Security in Software Defined Networks: A Survey
Top Cited Papers
- 27 August 2015
- journal article
- research article
- Published by Institute of Electrical and Electronics Engineers (IEEE) in IEEE Communications Surveys & Tutorials
- Vol. 17 (4), 2317-2346
- https://doi.org/10.1109/comst.2015.2474118
Abstract
Software defined networking (SDN) decouples the network control and data planes. The network intelligence and state are logically centralized and the underlying network infrastructure is abstracted from applications. SDN enhances network security by means of global visibility of the network state where a conflict can be easily resolved from the logically centralized control plane. Hence, the SDN architecture empowers networks to actively monitor traffic and diagnose threats to facilitates network forensics, security policy alteration, and security service insertion. The separation of the control and data planes, however, opens security challenges, such as man-in-the middle attacks, denial of service (DoS) attacks, and saturation attacks. In this paper, we analyze security threats to application, control, and data planes of SDN. The security platforms that secure each of the planes are described followed by various security approaches for network-wide security in SDN. SDN security is analyzed according to security dimensions of the ITU-T recommendation, as well as, by the costs of security solutions. In a nutshell, this paper highlights the present and future security challenges in SDN and future directions for secure SDN.Keywords
This publication has 105 references indexed in Scilit:
- FreneticACM SIGPLAN Notices, 2011
- Efficient CT Metal Artifact Reduction Based on Fractional-Order Curvature DiffusionComputational and Mathematical Methods in Medicine, 2011
- Future Internet architectureCommunications of the ACM, 2010
- No more middleboxACM SIGCOMM Computer Communication Review, 2010
- NOXACM SIGCOMM Computer Communication Review, 2008
- OpenFlowACM SIGCOMM Computer Communication Review, 2008
- EthaneACM SIGCOMM Computer Communication Review, 2007
- A clean slate 4D approach to network control and managementACM SIGCOMM Computer Communication Review, 2005
- Active security support for active networksIEEE Transactions on Systems, Man and Cybernetics, Part C (Applications and Reviews), 2003
- The self-organizing mapProceedings of the IEEE, 1990