Software-defined network (SDN) data plane security: issues, solutions, and future directions

Arash Shaghaghi; Mohamed Ali Kaafar; Rajkumar Buyya; Sanjay Jha

doi:10.1007/978-3-030-22277-2_14

Software-defined network (SDN) data plane security: issues, solutions, and future directions

Arash Shaghaghi^*, Mohamed Ali Kaafar, Rajkumar Buyya, Sanjay Jha

^*Corresponding author for this work

School of Computing

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

61 Citations (Scopus)

Abstract

Software-defined network (SDN) radically changes the network architecture by decoupling the network logic from the underlying forwarding devices. This architectural change rejuvenates the network-layer granting centralized management and reprogrammability of the networks. From a security perspective, SDN separates security concerns into control and data plane, and this architectural recomposition brings up exciting opportunities and challenges. The overall perception is that SDN capabilities will ultimately result in improved security. However, in its raw form, SDN could potentially make networks more vulnerable to attacks and harder to protect. In this paper, we provide a comprehensive review of SDN security domain while focusing on its data plane, which is one of the least explored but most critical aspects in securing this technology. We review the most recent enhancements in SDNs, identify the main vulnerabilities of SDNs, and provide a novel attack taxonomy for SDNs. Thereafter, we provide a comprehensive analysis of challenges involved in protecting SDN data plane and control plane and provide an in-depth look into available solutions with respect to the identified threats and identify their limitations. To highlight the importance of securing the SDN platform, we also review the numerous security services built on top of this technology. We conclude the paper by offering future research directions.

Original language	English
Title of host publication	Handbook of Computer Networks and Cyber Security
Subtitle of host publication	Principles and Paradigms
Editors	Brij B. Gupta, Gregorio Martinez Perez, Dharma P. Agrawal, Deepak Gupta
Place of Publication	Cham, Switzerland
Publisher	Springer, Springer Nature
Chapter	14
Pages	341-387
Number of pages	47
ISBN (Electronic)	9783030222772
ISBN (Print)	9783030222765
DOIs	https://doi.org/10.1007/978-3-030-22277-2_14
Publication status	Published - 2020

Keywords

Data plane
Data plane security
SDN security
Software-defined network (SDN)

Access to Document

10.1007/978-3-030-22277-2_14

Cite this

Shaghaghi, A., Kaafar, M. A., Buyya, R., & Jha, S. (2020). Software-defined network (SDN) data plane security: issues, solutions, and future directions. In B. B. Gupta, G. Martinez Perez, D. P. Agrawal, & D. Gupta (Eds.), Handbook of Computer Networks and Cyber Security: Principles and Paradigms (pp. 341-387). Springer, Springer Nature. https://doi.org/10.1007/978-3-030-22277-2_14

Shaghaghi, Arash ; Kaafar, Mohamed Ali ; Buyya, Rajkumar et al. / Software-defined network (SDN) data plane security : issues, solutions, and future directions. Handbook of Computer Networks and Cyber Security: Principles and Paradigms. editor / Brij B. Gupta ; Gregorio Martinez Perez ; Dharma P. Agrawal ; Deepak Gupta. Cham, Switzerland : Springer, Springer Nature, 2020. pp. 341-387

@inbook{9da70005506448608b3ca5c902f021c5,

title = "Software-defined network (SDN) data plane security: issues, solutions, and future directions",

abstract = "Software-defined network (SDN) radically changes the network architecture by decoupling the network logic from the underlying forwarding devices. This architectural change rejuvenates the network-layer granting centralized management and reprogrammability of the networks. From a security perspective, SDN separates security concerns into control and data plane, and this architectural recomposition brings up exciting opportunities and challenges. The overall perception is that SDN capabilities will ultimately result in improved security. However, in its raw form, SDN could potentially make networks more vulnerable to attacks and harder to protect. In this paper, we provide a comprehensive review of SDN security domain while focusing on its data plane, which is one of the least explored but most critical aspects in securing this technology. We review the most recent enhancements in SDNs, identify the main vulnerabilities of SDNs, and provide a novel attack taxonomy for SDNs. Thereafter, we provide a comprehensive analysis of challenges involved in protecting SDN data plane and control plane and provide an in-depth look into available solutions with respect to the identified threats and identify their limitations. To highlight the importance of securing the SDN platform, we also review the numerous security services built on top of this technology. We conclude the paper by offering future research directions.",

keywords = "Data plane, Data plane security, SDN security, Software-defined network (SDN)",

author = "Arash Shaghaghi and Kaafar, {Mohamed Ali} and Rajkumar Buyya and Sanjay Jha",

year = "2020",

doi = "10.1007/978-3-030-22277-2_14",

language = "English",

isbn = "9783030222765",

pages = "341--387",

editor = "Gupta, {Brij B.} and {Martinez Perez}, Gregorio and Agrawal, {Dharma P.} and Deepak Gupta",

booktitle = "Handbook of Computer Networks and Cyber Security",

publisher = "Springer, Springer Nature",

address = "United States",

}

Shaghaghi, A, Kaafar, MA, Buyya, R & Jha, S 2020, Software-defined network (SDN) data plane security: issues, solutions, and future directions. in BB Gupta, G Martinez Perez, DP Agrawal & D Gupta (eds), Handbook of Computer Networks and Cyber Security: Principles and Paradigms. Springer, Springer Nature, Cham, Switzerland, pp. 341-387. https://doi.org/10.1007/978-3-030-22277-2_14

Software-defined network (SDN) data plane security : issues, solutions, and future directions. / Shaghaghi, Arash; Kaafar, Mohamed Ali; Buyya, Rajkumar et al.

Handbook of Computer Networks and Cyber Security: Principles and Paradigms. ed. / Brij B. Gupta; Gregorio Martinez Perez; Dharma P. Agrawal; Deepak Gupta. Cham, Switzerland : Springer, Springer Nature, 2020. p. 341-387.

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

TY - CHAP

T1 - Software-defined network (SDN) data plane security

T2 - issues, solutions, and future directions

AU - Shaghaghi, Arash

AU - Kaafar, Mohamed Ali

AU - Buyya, Rajkumar

AU - Jha, Sanjay

PY - 2020

Y1 - 2020

N2 - Software-defined network (SDN) radically changes the network architecture by decoupling the network logic from the underlying forwarding devices. This architectural change rejuvenates the network-layer granting centralized management and reprogrammability of the networks. From a security perspective, SDN separates security concerns into control and data plane, and this architectural recomposition brings up exciting opportunities and challenges. The overall perception is that SDN capabilities will ultimately result in improved security. However, in its raw form, SDN could potentially make networks more vulnerable to attacks and harder to protect. In this paper, we provide a comprehensive review of SDN security domain while focusing on its data plane, which is one of the least explored but most critical aspects in securing this technology. We review the most recent enhancements in SDNs, identify the main vulnerabilities of SDNs, and provide a novel attack taxonomy for SDNs. Thereafter, we provide a comprehensive analysis of challenges involved in protecting SDN data plane and control plane and provide an in-depth look into available solutions with respect to the identified threats and identify their limitations. To highlight the importance of securing the SDN platform, we also review the numerous security services built on top of this technology. We conclude the paper by offering future research directions.

AB - Software-defined network (SDN) radically changes the network architecture by decoupling the network logic from the underlying forwarding devices. This architectural change rejuvenates the network-layer granting centralized management and reprogrammability of the networks. From a security perspective, SDN separates security concerns into control and data plane, and this architectural recomposition brings up exciting opportunities and challenges. The overall perception is that SDN capabilities will ultimately result in improved security. However, in its raw form, SDN could potentially make networks more vulnerable to attacks and harder to protect. In this paper, we provide a comprehensive review of SDN security domain while focusing on its data plane, which is one of the least explored but most critical aspects in securing this technology. We review the most recent enhancements in SDNs, identify the main vulnerabilities of SDNs, and provide a novel attack taxonomy for SDNs. Thereafter, we provide a comprehensive analysis of challenges involved in protecting SDN data plane and control plane and provide an in-depth look into available solutions with respect to the identified threats and identify their limitations. To highlight the importance of securing the SDN platform, we also review the numerous security services built on top of this technology. We conclude the paper by offering future research directions.

KW - Data plane

KW - Data plane security

KW - SDN security

KW - Software-defined network (SDN)

UR - http://www.scopus.com/inward/record.url?scp=85085801334&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-22277-2_14

DO - 10.1007/978-3-030-22277-2_14

M3 - Chapter

AN - SCOPUS:85085801334

SN - 9783030222765

SP - 341

EP - 387

BT - Handbook of Computer Networks and Cyber Security

A2 - Gupta, Brij B.

A2 - Martinez Perez, Gregorio

A2 - Agrawal, Dharma P.

A2 - Gupta, Deepak

PB - Springer, Springer Nature

CY - Cham, Switzerland

ER -

Shaghaghi A, Kaafar MA, Buyya R, Jha S. Software-defined network (SDN) data plane security: issues, solutions, and future directions. In Gupta BB, Martinez Perez G, Agrawal DP, Gupta D, editors, Handbook of Computer Networks and Cyber Security: Principles and Paradigms. Cham, Switzerland: Springer, Springer Nature. 2020. p. 341-387 https://doi.org/10.1007/978-3-030-22277-2_14

Software-defined network (SDN) data plane security: issues, solutions, and future directions

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this