ABSTRACT
Edge Computing and Software Defined Networking (SDN) are two emerging technologies that have increasingly become popular for implementing modern infrastructures. The former enables data computation to be performed at the edge of the network (of users) giving benefits over cloud computing when large amount of data is produced near the edge. The latter offers advantages of programmable and flexible network management over the traditional practice. Recent research has focused on how to utilize SDN paradigm to enhance Edge Computing. As more and more SDN-based Edge Computing systems are being developed, it is necessary to consider security issues especially those that are inherent from SDN. This paper addresses an important SDN specific security breach, namely a flow rule attack, where a network switch is compromised and its flow rule for data transmission routing is modified. This attack can potentially lead to many devastating consequences including disruption of network traffic and denial of services. The paper presents an approach to flow rule attack detection and lightweight mitigation techniques that can be performed by the SDN's controller. To evaluate our detection and mitigation mechanisms, the paper describes experiments on simulation that shows promising results.
- Baktir, Ahmet C., Ozgovde, A., and Ersoy, C., "How Can Edge Computing Benefit From Software-Defined Networking: A Survey, Use Cases, and Future Directions", IEEE Communications Surveys & Tutorials, Volume: 19(4), 2017.Google Scholar
- Baktir, Ahmet C., Ozgovde, A., and Ersoy, C., "Edge Computing: Vision and Challenges", IEEE Internet of Things Journal, Vol:3(5), Page(s): 637 -- 646, Oct. 2016.Google ScholarCross Ref
- Dhawan, M., Poddar, R., Mahajan, K., and Mann., V., "SPHINX: Detecting Security Attacks in Software-Defined Networks", 22nd Annual Network & Distributed System Security Conference (NDSS'15), 2015.Google ScholarCross Ref
- Fontes, R., Afzal, S., Brito, S., Santos, M., and Rothenberg, C., "Mininet-WiFi: Emulating software-defined wireless networks", 11th International conference on Network and Service Management (CNSM), 2015.Google ScholarDigital Library
- Jagadeesan, N. A., and Krishnamachari, B., "Software-defined networking paradigms in wireless networks: A survey", ACM Computer Surveys, vol. 47, no. 2, p. 27, 2015.Google ScholarDigital Library
- Jero, S., X., Bu, Nita-Rotaru, C., Okhravi, H., Skowyra, R., and Fahmy, S., "BEADS: automated attack discovery in OpenFlow-based SDN systems", In RAID, 2017.Google ScholarCross Ref
- Kreutz, D., Ramos, F., Verissimo, P., Rothenberg, C., Azodolmolky S., and Uhlig, S., "Software-defined networking: A comprehensive survey", in Proc. of the IEEE, Vol. 103(1), Page(s): 3--76, 2015.Google ScholarCross Ref
- Lin, P.-C., Li, P.-C., and Nguyen, V. L., "Inferring openflow rules by active probing in software-defined networks", In Advanced Communication Technology (ICACT), IEEE 19th International Conference on, Page(s) 415--420., 2017.Google Scholar
- Scott-Hayward, S., Natarajan, S., and Sezer, S., "A survey of security in software defined networks", IEEE Communications Surveys & Tutorials, Vol: 18(1), Page(s):623--654, 2015.Google ScholarDigital Library
- Shaghaghi, A., Ali, Mohamed, K., Buyya, R., and Jha, S., "Software-Defined Network (SDN) Data Plane Security: Issues, Solutions and Future Directions", arXiv:1804.00262, 2018.Google Scholar
- Xiaomin, Li, Di, Li, Jiafu, Wan, Chengliang Liu, and Muhammad, Imran, "Adaptive Transmission Optimization in SDN-Based Industrial Internet of Things with Edge Computing", IEEE Internet of Things Journal, Vol: 5(3), Page(s):1351--1360, June 2018.Google ScholarCross Ref
- Yoon, C., Lee, S., Kang, H., Park, T., Shin, S., Yegneswaran, V., Porras, P., and Gu, G., "Flow Wars: Systemizing the Attack Surface and Defenses in Software-Defined Networks", IEEE/ACM Transactions on Networking, Year: 2017, Vol: 25(6), Page(s): 3514 -- 3530.Google Scholar
- Zhou, Y., Chen, K., Zhang, J., Leng, J., and Tang, Y, "Exploiting the vulnerability of flow table overflow in software-defined network: Attack model, evaluation, and defense", Security and Communication Networks, 2018.Google ScholarDigital Library
Recommendations
Analysis of SDN Contributions for Cloud Computing Security
UCC '14: Proceedings of the 2014 IEEE/ACM 7th International Conference on Utility and Cloud ComputingCloud infrastructures are composed fundamentally of computing, storage, and networking resources. In regards to network, Software-Defined Networking (SDN) has become one of the most important architectures for the management of networks that require ...
AIM-SDN: Attacking Information Mismanagement in SDN-datastores
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications SecurityNetwork Management is a critical process for an enterprise to configure and monitor the network devices using cost effective methods. It is imperative for it to be robust and free from adversarial or accidental security flaws. With the advent of cloud ...
Enabling security functions with SDN
Software-defined networking (SDN) is being strongly considered as the next promising networking platform, and studies regarding SDN have been actively conducted accordingly. However, the security of SDN remains undefined and unknown when considering the ...
Comments