Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

Security Analysis of SDN Cloud Applications

  • Chapter
  • First Online:
SDN and NFV Security

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 30))

Abstract

Recently with the emergence of Software Defined Networking (SDN), cloud environments have gone through modifications as traditional data centers adopt SDN as a network management solution. As cloud networking platform provides great power to configure networks in cloud, there is also a downside that intruders and hackers may control the network functionality which may lead to more damage than in legacy networks. Even though cloud networking providers implement the most of the security standards, data storage and important files on external service providers may lead to risk. The ease in procuring and accessing cloud services can also give users the ability to scan, identify and exploit loopholes and vulnerabilities within a system. For instance, in a multi-tenant cloud architecture where multiple users are hosted on the same server, a hacker might try to break into the data of other users hosted and stored on the same server. However, such exploits and loopholes are not likely to surface and the likelihood of a compromise is not great. Understanding traffic flows will extract issues out and methods can be suggested dealing with it. Security concerns here are highly expanded attack that includes the control and data plane. Security challenges are unique to clouds that differ from SDN. In this paper, SDN cloud applications are compared and analysis of three applications such as Meridian, CloudNaaS and HPE Virtual Cloud Network are performed. Main factor for choosing the three applications are their market share and wide deployment. The architecture of these applications are explained and security analysis is done using a threat analysis tool called STRIDE. We suggest some mitigation techniques for the well known threats like spoofing, tampering of data, repudiation and also check if the application has in-built countermeasures against these threats.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Alexander I (2013) Misuse cases: use cases with hostile intent. IEEE Softw 20(1):58–66

    Article  Google Scholar 

  2. Authenticode. https://msdn.microsoft.com/en-us/library/ms537359(28v=vs.85)29.aspx (visited on 05/06/2016)

  3. Banikazemi M et al (2013) Meridian: an SDN platform for cloud network services. https://doi.org/10.1109/MCOM.2013.6461196

  4. Benso T et al (2011) CLOUDNaaS: a cloud networking platform for enterprise applications. In: Proceedings of ACM symposium cloud computing 322(8): 6–24. https://doi.org/10.1145/2038916.2038924

  5. Brandt M et al (2014) Security analysis of software defined networking protocols openflow. In: OF-Config and OVSDB in IEEE ICCE 2014 (July 2014)

    Google Scholar 

  6. de Jesus WP. Analysis of SDN contributions for Cloud Computing Security. In: IEEE ACM 7th international conference on utility and cloud computing. London, UK, 8–11 Dec 2014

    Google Scholar 

  7. Eddington M, Saitta P, Larcom B (2016) Trike v. 1 methodology document [draft]. https://dymaxion.org/ (visited on 06/11/2016)

  8. Floodlight. http://www.projectfloodlight.org/floodlight (visited on 05/06/2016)

  9. Howard M, LeBlanc D (2015) Writing secure code. Microsoft Press. ISBN: 0-7356-1722-8

    Google Scholar 

  10. HP ArcSight Logger. http://www8.hp.com/h20195/v2/GetPDF.aspx/c04447843.pdf (visited on 07/14/2016)

  11. HP Atalla Cloud Encryption. http://www.hp.vpm/hpinfo/newsroom/Accessed (visited on 06/19/2016)

  12. HP Bridging the data center of today and tomorrow with SDN. http://h17007.www1.hp.com/docs/networking/datacenter/4AA5-1865ENWDiscover-FAQ.PDF (visited on 06/21/2016)

  13. HP Fortify Software Security Center v4.30 and HP WebInspect v10.40 Products. https://community.hpe.com/hpeb/attachments/hpeb/ (Visited on 06/21/2016)

  14. Improve your network security in 30 days with HPE TippingPoint. https://ssl.www8.hp.com/emeaafrica/en/ssl/(visited on 07/21/2016)

  15. Internet X.509 public key infrastructure Time-Stamp Protocol (TSP). https://www.ietf.org/rfc/rfc3161.txt (visited on 07/22/2016)

  16. Jürjens J, Hussmann H, Cook S (2012) UMLsec: extending UML for secure systems development. Springer, Berlin Heidelberg. ISBN: 2460- 12-425-200

    Google Scholar 

  17. Khalil IM, Khreishah A, Azeem M (2014) Cloud computing security: a survey. In: Computerss 3(1): 1–35. www.mdpi.com/2073-431X/3/1/1/pdf

  18. Klingel D et al (2014) Security analysis of software defined networking architectures PCEw. In: Chikhale A, Khondoker R (eds) Asian conference on internet engineering (Nov 2014). https://doi.org/10.1145/2684793.2684796.38

  19. Libvert. Libvert: the virtualization API. https://libvirt.org/ (visited on 07/16/2016)

  20. Lohr H et al (2009) Modeling trusted computing support in a protection profile for high assurance security kernels. In: International conference on the technical and social economic aspects of trusted computing. Oxford, UK,68 (Apr 2009)

    Google Scholar 

  21. Magin D, Khondoker R, Bayarou K (2015) Security analysis of OpenRadio and SoftRAN with STRIDE framework. In: The 24th international conference on computer communications and applications (ICCCN 2015). IEEE, Las Vegas, Nevada, USA (3–6 Aug 2015)

    Google Scholar 

  22. Marx R, Dauer P, Khondoker R, Bayarou K (2015) Security analysis of software defined networking for monitoring and measurement sFlow and Big- Tap. In: 10th International Conference on Future Internet Technologies (CFI) (June 2015)

    Google Scholar 

  23. Marx R, Tasch M, Khondoker R, Bayarou K (2014) Security analysis of security applications for software defined networks. In: 10th AINTEC 2014. Chiang Mai, Thailand (26–28 Nov 2014)

    Google Scholar 

  24. Mckeown N et al (2008) OpenFlow: enabling innovation in campus networks. http://ccr.sigcomm.org/online/files/p69-v38n2nmckeown.pdf

  25. ONF. SDN definition. https://www.opennetworking.org/sdn-resources/sdn-definition (visited on 07/15/2016)

  26. Real World threat modeling using the PASTA methodology. https://www.owasp.org/images/a/aa/AppSecEU2012_PASTA.pdf (visited on 06/16/2016)

  27. Reducing network complexity, boosting performance with HP IRF technology. http://h17007.www1.hp.com/docs/reports/irf.pdf (visited on 07/12/2016)

  28. Schneier B (2016) Attack trees. https://www.schneier.com/ academic/archives/1999/12/attack_trees.html (visited on 06/11/2016)

  29. SDN. Realizing the power of SDN with HP Virtual Application networks. http://h17007.www1.hp.com/docs/interopny/4aa4-3871enw.pdf (visited on 05/14/2016)

  30. STRIDE. The STRIDE Threat model. https://msdn.microsoft.com/en-us/ens/library/ee823878(v=cs.20).aspx (visited on 07/15/2016)

  31. The CORAS approach to model- driven risk analysis. https://securitylab.disi.unitn.it/lib/exe/ (visited on 06/18/2016)

  32. The Kerberos Network Authentication Service (V5). https://www.ietf.org/rfc/rfc4120.txt (visited on 06/17/2016)

  33. What is OpenFlow? Definition and how it relates to SDN. https://www.sdxcentral.com/sdn/definitions/what-is-openflow/

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, TU, Darmstadt, Germany

    Ankush Chikhale

  2. Fraunhofer SIT, Darmstadt, Germany

    Rahamatullah Khondoker

Authors
  1. Ankush Chikhale
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rahamatullah Khondoker
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ankush Chikhale .

Editor information

Editors and Affiliations

  1. Mobile Networks (MNE), Fraunhofer Institute for Secure Information Technology, Darmstadt, Germany

    Rahamatullah Khondoker

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Chikhale, A., Khondoker, R. (2018). Security Analysis of SDN Cloud Applications. In: Khondoker, R. (eds) SDN and NFV Security. Lecture Notes in Networks and Systems, vol 30. Springer, Cham. https://doi.org/10.1007/978-3-319-71761-6_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-71761-6_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-71760-9

  • Online ISBN: 978-3-319-71761-6

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation