Software-defined network (SDN) data plane security

issues, solutions, and future directions

Arash Shaghaghi*, Mohamed Ali Kaafar, Rajkumar Buyya, Sanjay Jha

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingChapter

13 Citations (Scopus)

Abstract

Software-defined network (SDN) radically changes the network architecture by decoupling the network logic from the underlying forwarding devices. This architectural change rejuvenates the network-layer granting centralized management and reprogrammability of the networks. From a security perspective, SDN separates security concerns into control and data plane, and this architectural recomposition brings up exciting opportunities and challenges. The overall perception is that SDN capabilities will ultimately result in improved security. However, in its raw form, SDN could potentially make networks more vulnerable to attacks and harder to protect. In this paper, we provide a comprehensive review of SDN security domain while focusing on its data plane, which is one of the least explored but most critical aspects in securing this technology. We review the most recent enhancements in SDNs, identify the main vulnerabilities of SDNs, and provide a novel attack taxonomy for SDNs. Thereafter, we provide a comprehensive analysis of challenges involved in protecting SDN data plane and control plane and provide an in-depth look into available solutions with respect to the identified threats and identify their limitations. To highlight the importance of securing the SDN platform, we also review the numerous security services built on top of this technology. We conclude the paper by offering future research directions.

Original languageEnglish
Title of host publicationHandbook of Computer Networks and Cyber Security
Subtitle of host publicationPrinciples and Paradigms
EditorsBrij B. Gupta, Gregorio Martinez Perez, Dharma P. Agrawal, Deepak Gupta
Place of PublicationCham, Switzerland
PublisherSpringer, Springer Nature
Chapter14
Pages341-387
Number of pages47
ISBN (Electronic)9783030222772
ISBN (Print)9783030222765
DOIs
Publication statusPublished - 2020

Keywords

  • Data plane
  • Data plane security
  • SDN security
  • Software-defined network (SDN)

Fingerprint Dive into the research topics of 'Software-defined network (SDN) data plane security: issues, solutions, and future directions'. Together they form a unique fingerprint.

Cite this