DocumentCode
230617
Title
Blessing or curse? Revisiting security aspects of Software-Defined Networking
Author
Schehlmann, Lisa ; Abt, Sebastian ; Baier, Harald
Author_Institution
da/sec - Biometrics & Internet Security Res. Group, Hochschule Darmstadt, Germany
fYear
2014
fDate
17-21 Nov. 2014
Firstpage
382
Lastpage
387
Abstract
Software-Defined Networking (SDN) is an emerging technology, physically separating data and control planes of network devices. From a security point of view SDN has two sides. First, it enables network security functions by design, because traffic flows can be redirected or filtered based on packet content or application layer state - functionality, which to date requires additional network security devices like fire-walls, intrusion detection systems or spam filters in conventional networks. On the other hand, due to physical separation of planes, SDN possibly offers additional attack vectors compared to traditional network architectures, which may severely impact overall network availability as well as confidentiality, authenticity, integrity and consistency of network traffic and control data. In this paper, we discuss and balance security provided by SDN with security threats of SDN also in respect of traditional networks. We develop an evaluation methodology for both sides and show that from a security point of view SDN is a blessing for today´s and future network design and operation.
Keywords
computer network security; software defined networking; SDN; firewalls; intrusion detection systems; network security functions; software-defined networking; spam filters; Availability; Communication networks; Computer crime; Control systems; Maintenance engineering; Protocols; OpenFlow; Software-Defined Networking; network security;
fLanguage
English
Publisher
ieee
Conference_Titel
Network and Service Management (CNSM), 2014 10th International Conference on
Conference_Location
Rio de Janeiro
Type
conf
DOI
10.1109/CNSM.2014.7014199
Filename
7014199
Link To Document