Abstract
Software-defined networking (SDN) decouples the control and data planes of traditional networks, logically centralizing the functional properties of the network in the SDN controller. While this centralization brought advantages such as a faster pace of innovation, it also disrupted some of the natural defenses of traditional architectures against different threats. The literature on SDN has mostly been concerned with the functional side, despite some specific works concerning non-functional properties such as security or dependability. Though addressing the latter in an ad-hoc, piecemeal way may work, it will most likely lead to efficiency and effectiveness problems.
We claim that the enforcement of non-functional properties as a pillar of SDN robustness calls for a systemic approach. We further advocate, for its materialization, the reiteration of the successful formula behind SDN: ‘logical centralization’. As a general concept, we propose anchor, a subsystem architecture that promotes the logical centralization of non-functional properties. To show the effectiveness of the concept, we focus on security in this article: we identify the current security gaps in SDNs and we populate the architecture middleware with the appropriate security mechanisms in a global and consistent manner. Essential security mechanisms provided by anchor include reliable entropy and resilient pseudo-random generators, and protocols for secure registration and association of SDN devices.
We claim and justify in the article that centralizing such mechanisms is key for their effectiveness by allowing us to define and enforce global policies for those properties; reduce the complexity of controllers and forwarding devices; ensure higher levels of robustness for critical services; foster interoperability of the non-functional property enforcement mechanisms; and promote the security and resilience of the architecture itself. We discuss design and implementation aspects, and we prove and evaluate our algorithms and mechanisms, including the formalisation of the main protocols and the verification of their core security properties using the Tamarin prover.
- O. I. Abdullaziz, Y. J. Chen, and L. C. Wang. 2016. Lightweight authentication mechanism for software defined network using information hiding. In 2016 IEEE Global Communications Conference (GLOBECOM’16). IEEE, 1--6.Google Scholar
- David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin, and Paul Zimmermann. 2015. Imperfect forward secrecy: How Diffie-Hellman fails in practice. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS’15). ACM, New York, NY, 5--17. Google Scholar
Digital Library
- Ijaz Ahmad, Suneth Namal, Mika Ylianttila, and Andrei Gurtov. 2015. Security in software defined networks: A survey. IEEE Communications Surveys 8 Tutorials 17, 4 (2015), 2317--2346.Google Scholar
- Adnan Akhunzada, Ejaz Ahmed, Abdullah Gani, Muhammad Khurram Khan, Muhammad Imran, and Sghaier Guizani. 2015. Securing software defined networks: Taxonomy, requirements, and open issues. IEEE Communications Magazine 53, 4 (2015), 36--44.Google Scholar
Digital Library
- Mohammad Al-Fares, Alexander Loukissas, and Amin Vahdat. 2008. A scalable, commodity data center network architecture. SIGCOMM Comput. Commun. Rev. 38, 4 (Aug. 2008), 63--74. Google Scholar
Digital Library
- Martin R. Albrecht, Davide Papini, Kenneth G. Paterson, and Ricardo Villanueva-Polanco. 2000. Factoring 512-bit RSA moduli for fun (and a profit of $9,000). In Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques - EUROCRYPT 2000. Lecture Notes in Computer Science. Springer, 1--18. Google Scholar
Digital Library
- A. L. Aliyu, P. Bull, and A. Abdallah. 2017. A trust management framework for network applications within an SDN environment. In 2017 31st International Conference on Advanced Information Networking and Applications Workshops (WAINA’17). IEEE, 93--98.Google Scholar
- R. Alvizu, G. Maier, N. Kukreja, A. Pattavina, R. Morro, A. Capello, and C. Cavazzoni. 2017. Comprehensive survey on T-SDN: Software-defined networking for transport networks. IEEE Communications Surveys Tutorials PP, 99 (2017), 1--1.Google Scholar
- Anchor. 2018. Tamarin models for ANCHOR. Retrieved January 24, 2019 from http://www.jiangshanyu.com/doc/paper/ANCHOR-proof.zip.Google Scholar
- Markku Antikainen, Tuomas Aura, and MikkoSärelä. 2014. Spook in your network: Attacking an SDN with a compromised OpenFlow switch. In Secure IT Systems, Karin Bernsmed and Simone Fischer-Hübner (Eds.). Springer International Publishing, 229--244.Google Scholar
- R. K. Arbettu, R. Khondoker, K. Bayarou, and F. Weber. 2016. Security analysis of OpenDaylight, ONOS, Rosemary and Ryu SDN controllers. In 2016 17th International Telecommunications Network Strategy and Planning Symposium (Networks). IEEE, 37--44.Google Scholar
- Cyril Arnaud and Pierre-Alain Fouque. 2013. Timing attack against protected RSA-CRT implementation used in PolarSSL. In Topics in Cryptology - CT-RSA 2013, Ed Dawson (Ed.). Lecture Notes in Computer Science, Vol. 7779. Springer, Berlin, 18--33. Google Scholar
Digital Library
- R. Barrett, A. Facey, W. Nxumalo, J. Rogers, P. Vatcher, and M. St-Hilaire. 2017. Dynamic traffic diversion in SDN: Testbed vs mininet. In 2017 International Conference on Computing, Networking and Communications (ICNC). IEEE, 167--171.Google Scholar
- Lawrence E. Bassham, III, Andrew L. Rukhin, Juan Soto, James R. Nechvatal, Miles E. Smid, Elaine B. Barker, Stefan D. Leigh, Mark Levenson, Mark Vangel, David L. Banks, Nathanael Alan Heckert, James F. Dray, and San Vo. 2010. SP 800-22 Rev. 1a. A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications. Technical Report. National Institute of Standards and Technology (NIST), Gaithersburg, MD. Google Scholar
Digital Library
- Theophilus Benson, Aditya Akella, and David A. Maltz. 2010. Network traffic characteristics of data centers in the wild. In ACM SIGCOMM IMC. ACM, New York, NY, 267--280. Google Scholar
Digital Library
- Theophilus Benson, Ashok Anand, Aditya Akella, and Ming Zhang. 2010. Understanding data center traffic characteristics. SIGCOMM Comput. Commun. Rev. 40, 1 (Jan. 2010), 92--99. Google Scholar
Digital Library
- Pankaj Berde, Matteo Gerola, Jonathan Hart, Yuta Higuchi, Masayoshi Kobayashi, Toshio Koide, Bob Lantz, Brian O’Connor, Pavlin Radoslavov, William Snow, et al. 2014. ONOS: Towards an open, distributed SDN OS. In Proceedings of the 3rd Workshop on Hot Topics in Software Defined Networking. ACM, 1--6. Google Scholar
Digital Library
- Daniel J. Bernstein, Tanja Lange, and Peter Schwabe. 2012. The security impact of a new cryptographic library. In LATINCRYPT. Lecture Notes in Computer Science, Vol. 7533. Springer, Berlin, 159--176. Google Scholar
Digital Library
- Daniel J. Bernstein. 2009. Introduction to Post-quantum Cryptography. Springer, Berlin, 1--14.Google Scholar
- Daniel J. Bernstein, Tanja Lange, and Ruben Niederhagen. 2016. Dual EC: A standardized back door. In The New Codebreakers. Springer, 256--281. Google Scholar
Digital Library
- A. Bessani, J. Sousa, and E. E. P. Alchieri. 2014. State machine replication for the masses with BFT-SMART. In 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. 355--362. Google Scholar
Digital Library
- Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cédric Fournet, Markulf Kohlweiss, Alfredo Pironti, Pierre-Yves Strub, and Jean Karim Zinzindohoue. 2015. A messy state of the union: Taming the composite state machines of TLS. In 2015 IEEE Symposium on Security and Privacy (SP’15). IEEE, 535--552. Google Scholar
Digital Library
- Karthikeyan Bhargavan, Barry Bond, Antoine Delignat-Lavaud, Cédric Fournet, Chris Hawblitzel, Catalin Hritcu, Samin Ishtiaq, Markulf Kohlweiss, Rustan Leino, Jay Lorch, et al. 2017. Everest: Towards a verified, drop-in replacement of HTTPS. In LIPIcs-Leibniz International Proceedings in Informatics, Vol. 71. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik.Google Scholar
- Karthikeyan Bhargavan, Cédric Fournet, Markulf Kohlweiss, Alfredo Pironti, and Pierre-Yves Strub. 2013. Implementing TLS with verified cryptographic security. In 2013 IEEE Symposium on Security and Privacy (SP’13). IEEE, 445--459. Google Scholar
Digital Library
- Kevin Bocek. 2015. Infographic: How an Attack by a Cyber-espionage Operator Bypassed Security Controls. Retrieved January 24, 2019 from https://www.venafi.com/blog/post/infographic-cyber-espionage-operator-bypassed-security-controls/.Google Scholar
- Fábio Botelho, Tulio A. Ribeiro, Paulo Ferreira, Fernando M. V. Ramos, and Alysson Bessani. 2016. Design and implementation of a consistent data store for a distributed SDN control plane. In 2016 12th European Dependable Computing Conference (EDCC’16). IEEE, 169--180.Google Scholar
Cross Ref
- Billy Bob Brumley and Nicola Tuveri. 2011. Remote timing attacks are still practical. In Computer Security - ESORICS 2011. Lecture Notes in Computer Science, Vol. 6879. Springer, Berlin, 355--371. Google Scholar
Digital Library
- D. Buhov, M. Huber, G. Merzdovnik, E. Weippl, and V. Dimitrova. 2015. Network security challenges in Android applications. In 2015 10th International Conference on Availability, Reliability and Security. 327--332. Google Scholar
Digital Library
- C. Cachin and A. Samar. 2004. Secure distributed DNS. In International Conference on Dependable Systems and Networks, 2004. 423--432. Google Scholar
Digital Library
- Martin Casado, Michael J. Freedman, Justin Pettit, Jianying Luo, Nick McKeown, and Scott Shenker. 2007. Ethane: Taking control of the enterprise. In ACM SIGCOM. ACM, 1--12. Google Scholar
Digital Library
- Martin Casado, Tal Garfinkel, Aditya Akella, Michael J. Freedman, Dan Boneh, Nick McKeown, and Scott Shenker. 2006. SANE: A protection architecture for enterprise networks. In Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15 (USENIX-SS’06). USENIX Association, Berkeley, CA, Article 10. Google Scholar
Digital Library
- Po-Wen Chi, Chien-Ting Kuo, Jing-Wei Guo, and Chin-Laung Lei. 2015. How to detect a compromised SDN switch. In 1st IEEE Conference on Network Softwarization (NetSoft’15). IEEE, 1--6.Google Scholar
- P. M. Mohan, T. Truong-Huu, and M. Gurusamy. 2018. Towards resilient in-band control path routing with malicious switch detection in SDN. In 10th International Conference on Communication Systems Networks (COMSNETS'18). 9--16.Google Scholar
- Yen-Chun Chiu and Po-Ching Lin. 2017. Rapid detection of disobedient forwarding on compromised OpenFlow switches. In International Conference on Computing, Networking and Communications (ICNC’17). IEEE, 672--677.Google Scholar
Cross Ref
- Cisco. 2014. Annual Security Report. Retrieved January 24, 2019 from https://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf.Google Scholar
- Bob Cromwell. 2017. Massive Failures of Internet PKI. Retrieved January 24, 2019 from http://cromwell-intl.com/cybersecurity/pki-failures.html.Google Scholar
- Marc C. Dacier, Hartmut König, Radoslaw Cwalinski, Frank Kargl, and Sven Dietrich. 2017. Security challenges and opportunities of software-defined networking. IEEE Security 8 Privacy 15, 2 (2017), 96--100. Google Scholar
Digital Library
- Rogério Leão Santos De Oliveira, Christiane Marie Schweitzer, Ailton Akira Shinoda, and Ligia Rodrigues Prete. 2014. Using Mininet for emulation and prototyping software-defined networks. In 2014 IEEE Colombian Conference on Communications and Computing (COLCOM’14). IEEE, 1--6.Google Scholar
Cross Ref
- DigiCert Inc. 2017. Enabling Perfect Forward Secrecy. Retrieved January 24, 2019 from https://goo.gl/KhYtn8.Google Scholar
- Yevgeniy Dodis, David Pointcheval, Sylvain Ruhault, Damien Vergniaud, and Daniel Wichs. 2013. Security analysis of pseudo-random number generators with input: /Dev/random is not robust. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS’13). ACM, New York, NY, 647--658. Google Scholar
Digital Library
- Chris Edwards. 2014. Researchers probe security through obscurity. Commun. ACM 57, 8 (2014), 11--13. Google Scholar
Digital Library
- Manuel Egele, David Brumley, Yanick Fratantonio, and Christopher Kruegel. 2013. An empirical study of cryptographic misuse in Android applications. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS’13). ACM, New York, NY, 73--84. Google Scholar
Digital Library
- Shuqin Fan, Wenbo Wang, and Qingfeng Cheng. 2016. Attacking OpenSSL implementation of ECDSA with a few signatures. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS’16). ACM, 1505--1515. Google Scholar
Digital Library
- Andrew D. Ferguson, Arjun Guha, Chen Liang, Rodrigo Fonseca, and Shriram Krishnamurthi. 2013. Participatory networking: An API for application control of SDNs. In Proceedings of the ACM SIGCOMM 2013 Conference on SIGCOMM (SIGCOMM’13). ACM, New York, NY, 327--338. Google Scholar
Digital Library
- Niels Ferguson, Bruce Schneier, and Tadayoshi Kohno. 2011. Cryptography Engineering: Design Principles and Practical Applications. John Wiley 8 Sons. Google Scholar
Digital Library
- Ramon R. Fontes, Samira Afzal, Samuel H. B. Brito, Mateus A. S. Santos, and Christian Esteve Rothenberg. 2015. Mininet-WiFi: Emulating software-defined wireless networks. In 11th International Conference on Network and Service Management (CNSM’15). IEEE, 384--389. Google Scholar
Digital Library
- Albert Greenberg, James R. Hamilton, Navendu Jain, Srikanth Kandula, Changhoon Kim, Parantap Lahiri, David A. Maltz, Parveen Patel, and Sudipta Sengupta. 2009. VL2: A scalable and flexible data center network. SIGCOMM Comput. Commun. Rev. 39, 4 (Aug. 2009), 51--62. Google Scholar
Digital Library
- Albert Greenberg, Parantap Lahiri, David A. Maltz, Parveen Patel, and Sudipta Sengupta. 2008. Towards a next generation data center architecture: Scalability and commoditization. In Proceedings of the ACM Workshop on Programmable Routers for Extensible Services of Tomorrow (PRESTO’08). ACM, New York, NY, 57--62. Google Scholar
Digital Library
- Marcella Hastings, Joshua Fried, and Nadia Heninger. 2016. Weak keys remain widespread in network devices. In Proceedings of the 2016 ACM on Internet Measurement Conference. ACM, 49--63. Google Scholar
Digital Library
- Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. 2012. Mining your Ps and Qs: Detection of widespread weak keys in network devices. In Proceedings of the 21st USENIX Conference on Security Symposium (Security’12). USENIX Association, Berkeley, CA, 35--35. http://dl.acm.org/citation.cfm?id=2362793.2362828. Google Scholar
Digital Library
- Brad Hill. 2013. Failures of Trust in the Online PKI Marketplace Cannot be Fixed by “Raising the Bar” on Certificate Authority Security. Retrieved January 24, 2019 from http://csrc.nist.gov/groups/ST/ca-workshop-2013/cfp-submissions/hill_failures_to_trust.pdf.Google Scholar
- Yu-Chi Ho, Qian-Chuan Zhao, and D. L. Pepyne. 2003. The no free lunch theorems: Complexity and security. IEEE Trans. Automat. Control 48, 5 (2003), 783--793.Google Scholar
Cross Ref
- Jaap-Henk Hoepman and Bart Jacobs. 2007. Increased security through open source. Commun. ACM 50, 1 (Jan. 2007), 79--83. Google Scholar
Digital Library
- Hongxin Hu, Wonkyu Han, Gail-Joon Ahn, and Ziming Zhao. 2014. FLOWGUARD: Building robust firewalls for software-defined networks. In ACM SIGCOMM HotSDN. ACM, 97--102. Google Scholar
Digital Library
- L. S. Huang, S. Adhikarla, D. Boneh, and C. Jackson. 2014. An experimental study of TLS forward secrecy deployments. IEEE Internet Computing 18, 6 (Nov. 2014), 43--51.Google Scholar
Cross Ref
- IEEE Spectrum. 2015. Special Report: 50 Years of Moore’s Law. Retrieved January 24, 2019 from http://spectrum.ieee.org/static/special-report-50-years-of-moores-law.Google Scholar
- Sushant Jain, Alok Kumar, Subhasree Mandal, Joon Ong, Leon Poutievski, Arjun Singh, Subbaiah Venkata, Jim Wanderer, Junlan Zhou, Min Zhu, Jon Zolla, Urs Hölzle, Stephen Stuart, and Amin Vahdat. 2013. B4: Experience with a globally-deployed software defined WAN. In ACM SIGCOMM. ACM, New York, NY, 3--14. Google Scholar
Digital Library
- Andrzej Kamisiński and Carol Fung. 2015. FlowMon: Detecting malicious switches in software-defined networks. In SafeConfig. ACM, New York, NY, 39--45. Google Scholar
Digital Library
- Naga Katta, Haoyu Zhang, Michael Freedman, and Jennifer Rexford. 2015. Ravana: Controller fault-tolerance in software-defined networking. In Proceedings of the 1st ACM SIGCOMM Symposium on Software Defined Networking Research (SOSR’15). ACM, 1--12. Google Scholar
Digital Library
- Karamjeet Kaur, Japinder Singh, and Navtej Singh Ghumman. 2014. Mininet as software defined networking testing platform. In International Conference on Communication, Computing 8 Systems (ICCCS’14). 139--42.Google Scholar
- Z. K. Khattak, M. Awais, and A. Iqbal. 2014. Performance evaluation of OpenDaylight SDN controller. In 20th IEEE ICPADS. IEEE, 671--676.Google Scholar
- Soo Hyeon Kim, Daewan Han, and Dong Hoon Lee. 2013. Predictability of Android OpenSSL’s pseudo random number generator. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS’13). ACM, New York, NY, 659--668. Google Scholar
Digital Library
- Timo Kiravuo, Mikko Sarela, and Jukka Manner. 2013. A survey of ethernet LAN security. IEEE Communications Surveys 8 Tutorials 15, 3 (2013), 1477--1491.Google Scholar
Cross Ref
- Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, Thomas Sewell, Harvey Tuch, and Simon Winwood. 2009. seL4: Formal verification of an OS kernel. In ACM SIGOPS SOSP. ACM, New York, NY, USA, 207--220. Google Scholar
Digital Library
- Rowan Kloti, Vasileios Kotronis, and Paul Smith. 2013. OpenFlow: A security analysis. In 21st IEEE International Conference on Network Protocols (ICNP’13). IEEE, 1--6.Google Scholar
Cross Ref
- Teemu Koponen, Martin Casado, Natasha Gude, Jeremy Stribling, Leon Poutievski, Min Zhu, Rajiv Ramanathan, Yuichiro Iwata, Hiroaki Inoue, Takayuki Hama, and Scott Shenker. 2010. Onix: A distributed control platform for large-scale production networks. In OSDI. 351--364. Google Scholar
Digital Library
- D. Kreutz, A. Bessani, E. Feitosa, and H. Cunha. 2014. Towards secure and dependable authentication and authorization infrastructures. In 2014 IEEE 20th Pacific Rim International Symposium on Dependable Computing. IEEE, 43--52. Google Scholar
Digital Library
- Diego Kreutz, Oleksandr Malichevskyy, Eduardo Feitosa, Hugo Cunha, Rodrigo da Rosa Righi, and Douglas D. J. de Macedo. 2016. A cyber-resilient architecture for critical security services. Journal of Network and Computer Applications 63 (2016), 173--189. Google Scholar
Digital Library
- D. Kreutz, F. M. V. Ramos, P. Esteves Verissimo, C. Esteve Rothenberg, S. Azodolmolky, and S. Uhlig. 2015. Software-defined networking: A comprehensive survey. Proc. IEEE 103, 1 (Jan. 2015), 14--76.Google Scholar
Cross Ref
- Diego Kreutz, Fernando M. V. Ramos, and Paulo Verissimo. 2013. Towards secure and dependable software-defined networks. In ACM SIGCOMM HotSDN. ACM, New York, NY, 55--60. Google Scholar
Digital Library
- D. Kreutz, J. Yu, P. Esteves-Verissimo, C. Magalhaes, and F. M. V. Ramos. 2017. The KISS principle in software-defined networking: An architecture for keeping it simple and secure. ArXiv e-prints (Nov. 2017). arxiv:cs.NI/1702.04294Google Scholar
- D. Kreutz, J. Yu, P. Esteves-Verissimo, C. Magalhaes, and F. M. V. Ramos. 2018. The KISS principle in software-defined networking: A framework for secure communications. IEEE Security 8 Privacy 16, 5 (Sep. 2018), 60--70.Google Scholar
- D. Kreutz, J. Yu, F. M. V. Ramos, and P. Esteves-Verissimo. 2017. ANCHOR: Logically-centralized security for software-defined networks. ArXiv e-prints (2017). arxiv:cs.NI/1711.03636Google Scholar
- Bob Lantz, Brandon Heller, and Nick McKeown. 2010. A network in a laptop: Rapid prototyping for software-defined networks. In Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks. ACM, 19. Google Scholar
Digital Library
- Seungsoo Lee, Changhoon Yoon, Chanhee Lee, Seungwon Shin, Vinod Yegneswaran, and Phillip Porras. 2017. DELTA: A security assessment framework for software-defined networks. In Proceedings of NDSS, Vol. 17. 1--15.Google Scholar
- Wenjuan Li, Weizhi Meng, and Lam For Kwok. 2016. A survey on OpenFlow-based software defined networks: Security challenges and countermeasures. Journal of Network and Computer Applications 68 (2016), 126--139. Google Scholar
Digital Library
- Shih-Chun Lin, Pu Wang, and Min Luo. 2016. Control traffic balancing in software defined networks. Computer Networks 106 (2016), 260--271. Google Scholar
Digital Library
- Benjamin Livshits, Manu Sridharan, Yannis Smaragdakis, Ondřej Lhoták, J. Nelson Amaral, Bor-Yuh Evan Chang, Samuel Z. Guyer, Uday P. Khedker, Anders Møller, and Dimitrios Vardoulakis. 2015. In defense of soundiness: A manifesto. Commun. ACM 58, 2 (Jan. 2015), 44--46. Google Scholar
Digital Library
- D. Mahu, V. Dumitrel, and F. Pop. 2015. Secure entropy gatherer. In 2015 20th International Conference on Control Systems and Computer Science. 185--190.Google Scholar
- Konstantinos Manousakis and Georgios Ellinas. 2016. Attack-aware planning of transparent optical networks. Optical Switching and Networking 19 (2016), 97--109. Google Scholar
Digital Library
- G. Markowsky. 2013. Was the 2006 Debian SSL Debacle a system accident? In 2013 IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS’13), Vol. 2. IEEE, 624--629.Google Scholar
Cross Ref
- G. McGraw. 2004. Software security. IEEE Security Privacy 2, 2 (Mar 2004), 80--83. Google Scholar
Digital Library
- MEF. 2017. MEF. Retrieved January 24, 2019 from https://www.mef.net/.Google Scholar
- Simon Meier, Benedikt Schmidt, Cas Cremers, and David A. Basin. 2013. The TAMARIN prover for the symbolic analysis of security protocols. In CAV 2013, Saint Petersburg, Russia, July 13-19, 2013. 696--701.Google Scholar
- Michael Mimoso. 2016. GPG PATCHES 18-YEAR-OLD LIBGCRYPT RNG BUG. Retrieved January 24, 2019 from https://goo.gl/569rgJ.Google Scholar
- Namecheap.com. 2015. Cipher Suites Configuration (and forcing Perfect Forward Secrecy). Retrieved January 24, 2019 from https://goo.gl/TsvAKV.Google Scholar
- David Naylor, Alessandro Finamore, Ilias Leontiadis, Yan Grunenberger, Marco Mellia, Maurizio Munafo, Konstantina Papagiannaki, Peter Steenkiste. 2014. The cost of the “S” in HTTPS. In Proceedings of the 10th ACM Conference on Emerging Networking Experiments and Technologies (CoNEXT’14). ACM, New York, NY, 7.Google Scholar
- Roger M. Needham and Michael D. Schroeder. 1978. Using encryption for authentication in large networks of computers. Commun. ACM 21, 12 (Dec. 1978). Google Scholar
Digital Library
- NIST. 2017. NIST Statistical Test Suite. Retrieved January 24, 2019 from http://csrc.nist.gov/groups/ST/toolkit/rng/documentation_software.html.Google Scholar
- ONF. 2017. Open Networking Foundation. Retrieved January 24, 2019 from https://www.opennetworking.org/.Google Scholar
- OpenDaylight Project. 2018. Security Considerations. Retrieved January 24, 2019 from https://goo.gl/CBDi9s.Google Scholar
- OpenSSL.org. 2016. OpenSSL Security Advisory {10 Nov. 2016}. Retrieved January 24, 2019 from https://www.openssl.org/news/secadv/20161110.txt.Google Scholar
- Dave Otway and Owen Rees. 1987. Efficient and timely mutual authentication. SIGOPS Oper. Syst. Rev. 21, 1 (Jan. 1987), 8--10. Google Scholar
Digital Library
- Farzaneh Pakzad, Marius Portmann, Wee Lum Tan, and Jadwiga Indulska. 2016. Efficient topology discovery in OpenFlow-based software defined networks. Computer Communications 77 (2016), 52--61. Google Scholar
Digital Library
- Adrian Perrig, Robert Szewczyk, J. D. Tygar, Victor Wen, and David E. Culler. 2002. SPINS: Security protocols for sensor networks. Wirel. Netw. 8, 5 (Sept. 2002), 521--534. Google Scholar
Digital Library
- Pica8 Inc.2018. Pica8. Retrieved January 24, 2019 from https://www.pica8.com/.Google Scholar
- Pica8 Open Networking. 2018. PicOS Overview. Retrieved January 24, 2019 from https://goo.gl/Bvttv6.Google Scholar
- Ponemon Institute Research. 2018. The Cost 8 Consequences of Security Complexity. Retrieved January 24, 2019 from https://goo.gl/R9i6Lx.Google Scholar
- Philip Porras, Seungwon Shin, Vinod Yegneswaran, Martin Fong, Mabry Tyson, and Guofei Gu. 2012. A security enforcement kernel for OpenFlow networks. In HotSDN. ACM, 6. Google Scholar
Digital Library
- Phillip A. Porras, Steven Cheung, Martin W. Fong, Keith Skinner, and Vinod Yegneswaran. 2015. Securing the software defined network control layer. In NDSS. Internet Society, 1--15.Google Scholar
- PwC, CSO magazine and CERT/CMU. 2014. US Cybercrime: Rising Risks, Reduced Readiness. Technical Report. PwC. 21 pages. Retrieved January 24, 2019 from http://www.pwc.com/us/en/increasing-it-effectiveness/publications/assets/2014-us-state-of-cybercrime.pdf.Google Scholar
- Zafar Ayyub Qazi, Cheng-Chun Tu, Luis Chiang, Rui Miao, Vyas Sekar, and Minlan Yu. 2013. SIMPLE-fying middlebox policy enforcement using SDN. In ACM SIGCOMM Computer Communication Review, Vol. 43. ACM, 27--38. Google Scholar
Digital Library
- Abbas Razaghpanah, Arian Akhavan Niaki, Narseo Vallina-Rodriguez, Srikanth Sundaresan, Johanna Amann, and Phillipa Gill. 2017. Studying TLS usage in Android apps. In Proceedings of the 13th ACM Conference on Emerging Networking Experiments and Technologies (CoNEXT’17). ACM, New York, NY, 7. Google Scholar
Digital Library
- Red Hat, Inc.2018. OpenShift SDN. Retrieved January 24, 2019 from https://docs.openshift.com/container-platform/3.7/architecture/networking/sdn.html.Google Scholar
- Francisco Javier Ros and Pedro Miguel Ruiz. 2014. Five nines of southbound reliability in software-defined networks. In Proceedings of the 3rd Workshop on Hot Topics in Software Defined Networking. ACM, 31--36. Google Scholar
Digital Library
- Ryu SDN Framework Community. 2018. Component-based software defined networking framework. Retrieved January 24, 2019 from https://osrg.github.io/ryu/.Google Scholar
- Dominik Samociuk. 2015. Secure communication between OpenFlow switches and controllers. AFIN 2015 (2015), 39.Google Scholar
- Bruce Schneier. 2012. Lousy Random Numbers Cause Insecure Public Keys. Retrieved January 24, 2019 from https://www.schneier.com/blog/archives/2012/02/lousy_random_nu.html.Google Scholar
- Bruce Schneier. 2015. Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. W. W. Norton 8 Company. Google Scholar
Digital Library
- S. Scott-Hayward, S. Natarajan, and S. Sezer. 2016. A survey of security in software defined networks. IEEE Communications Surveys Tutorials 18, 1 (Firstquarter 2016), 623--654.Google Scholar
Digital Library
- Sandra Scott-Hayward, Sriram Natarajan, and Sakir Sezer. 2016. A survey of security in software defined networks. IEEE Communications Surveys 8 Tutorials 18, 1 (2016), 623--654.Google Scholar
Digital Library
- Stefano Secci, Kamel Attou, Dung Chi Phung, Sandra Scott-Hayward, Dylan Smyth, Suchitra Vemuri, and You Wang. 2017. ONOS Security and Performance Analysis: Report No. 1. Retrieved January 24, 2019 from https://goo.gl/QhWpNr.Google Scholar
- Y. Sheffer, R. Holz, and P. Saint-Andre. 2015. Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). RFC 7525. Retrieved January 24, 2019 from https://tools.ietf.org/html/rfc7525.Google Scholar
- Seugwon Shin, Phillip Porras, Vinod Yegneswaran, Martin Fong, Guofei Gu, and Mabry Tyson. 2013. FRESCO: Modular composable security services for software-defined networks. In Internet Society NDSS. Internet Society, 1--16.Google Scholar
- Seungwon Shin, Yongjoo Song, Taekyung Lee, Sangho Lee, Jaewoong Chung, Phillip Porras, Vinod Yegneswaran, Jisung Noh, and Brent Byunghoon Kang. 2014. Rosemary: A robust, secure, and high-performance network operating system. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS'14). ACM, New York, NY, 78--89. Google Scholar
Digital Library
- Lenin Singaravelu, Calton Pu, Hermann Härtig, and Christian Helmuth. 2006. Reducing TCB complexity for security-sensitive applications: Three case studies. SIGOPS Oper. Syst. Rev. 40, 4 (April 2006), 161--174. Google Scholar
Digital Library
- Drew Springall, Zakir Durumeric, and J. Alex Halderman. 2016. Measuring the security harm of TLS crypto shortcuts. In IMC. ACM, New York, NY, USA, 33--47. Google Scholar
Digital Library
- Philip B. Stark. 2017. Don’t Bet on your Random Number Generator. Retrieved January 24, 2019 from https://github.com/pbstark/pseudorandom/blob/master/prngLux17.ipynb.Google Scholar
- Udo Steinberg and Bernhard Kauer. 2010. NOVA: A microhypervisor-based secure virtualization architecture. In Proceedings of the 5th European Conference on Computer Systems (EuroSys’10). ACM, New York, NY, 209--222. Google Scholar
Digital Library
- The OpenStack project. 2018. OpenStack. Retrieved January 24, 2019 from https://www.openstack.org/.Google Scholar
- Apostol Vassilev and Timothy A. Hall. 2014. The importance of entropy to information security. Computer 47, 2 (2014), 78--81. Google Scholar
Digital Library
- Verizon. 2015. Data Breach Investigations Report. Retrieved January 24, 2019 from http://www.verizonenterprise.com/DBIR/2015/.Google Scholar
- VMware, Inc. 2018. NSX Data Center. Retrieved January 24, 2019 from https://www.vmware.com/products/nsx.html.Google Scholar
- T. Wan, A. Abdou, and P. C. van Oorschot. 2017. A framework and comparative analysis of control plane security of SDN and conventional networks. ArXiv e-prints (March 2017). arxiv:cs.NI/1703.06992Google Scholar
- Shie-Yuan Wang. 2014. Comparison of SDN OpenFlow network simulator and emulators: EstiNet vs. Mininet. In IEEE Symposium on Computers and Communication (ISCC’14). IEEE, 1--6.Google Scholar
Cross Ref
- Dan Williams and Ricardo Koller. 2016. Unikernel monitors: Extending minimalism outside of the box. In 8th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud’16). USENIX Association, 71--76. Google Scholar
Digital Library
- Jiaqi Yan and Dong Jin. 2015. VT-Mininet: Virtual-time-enabled Mininet for scalable and accurate software-defined network emulation. In Proceedings of the 1st ACM SIGCOMM Symposium on Software Defined Networking Research. ACM, 27. Google Scholar
Digital Library
- Frances F. Yao and YiqunLisa Yin. 2005. Design and analysis of password-based key derivation functions. In Topics in Cryptology (CT-RSA’05), Alfred Menezes (Ed.). Lecture Notes in Computer Science, Vol. 3376. Springer, Berlin, 245--261. Google Scholar
Digital Library
- Yuval Yarom and Naomi Benger. 2014. Recovering OpenSSL ECDSA nonces using the FLUSH+RELOAD cache side-channel attack. IACR Cryptology ePrint Archive 2014 (2014), 140.Google Scholar
- Changhoon Yoon, Seungsoo Lee, Heedo Kang, Taejune Park, Seungwon Shin, Vinod Yegneswaran, Phillip Porras, and Guofei Gu. 2017. Flow wars: Systemizing the attack surface and defenses in software-defined networks. IEEE/ACM Transactions on Networking 25, 6 (2017), 3514--3530. Google Scholar
Digital Library
- Jiangshan Yu, Mark Ryan, and Cas Cremers. 2017. DECIM: Detecting Endpoint Compromise in Messaging. Cryptology ePrint Archive, Report 2015/486. http://eprint.iacr.org/2015/486.Google Scholar
- Jiangshan Yu, Mark Ryan, and Cas Cremers. 2017. DECIM: Detecting endpoint compromise in messaging. IEEE Trans. Information Forensics and Security 13, 1 (Jan. 2018), 106--118.Google Scholar
- Jiangshan Yu and Mark Dermot Ryan. 2015. Device attacker models: Fact and fiction. In Security Protocols XXIII - 23rd International Workshop, Cambridge, UK, March 31 - April 2, 2015, Revised Selected Papers. 158--167. Google Scholar
Digital Library
- Kim Zetter. 2015. Researchers Solve Juniper Backdoor Mystery; Signs Point to NSA. Retrieved January 24, 2019 from https://www.wired.com/2015/12/researchers-solve-the-juniper-mystery-and-they-say-its-partially-the-nsas-fault/.Google Scholar
- Y. Zhao, L. Iannone, and M. Riguidel. 2015. On the performance of SDN controllers: A reality check. In 2015 IEEE Conference on Network Function Virtualization and Software Defined Network (NFV-SDN’15). 79--85.Google Scholar
- Lidong Zhou, Fred B. Schneider, and Robbert Van Renesse. 2002. COCA: A secure distributed online certification authority. ACM Trans. Comput. Syst. 20, 4 (Nov. 2002), 329--368. Google Scholar
Digital Library
- Y. Zhou and X. Jiang. 2012. Dissecting Android malware: Characterization and evolution. In 2012 IEEE Symposium on Security and Privacy. IEEE, 95--109. Google Scholar
Digital Library
Index Terms
ANCHOR: Logically Centralized Security for Software-Defined Networks
Recommendations
Performance Analysis of SDN/OpenFlow Controllers: POX Versus Floodlight
Software-Defined Networking (SDN) is an emerging network architecture that is adaptable, dynamic, cost-effective, and manageable. The SDN architecture is a form of network virtualization where the network controlling functions and forwarding functions ...
Software-Defined Networking: On the Verge of a Breakthrough?
Many experts predict that software-defined networking, a technology that's been highly touted for several years, will soon finally begin gaining ground in the marketplace.
Performance Analysis of POX and Ryu with Different SDN Topologies
ICISS '18: Proceedings of the 1st International Conference on Information Science and SystemsThis paper deals with the performance comparison of two python-based Software Defined Network (SDN) controllers i.e. POX and Ryu under different network topologies such as Single, Linear, Tree, Dumbbell, Data Center Networks (DCN) and Software-Defined ...






Comments