A survey on the security of stateful SDN data planes

Dargahi, T ORCID: https://orcid.org/0000-0002-0908-6483, Caponi, A, Ambrosin, M, Bianchi, G and Conti, M 2017, 'A survey on the security of stateful SDN data planes' , IEEE Communications Surveys & Tutorials, 19 (3) , pp. 1701-1725.

Full text not available from this repository. (Request a copy)

Abstract

Software-Defined Networking (SDN) emerged as an attempt to introduce network innovations faster, and to radically simplify and automate the management of large networks. SDN traditionally leverages OpenFlow as device-level abstraction. Since OpenFlow permits the programmer to “just” abstract a static flow-table, any stateful control and processing intelligence is necessarily delegated to the network controller. Motivated by the latency and signaling overhead that comes along with such a two-tiered SDN programming model, in the last couple of years several works have proposed innovative switch-level (data plane) programming abstractions capable to deploy some smartness directly inside the network switches, e.g., in the form of localized stateful flow processing. Furthermore, the possible inclusion of states and state maintenance primitives inside the switches is currently being debated in the OpenFlow standardization community itself. In this paper, after having provided the reader with a background on such emerging stateful SDN data plane proposals, we focus our attention on the security implications that data plane programmability brings about. Also via the identification of potential attack scenarios, we specifically highlight possible vulnerabilities specific to stateful in-switch processing (including denial of service and saturation attacks), which we believe should be carefully taken into consideration in the ongoing design of current and future proposals for stateful SDN data planes.

Item Type: Article
Schools: Schools > School of Computing, Science and Engineering
Journal or Publication Title: IEEE Communications Surveys & Tutorials
Publisher: IEEE
ISSN: 1553-877X
Related URLs:
Depositing User: T Dargahi
Date Deposited: 20 May 2019 13:32
Last Modified: 01 Oct 2019 16:34
URI: http://usir.salford.ac.uk/id/eprint/51376

Actions (login required)

Edit record (repository staff only) Edit record (repository staff only)