.: Early detection of DDoS attacks against SDN controllers. In: 2015 International Conference on Computing Networking and Communications (ICNC), pp. 77–81 (2015)
Braga, R., Mota, E., Passito, A.: Lightweight DDoS flooding attack detection using NOX/OpenFlow. In: 35th Annual IEEE Conference on Local Computer Networks, pp. 408–415 (2010)
Oktian, Y.E., Lee, S., Lee, H.: Mitigating denial of service (DoS) attacks in openflow networks. In: 2014 International Conference on Information and Communication Technology Convergence (ICTC), pp. 325–330 (2014)
Belyaev, M., Gaivoronski, S.: Towards load balancing in SDN-networks during DDoS-attacks. In: 2014 International Science and Technology Conference, pp. 1–6 (2014)
Dabbagh, M., Hamdaoui, B., Guizani, M., Rayes, A.: Software-defined networking security: pros and cons. IEEE Commun. Mag. 53(6), 73–79 (2015)
Scott-Hayward, S., Kane, C., Sezer, S.: OperationCheckpoint: SDN application control. In: 2014 IEEE 22nd International Conference on Network Protocols, pp. 618–623 (2014)
Kreutz, D., Ramos, F., Verissimo, P.: Towards secure and dependable software-defined networks. In: 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, pp. 55–60 (2013)
Chandrasekaran, B., Benson, T.: Tolerating SDN application failures with LegoSDN. In: 13th ACM Workshop on Hot Topics in NetworYks, pp. 22–28 (2014)
Ferguson, A.D., Guha, A., Liang, C., Fonseca, R., Krishnamurthi, S.: Participatory networking: an API for application control of SDNs. ACM SIGCOMM Comput. Commun. Rev. 43(4), 327–338 (2013)
Shin, M.K., Nam, K.H., Kim, H.J.: Software-defined networking (SDN): a reference architecture and open APIs. In: 2012 International Conference on ICT Convergence (ICTC), pp. 360–361 (2012)
Tootoonchian, A., Ganjali, Y.: HyperFlow: a distributed control plane for OpenFlow. In: 2010 Internet Network Management Conference on Research on Enterprise Networking, pp. 3–6 (2010)
Yan, Q., Yu, F.R.: Distributed denial of service attacks in software-defined networking with cloud computing. IEEE Commun. Mag. 53(4), 52–59 (2015)
Acknowledgments
This work is sponsored by the National Key Research and Development Program of China (grant 2016YFB0800704), the NSFC (grants 61672410 and U1536202), the 111 project (grants B08038 and B16037), the Ph.D. Programs Foundation of Ministry of Education of China (grant JY0300130104), the Project Supported by Natural Science Basic Research Plan in Shaanxi Province of China (Program No. 2016ZDJC-06), and Aalto University.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Yao, Z., Yan, Z. (2016). Security in Software-Defined-Networking: A Survey. In: Wang, G., Ray, I., Alcaraz Calero, J., Thampi, S. (eds) Security, Privacy, and Anonymity in Computation, Communication, and Storage. SpaCCS 2016. Lecture Notes in Computer Science(), vol 10066. Springer, Cham. https://doi.org/10.1007/978-3-319-49148-6_27
Download citation
DOI: https://doi.org/10.1007/978-3-319-49148-6_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49147-9
Online ISBN: 978-3-319-49148-6
eBook Packages: Computer ScienceComputer Science (R0)