Abstract

Software-Defined Network (SDN) is a novel architecture created to address the issues of traditional and vertically integrated networks. To increase cost-effectiveness and enable logical control, SDN provides high programmability and centralized view of the network through separation of network traffic delivery (the "data plane") from network configuration (the "control plane"). SDN controllers and related protocols are rapidly evolving to address the demands for scaling in complex enterprise networks. Because of the evolution of modern SDN technologies, production networks employing SDN are prone to several security vulnerabilities. The rate at which SDN frameworks are evolving continues to overtake attempts to address their security issues. According to our study, existing defense mechanisms, particularly SDN-based firewalls, face new and SDN-specific challenges in successfully enforcing security policies in the underlying network. In this paper, we identify problems associated with SDN-based firewalls, such as ambiguous flow path calculations and poor scalability in large networks. We survey existing SDN-based firewall designs and their shortcomings in protecting a dynamically scaling network like a data center. We extend our study by evaluating one such SDN-specific security solution called FlowGuard, and identifying new attack vectors and vulnerabilities. We also present corresponding threat detection techniques and respective mitigation strategies.

Original languageEnglish (US)
Title of host publicationSDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018
PublisherAssociation for Computing Machinery, Inc
Pages33-38
Number of pages6
Volume2018-January
ISBN (Electronic)9781450356350
DOIs
StatePublished - Mar 14 2018
Event2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, SDN-NFVSec 2018 - Tempe, United States
Duration: Mar 21 2018 → …

Other

Other2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, SDN-NFVSec 2018
CountryUnited States
CityTempe
Period3/21/18 → …

ASJC Scopus subject areas

  • Computer Science Applications
  • Information Systems
  • Software

Fingerprint Dive into the research topics of 'Challenges and preparedness of SDN-based firewalls'. Together they form a unique fingerprint.

  • Cite this

    Dixit, V. H., Kyung, S., Zhao, Z., Doupe, A., Shoshitaishvili, Y., & Ahn, G-J. (2018). Challenges and preparedness of SDN-based firewalls. In SDN-NFVSec 2018 - Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, Co-located with CODASPY 2018 (Vol. 2018-January, pp. 33-38). Association for Computing Machinery, Inc. https://doi.org/10.1145/3180465.3180468