Mitigating attacks in software defined networks

Abstract

<p>Future network innovation lies in software defined networking (SDN). This innovative technology has revolutionised the networking world for half a decade and contributes to transform legacy network architectures. This transformation blesses the networking world with improved performance and quality of service. However, security for SDN remains an afterthought. In this paper we present a detailed discussion of some of the attacks possible in SDN and techniques to deal with the attacks. The threat model will consider some significantly vulnerable areas in SDN which can lead to severe network security breaches. In particular, we describe different attacks such as attacks on the Controller, attacks on networking devices, attacks exploiting the communication links between the control plane and the data plane and different types of topology poisoning attacks. We then propose techniques to deal with some of the attacks in SDN. We make use of northbound security application on the Controller and OpenFlow agents in the networking devices for enforcing security policies in the data plane. The security application is used for specification and storage of the security policies and to make decisions on the enforcement of security policies to deal with different types of attacks. We will describe the prototype implementation of our approach using ONOS Controller and demonstrate its effectiveness against different types of attacks.</p>