Abstract
Nowadays, security threats on Software Defined Network SDN architectures are similar to traditional networks. However, the profile of these threats changes with SDN. For example, a denial-of-service attack on a centralized controller that manages a large network of several network devices (routers, switches, etc.) is more destructive than a targeted attack against a router. A spoofed SDN controller could allow a hacker to control an entire network, while a spoofed router could only harm the proper functioning of the traffic routed through that router. The SDN is facing these new security challenges, especially on securing the SDN architecture itself. SDN security is ensured at all these levels based on three-layer architecture and programming interfaces, which poses several challenges. The SDN’s security challenges are expected to grow with the progressive deployment. This paper aims to provide a comprehensive review of state of the art, accompanied by categorizing the research literature into a taxonomy that highlights each proposal’s main characteristics and contributions to the SDN's different layers. Based on the analysis of existing work, we also highlight key research gaps that could support future research in this area.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.References
Abdullaziz OI, Wang L (2019) Mitigating DoS Attacks against SDN controller using information hiding. In: 2019 IEEE Wireless Communications and Networking Conference (WCNC). pp 1–6.https://doi.org/10.1109/WCNC.2019.8885764
Agborubere B, Sanchez-Velazquez E (2017) OpenFlow communications and TLS security in software-defined networks. In: 2017 IEEE International Conference on Internet of Things (IThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). pp 560–566. https://doi.org/10.1109/iThings-GreenCom-CPSCom-SmartData.2017.88
Ahmad I, Namal S, Ylianttila M, Gurtov A (2015) Security in software defined networks: a survey. IEEE Commun Surv Tutor 17(4):2317–2346. https://doi.org/10.1109/COMST.2015.2474118
Ahmed ME, Kim H (2017) DDoS attack mitigation in internet of things using software defined networking. In: 2017 IEEE Third International Conference on Big Data Computing Service and Applications (BigDataService). pp 271–276.https://doi.org/10.1109/BigDataService.2017.41
Aizuddin AA, Atan M, Norulazmi M, Noor MM, Akimi S and Abidin Z (2017) DNS Amplification attack detection and mitigation via sflow with security-centric SDN. In: Proceedings of the 11th International Conference on Ubiquitous Information Management and Communication. https://doi.org/10.1145/3022227.3022230
Al-Haj S, Tolone WJ (2017) FlowTable pipeline misconfigurations in Software Defined Networks. In: 2017 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). pp 247–252.https://doi.org/10.1109/INFCOMW.2017.8116384
Al-Shaer E, Al-Haj S (2010) FlowChecker: configuration analysis and verification of federated openflow infrastructures. In: Proceedings of the 3rd ACM Workshop on Assurable and Usable Security Configuration, pp 37–44. https://doi.org/10.1145/1866898.1866905
Alasadi E, Al-Raweshidy HS (2018) SSED: servers under software-defined network architectures to eliminate discovery messages. IEEE/ACM Trans Netw 26(1):104–117. https://doi.org/10.1109/TNET.2017.2763131
Alcorn JA, Chow CE (2014) A framework for large-scale modeling and simulation of attacks on an OpenFlow network. In: 2014 23rd International Conference on Computer Communication and Networks (ICCCN). pp 1–6. https://doi.org/10.1109/ICCCN.2014.6911848
Allouzi M, Khan J (2018) SafeFlow: authentication protocol for software defined networks. In: 2018 IEEE 12th International Conference on Semantic Computing (ICSC). pp 374–376. https://doi.org/10.1109/ICSC.2018.00076
Alparslan O, Gunes O, Hanay YS, Arakawa S, Murata M (2017) Improving resiliency against DDoS attacks by SDN and multipath orchestration of VNF services. In: 2017 IEEE International Symposium on Local and Metropolitan Area Networks (LANMAN). pp 1–3.https://doi.org/10.1109/LANMAN.2017.7972158
Ambrosin M, Conti M, Gaspari FD, Poovendran R (2017) LineSwitch: tackling control plane saturation attacks in software-defined networking. IEEE/ACM Trans Netw 25(2):1206–1219. https://doi.org/10.1109/TNET.2016.2626287
Aseeri A, Netjinda N, Hewett R (2017) Alleviating eavesdropping attacks in software-defined networking data plane. In: Proceedings of the 12th Annual Conference on Cyber and Information Security Research. https://doi.org/10.1145/3064814.3064832
De Assis MVO, Hamamoto AH, Abrão T, Proença ML (2017) A game theoretical based system using holt-winters and genetic algorithm with fuzzy logic for DoS/DDoS mitigation on SDN networks. IEEE Access 5:9485–9496. https://doi.org/10.1109/ACCESS.2017.2702341
Bailey J, Budgen D, Turner M, Kitchenham B, Brereton P, Linkman S (2007) Evidence relating to object-oriented software design: a survey. In: First international symposium on empirical software engineering and measurement (ESEM 2007). pp 482–484. https://doi.org/10.1109/ESEM.2007.58
Banse C, Schuette J (2017) A taxonomy-based approach for security in software-defined networking. In: 2017 IEEE International Conference on Communications (ICC). pp 1–6. https://doi.org/10.1109/ICC.2017.7997245
Bauer R, Dittebrandt A, Zitterbart M (2019) GCMI: a generic approach for SDN control message interception. In: 2019 IEEE Conference on Network Softwarization (NetSoft). pp 360–368. https://doi.org/10.1109/NETSOFT.2019.8806661
Bera S, Misra S, Vasilakos AV (2017) Software-defined networking for internet of things: a survey. IEEE Internet Things J 4(6):1994–2008. https://doi.org/10.1109/JIOT.2017.2746186
Braga R, Mota E, Passito A (2010) Lightweight DDoS flooding attack detection using NOX/OpenFlow. IEEE Local Comput Netw Conf. https://doi.org/10.1109/LCN.2010.5735752
Brooks M, Yang B (2015) A man-in-the-middle attack against opendaylight SDN controller. In: Proceedings of the 4th Annual ACM Conference on Research in Information Technology. pp 45–49. https://doi.org/10.1145/2808062.2808073
Schlesinger C, Story A, Gutz S, Foster N and W D (2012). Splendid isolation: Language-based security for softwaredefined networks. In: Proceedings of the First Workshop on Hot Topics in Software Defined Networks. ACM pp 79–84
Carvalho RN, Bordim JL, Alchieri EAP (2019) Entropy-based DoS attack identification in SDN. In: 2019 IEEE International Parallel and Distributed Processing Symposium Workshops (IPDPSW). pp 627–634.https://doi.org/10.1109/IPDPSW.2019.00108
Chang S, Park Y, Babu BBA (2019) Fast IP hopping randomization to secure hop-by-hop access in SDN. IEEE Trans Netw Serv Manage 16(1):308–320. https://doi.org/10.1109/TNSM.2018.2889842
Chen M-H, Ciou J-Y, Chung I-H, Chou C-F (2018) FlexProtect: a SDN-based DDoS attack protection architecture for multi-tenant data centers. Proc Int Conf High Perform Comput Asia-Pacific Region. https://doi.org/10.1145/3149457.3149476
Chica JCC, Imbachi JC, Vega JFB (2020) Security in SDN: a comprehensive survey. J Netw Comput Appl 159:102595
Chi P-W, Kuo C-T, Guo J-W, Lei C-L (2015) How to detect a compromised SDN switch. In: Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft). pp 1–6. https://doi.org/10.1109/NETSOFT.2015.7116184
Chin T, Mountrouidou X, Li X, Xiong K (2015). Selective packet inspection to detect DoS flooding using software defined networking (SDN). In: 2015 IEEE 35th International Conference on Distributed Computing Systems Workshops. pp 95–99. https://doi.org/10.1109/ICDCSW.2015.27
Chowdhary A, Alshamrani A, Huang D, Liang H (2018). MTD analysis and evaluation framework in software defined network (MASON). In: Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization. pp 43–48. https://doi.org/10.1145/3180465.3180473
Chowdhary A, Huang D, Ahn G-J, Kang M, Kim A, Velazquez A (2019) SDNSOC: object oriented SDN framework. In: Proceedings of the ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization. pp 7–12. https://doi.org/10.1145/3309194.3309196
Chung C, Member S, Khatkar P, Xing T (2013) NICE : network intrusion detection and countermeasure. IEEE Trans Depend Secure Comput 10(4):1–14. http://dblp.uni-trier.de/db/journals/tdsc/tdsc10.html#ChungKXLH13
Conti M, Gaspari FD, Mancini LV (2020) A novel stealthy attack to gather SDN configuration-information. IEEE Trans Emerg Top Comput 8(2):328–340. https://doi.org/10.1109/TETC.2018.2806977
Controller T (2013) Trema controller. Full-Stack OpenFlow Framework in Ruby and C. Retrieved September 12, 2020, from https://trema.github.io/trema/
Cui H, Chen Z, Yu L, Xie K, Xia Z (2017) Authentication mechanism for network applications in SDN environments. In: 2017 20th International Symposium on Wireless Personal Multimedia Communications (WPMC). pp 1–5. https://doi.org/10.1109/WPMC.2017.8301788
Cui Y, Yan L, Li S, Xing H, Pan W, Zhu J, Zheng X (2016) SD-Anti-DDoS: fast and efficient DDoS defense in software-defined networks. J Netw Comput Appl 68:65–79. https://doi.org/10.1016/j.jnca.2016.04.005
Cziva R, Jouët S, Stapleton D, Tso FP, Pezaros DP (2016) SDN-based virtual machine management for cloud data centers. IEEE Trans Netw Serv Manage 13(2):212–225
D’Orsaneo J, Tummala M, McEachen J, Martin B (2018) Analysis of traffic signals on an SDN for detection and classification of a man-in-the-middle attack. In: 2018 12th International Conference on Signal Processing and Communication Systems (ICSPCS). pp 1–9. https://doi.org/10.1109/ICSPCS.2018.8631762
Dargahi T, Caponi A, Ambrosin M, Bianchi G, Conti M (2017) A Survey on the Security of Stateful SDN Data Planes. IEEE Commun Surv Tutor. https://doi.org/10.1109/COMST.2017.2689819
da Silva AS, Smith P, Mauthe A, Schaeffer-Filho A (2015) Resilience support in software-defined networking: a survey. Comput Netw 92:189–207
Dridi L, Zhani MF (2016) SDN-Guard: DoS attacks mitigation in SDN networks. In: 2016 5th IEEE International Conference on Cloud Networking (Cloudnet). pp 212–217. https://doi.org/10.1109/CloudNet.2016.9
Erickson D (2013) The beacon openflow controller. In: Proceedings of the second ACM SIGCOMM workshop on hot topics in software defined networking, August 2013, pp 13–18
Feghali A, Kilany R, Chamoun M (2015) SDN security problems and solutions analysis. In: 2015 International Conference on Protocol Engineering (ICPE) and International Conference on New Technologies of Distributed Systems (NTDS). pp 1–5. https://doi.org/10.1109/NOTERE.2015.7293514
Fernandez MP (2013) Comparing OpenFlow controller paradigms scalability: reactive and proactive. In: 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA). pp 1009–1016. https://doi.org/10.1109/AINA.2013.113
Fichera S, Galluccio L, Grancagnolo SC, Morabito G, Palazzo S (2015) OPERETTA: an openflow-based remedy to mitigate TCP SYNFLOOD attacks against web servers. Comput Netw 92:89–100. https://doi.org/10.1016/j.comnet.2015.08.038
Fielding RT, Taylor RN (2000) Architectural styles and the design of network-based software architectures, vol 7. University of California, Irvine
Floodlight (2013) Floodlight OpenFlow controller. Available from http://www.projectfloodlight.org/floodlight
Foerster K, Ludwig A, Marcinkowski J, Schmid S (2018) Loop-free route updates for software-defined networks. IEEE/ACM Trans Netw 26(1):328–341. https://doi.org/10.1109/TNET.2017.2778426
François J, Dolberg L, Festor O, Engel T (2014) Network security through software defined networking: a survey. Proc Conf Principles Syst Appl IP Telecommun. https://doi.org/10.1145/2670386.2670390
Freire L, Neves M, Leal L, Levchenko K, Schaeffer-Filho A, Barcellos M (2018) Uncovering bugs in P4 programs with assertion-based verification. Proc Sympos SDN Res. https://doi.org/10.1145/3185467.3185499
Gao S, Li Z, Xiao B, Wei G (2018) Security threats in the data plane of software-defined networks. IEEE Network 32(4):108–113. https://doi.org/10.1109/MNET.2018.1700283
Gao S, Li Z, Yao Y, Xiao B, Guo S, Yang Y (2018) Software-defined firewall: enabling malware traffic detection and programmable security control. In: Proceedings of the 2018 on Asia Conference on Computer and Communications Security. pp 413–424. https://doi.org/10.1145/3196494.3196519
Giotis K, Argyropoulos C, Androulidakis G, Kalogeras D, Maglaris V (2014) Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Comput Netw 62:122–136
Goksel N, Demirci M (2019) DoS attack detection using packet statistics in SDN. In: 2019 International Symposium on Networks, Computers and Communications (ISNCC). pp 1–6https://doi.org/10.1109/ISNCC.2019.8909114
Gude N, Koponen T, Pettit J, Pfaff B, Casado M, McKeown N, Shenker S (2008) NOX: towards an operating system for networks. Comput Commun Rev. https://doi.org/10.1145/1384609.1384625
Hall RS, Cervantes H (2004) An OSGi implementation and experience report. In: First IEEE Consumer Communications and Networking Conference, 2004. CCNC 2004. pp 394–399. https://doi.org/10.1109/CCNC.2004.1286894
Hamdan M, Hassan E, Abdelaziz A, Elhigazi A, Mohammed B, Khan S, Vasilakos AV, Marsono MN (2021) A comprehensive survey of load balancing techniques in software-defined network. J Netw Comput Appl 174:102856. https://doi.org/10.1016/j.jnca.2020.102856
de la Hoz E, Cochrane G, Moreira-Lemus JM, Paez-Reyes R, Marsa-Maestre I, Alarcos B (2014) Detecting and defeating advanced man-in-the-middle attacks against TLS. In: 2014 6th International Conference On Cyber Conflict (CyCon 2014). pp 209–221. https://doi.org/10.1109/CYCON.2014.6916404
Hu T, Yi P, Hu Y, Lan J, Zhang Z, Li Z (2020) SAIDE: Efficient application interference detection and elimination in SDN. Comput Netw 183:107619. https://doi.org/10.1016/j.comnet.2020.107619
Hu Y, Su W, Wu L, Huang Y, Kuo S (2013) Design of event-based intrusion detection system on openflow network. In: 2013 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). pp 1–2. https://doi.org/10.1109/DSN.2013.6575335
Ishii S, Kawai E, Takata T, Kanaumi Y, Saito S, Kobayashi K, Shimojo S (2012) Extending the RISE controller for the interconnection of RISE and OS3E/NDDI. In: 2012 18th IEEE International Conference on Networks (ICON). pp 243–248. https://doi.org/10.1109/ICON.2012.6506564
Isong B, Molose RRS, Abu-Mahfouz AM, Dladlu N (2020) Comprehensive review of SDN controller placement strategies. IEEE Access 8:170070–170092. https://doi.org/10.1109/ACCESS.2020.3023974
Jafarian JH, Al-Shaer E, Duan Q (2013) Formal approach for route agility against persistent attackers. In: Crampton J, Jajodia S, Mayes K (eds) In european symposium on research in computer security. Springer, Berlin, pp 237–254
Jäger B, Röpke C, Adam I, Holz T (2015) Multi-layer access control for SDN-based Telco clouds. In: Buchegger S, Dam M (eds) In Nordic conference on secure IT systems. Springer International Publishing, pp 197–204
Jain R (2012) OpenADN: mobile apps on global clouds using software defined networking. In: Proceedings of the Third ACM Workshop on Mobile Cloud Computing and Services. pp 1–2.https://doi.org/10.1145/2307849.2307851
Jain S, Kumar A, Mandal S, Ong J, Poutievski L, Singh A, Venkata S, Wanderer J, Zhou J, Zhu M, Zolla J, Hölzle U, Stuart S, Vahdat A (2013) B4: Experience with a globally-deployed software defined wan. SIGCOMM Comput Commun Rev 43(4):3–14. https://doi.org/10.1145/2534169.2486019
Jeong K, Kim J, Kim Y (2012) QoS-aware Network Operating System for software defined networking with Generalized OpenFlows. In: 2012 IEEE Network Operations and Management Symposium. pp 1167–1174.https://doi.org/10.1109/NOMS.2012.6212044
Kempf J, Bellagamba E, Kern A, Jocha D, Takacs A, Sköldström P (2012) Scalable fault management for OpenFlow. In: 2012 IEEE International Conference on Communications (ICC). pp 6606–6610.https://doi.org/10.1109/ICC.2012.6364688
Khurshid A, Zou X, Zhou W, Caesar M, Godfrey PB (2013) VeriFlow: verifying network-wide invariants in real time. In: 10th {USENIX} Symposium on Networked Systems Design and Implementation ({NSDI} 13). pp 15–27. https://www.usenix.org/conference/nsdi13/technical-sessions/presentation/khurshid
Kim E, Kim K, Lee S, Jeong JP, Kim H (2018) A Framework for managing user-defined security policies to support network security functions. In: Proceedings of the 12th International Conference on Ubiquitous Information Management and Communication. https://doi.org/10.1145/3164541.3164569
Klaedtke F, Karame GO, Bifulco R, Cui H (2015) Towards an access control scheme for accessing flows in SDN. In: Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft). pp 1–6. https://doi.org/10.1109/NETSOFT.2015.7116185
Klaedtke F, Karame GO, Bifulco R, Cui H (2014) Access control for SDN controllers. Proc Third Workshop Hot Top Softw Defined Netw. https://doi.org/10.1145/2620728.2620773
Koponen T, Casado M, Gude N, Stribling J, Poutievski L, Zhu M, Ramanathan R, Iwata Y, Inoue H, Hama T, Shenker S (2010) Onix: a distributed control platform for large-scale production networks. In OSDI. In OSDI, 10
Kotani D, Okabe Y (2016) A packet-in message filtering mechanism for protection of control plane in OpenFlow switches. IEICE Trans Inf Syst 99(3):695–707
Kreutz D, Ramos FMV, Verissimo P (2013) Towards secure and dependable software-defined networks. In: Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. pp 55–60.https://doi.org/10.1145/2491185.2491199
Kuerban M, Tian Y, Yang Q, Jia Y, Huebert B, Poss D (2016) FlowSec: DOS attack mitigation strategy on SDN controller. In: 2016 IEEE International Conference on Networking, Architecture and Storage (NAS). pp 1–2. https://doi.org/10.1109/NAS.2016.7549402
Lévai T, Pelle I, Németh F, Gulyás A (2015) EPOXIDE: a modular prototype for SDN troubleshooting. SIGCOMM Comput Commun Rev 45(4):359–360. https://doi.org/10.1145/2829988.2790027
Li H, Li P, Guo S, Yu S (2014) Byzantine-resilient secure software-defined networks with multiple controllers. In: 2014 IEEE International Conference on Communications (ICC). pp 695–700.https://doi.org/10.1109/ICC.2014.6883400
Li Q, Zou X, Huang Q, Zheng J, Lee PPC (2019) Dynamic packet forwarding verification in SDN. IEEE Trans Dependable Secure Comput 16(6):915–929. https://doi.org/10.1109/TDSC.2018.2810880
Liu B, Bi J, Zhou Y (2016) Source address validation in software defined networks. In: Proceedings of the 2016 ACM SIGCOMM conference. pp 595–596. https://doi.org/10.1145/2934872.2960425
Maestro. (2009). Maestro. Maestro homepage: http://zhengcai.github.io/maestro-platform/
Masoud MZ, Jaradat Y, Jannoud I (2015) On preventing ARP poisoning attack utilizing Software Defined Network (SDN) paradigm. In: 2015 IEEE Jordan Conference on Applied Electrical Engineering and Computing Technologies (AEECT). pp. 1–5.https://doi.org/10.1109/AEECT.2015.7360549
Matsumoto S, Hitz S, Perrig A (2014) Fleet: defending SDNs from malicious administrators. In: Proceedings of the Third Workshop on Hot Topics in Software Defined Networking. pp 103–108.https://doi.org/10.1145/2620728.2620750
Mekky H, Hao F, Mukherjee S, Zhang Z-L, Lakshman TV (2014) Application-aware data plane processing in SDN. In: Proceedings of the Third Workshop on Hot Topics in Software Defined Networking. pp 13–18. https://doi.org/10.1145/2620728.2620735
Midha S, Triptahi K (2019) Extended TLS security and Defensive Algorithm in OpenFlow SDN. In: 2019 9th International Conference on Cloud Computing, Data Science & Engineering (Confluence). pp 141–146. https://doi.org/10.1109/CONFLUENCE.2019.8776607
Mihai-Gabriel I, Victor-Valeriu P (2014) Achieving DDoS resiliency in a software defined network by intelligent risk assessment based on neural networks and danger theory. In: 2014 IEEE 15th International Symposium on Computational Intelligence and Informatics (CINTI). pp 319–324. https://doi.org/10.1109/CINTI.2014.7028696
Moazzeni S, Khayyambashi MR, Movahhedinia N, Callegati F (2018) On reliability improvement of Software-Defined Networks. Comput Netw 133:195–211. https://doi.org/10.1016/j.comnet.2018.01.023
Mohammadi R, Javidan R, Conti M (2017) SLICOTS: an SDN-based lightweight countermeasure for TCP SYN flooding attacks. IEEE Trans Netw Serv Manag 14(2):487–497
Mohan PM, Truong-Huu T, Gurusamy M (2018) Towards resilient in-band control path routing with malicious switch detection in SDN. In: 2018 10th International Conference on Communication Systems & Networks (COMSNETS). pp 9–16. https://doi.org/10.1109/COMSNETS.2018.8328174
Monsanto C, Foster N, Harrison R, Walker D (2012) A compiler and run-time system for network programming languages. SIGPLAN Not 47(1):217–230. https://doi.org/10.1145/2103621.2103685
Monsanto C, Foster N, Harrison R, Walker D (2012) A complier and run-time system for network programming languages. Sigplan Not. https://doi.org/10.1145/2103621.2103685
Morzhov SV, Nikitinskiy MA (2018) Development and research of the PreFirewall network application for floodlight SDN controller. In: 2018 Moscow Workshop on Electronic and Networking Technologies (MWENT). pp 1–4.https://doi.org/10.1109/MWENT.2018.8337255
Nagai R, Kurihara W, Higuchi S, Hirotsu T (2018) Design and implementation of an OpenFlow-based TCP SYN flood mitigation. In: 2018 6th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering (MobileCloud). pp 37–42. https://doi.org/10.1109/MobileCloud.2018.00014
Namal S, Ahmad I, Gurtov A, Ylianttila M (2013) Enabling secure mobility with OpenFlow. In: 2013 IEEE SDN for Future Networks and Services (SDN4FNS). pp 1–5. https://doi.org/10.1109/SDN4FNS.2013.6702540
Nguyen T, Yoo M (2016) Attacks on host tracker in SDN controller: Investigation and prevention. In: 2016 International Conference on Information and Communication Technology Convergence (ICTC). pp 610–612.https://doi.org/10.1109/ICTC.2016.7763545
Nife F, Kotulski Z (2018). In: Gaj P, Sawicki M, Suchacka G, Kwiecień A (eds) New SDN-oriented authentication and access control mechanism BT-computer networks. Springer International Publishing, Berlin, pp 74–88
Oktian YE, Lee S, Lee H, Lam J (2015) Secure your Northbound SDN API. In: 2015 Seventh International Conference on Ubiquitous and Future Networks. pp 919–920.https://doi.org/10.1109/ICUFN.2015.7182679
Oktian YE, Lee SG, Lee HJ, Lam JH (2017) Distributed SDN controller system: a survey on design choice. Comput Netw 121:100–111. https://doi.org/10.1016/j.comnet.2017.04.038
OpenDaylight (2014) OpenDaylight: a linux foundation collaborative project. http://www.opendaylight.org/
Porras P, Cheung S, Fong M, Skinner K and Y V (2015) Securing the software-defined network control layer
Padekar H, Park Y, Hu H, Chang S-Y (2016) Enabling dynamic access control for controller applications in software-defined networks. In: Proceedings of the 21st ACM on Symposium on Access Control Models and Technologies. pp 51–61. https://doi.org/10.1145/2914642.2914647
Pan H, Li Z, Zhang P, Salamatian K, Xie G (2020) Misconfiguration checking for SDN: data structure, theory and algorithms. In: 2020 IEEE 28th International Conference on Network Protocols (ICNP). pp 1–11. https://doi.org/10.1109/ICNP49622.2020.9259353
Park T, Kim Y, Yegneswaran V, Porras P, Xu Z, Park K, Shin S (2019) DPX: data-plane extensions for SDN security service instantiation. In: Perdisci R, Maurice C, Giacinto G, Almgren M (eds) International conference on detection of intrusions and malware, and vulnerability assessment. Springer International Publishing, pp 415–437
Petersen K, Feldt R, Mujtaba S, Mattsson M (2008) Systematic mapping studies in software engineering. In: 12th International Conference on Evaluation and Assessment in Software Engineering (EASE), vol. 12. pp 1–10
Phan TV, Park M (2019) Efficient distributed denial-of-service attack defense in SDN-based cloud. IEEE Access 7:18701–18714. https://doi.org/10.1109/ACCESS.2019.2896783
Phemius K, Bouet M, Leguay J (2014) DISCO: Distributed multi-domain SDN controllers. In: 2014 IEEE Network Operations and Management Symposium (NOMS). pp 1–4.https://doi.org/10.1109/NOMS.2014.6838330
Porras P, Shin S, Yegneswaran V, Fong M, Tyson M, Gu G (2012) A security enforcement kernel for OpenFlow networks. https://doi.org/10.1145/2342441.2342466
Porras P, Cheung S, Fong M, Skinner K, Yegneswaran V (2015) Securing the software defined network control layer. In: Proceedings of the 2015 Network and Distributed System Security Symposium (NDSS), February, 8–11. https://doi.org/10.14722/ndss.2015.23222
Prete LR, Shinoda AA, Schweitzer CM, Oliveira RLS (2014) Simulation in an SDN network scenario using the POX Controller. In: 2014 IEEE Colombian Conference on Communications and Computing (COLCOM). pp 1–6. https://doi.org/10.1109/ColComCon.2014.6860403
Qasmaoui Y, Haqiq A (2020) Enhanced solid-flow: an enhanced flow rules security mechanism for SDN. IAENG Int J Comput Sci 47(3):522–532
Qasmaoui Y, Haqiq A (2017) Solid-flow: a flow rules security mechanism for SDN. In: 2017 3rd International Conference of Cloud Computing Technologies and Applications (CloudTech). pp 1–7. https://doi.org/10.1109/CloudTech.2017.8284734
Qi C, Wu J, Hu H, Cheng G, Liu W, Ai J, Yang C (2016) An intensive security architecture with multi-controller for SDN. In: 2016 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). pp 401–402.https://doi.org/10.1109/INFCOMW.2016.7562109
Ranjbar A, Komu M, Salmela P, Aura T (2016) An SDN-based approach to enhance the end-to-end security: SSL/TLS case study. In: NOMS 2016—2016 IEEE/IFIP Network Operations and Management Symposium. pp 281–288. https://doi.org/10.1109/NOMS.2016.7502823
Ryu (2017) Ryu SDN framework. Ryu Homepage: http://osrg.github.io/ryu/.
Saâdaoui A, Souayeh NBYB, Bouhoula A (2019) Automated and optimized formal approach to verify SDN access-control misconfigurations. In: Gao H, Yin Y, Yang X, Miao H (eds) International conference on testbeds and research infrastructure. Springer International Publishing, pp 96–112
Sahay R, Blanc G, Zhang Z, Debar H (2017) ArOMA: an SDN based autonomic DDoS mitigation framework. Comput Secur 70:482–499
Sasaki T, Pappas C, Lee T, Hoefler T, Perrig A (2016) SDNsec: forwarding accountability for the SDN data plane. In: 2016 25th International Conference on Computer Communication and Networks (ICCCN). pp 1–10. https://doi.org/10.1109/ICCCN.2016.7568569
Sasaki T, Perrig A, Asoni DE (2016) Control-plane isolation and recovery for a secure SDN architecture. In: 2016 IEEE NetSoft Conference and Workshops (NetSoft). pp 459–464.https://doi.org/10.1109/NETSOFT.2016.7502485
Schehlmann L, Abt S, Baier H (2014) Blessing or curse? Revisiting security aspects of Software-Defined Networking. In: 10th International Conference on Network and Service Management (CNSM) and Workshop. pp 382–387. https://doi.org/10.1109/CNSM.2014.7014199
Scott-Hayward S, Kane C, Sezer S (2014) OperationCheckpoint: SDN application control. In: 2014 IEEE 22nd International Conference on Network Protocols. pp 618–623. https://doi.org/10.1109/ICNP.2014.98
Scott-Hayward S, O’Callaghan G, Sezer S (2013) SDN security: a survey. Future networks and services (SDN4FNS), 2013 IEEE SDN for. pp 1–7
Sebbar A, Boulmalf M, Kettani MDE-CEl, Baddi Y (2018). Detection MITM attack in multi-SDN controller. In: 2018 IEEE 5th International Congress on Information Science and Technology (CiSt). pp 583–587. https://doi.org/10.1109/CIST.2018.8596479
Sezer S, Scott-Hayward S, Chouhan PK, Fraser B, Lake D, Finnegan J, Viljoen N, Miller M, Rao N (2013) Are we ready for SDN? Implementation challenges for software-defined networks. IEEE Commun Mag 51(7):36–43. https://doi.org/10.1109/MCOM.2013.6553676
Shaghaghi A, Kaafar MA, Buyya R, Jha S (2018) Software-Defined Network (SDN) Data plane security: issues, solutions and future directions. ArXiv Preprint http://arxiv.org/abs/1804.00262.
Shin J, Kim T, Lee B, Yang S (2017) IRIS-HiSA: highly scalable and available carrier-grade SDN controller cluster. Mob Netw Appl. https://doi.org/10.1007/s11036-017-0853-6
Shin S, Porras P, Yegneswaran V, Gu G (2013) FRESCO: Modular composable security services for software-defined networks. Netw Distrib Syst Secur Sympos 1(1):1–16
Shin S, Yegneswaran V, Porras P, Gu G (2013) Avant-guard: Scalable and vigilant switch flow management in software-defined networks. In: Proceedings of the 2013 ACM SIGSAC conference on computer and communications security. pp 413–424
Shu Z, Wan J, Li D, Lin J, Vasilakos AV, Imran M (2016) Security in software-defined networking: threats and countermeasures. Mob Netw Appl 21(5):764–776. https://doi.org/10.1007/s11036-016-0676-x
Shuangyu H, Jianwei L, Jian M, Jie C (2014) Hierarchical solution for access control and authentication in software defined networks. In: Au MH, Carminati B, Kuo C-CJ (eds) International conference on network and system security. Springer International Publishing, pp 70–81
Singh J, Behal S (2020) Detection and mitigation of DDoS attacks in SDN: a comprehensive review, research challenges and future directions. Comput Sci Rev 37:100279. https://doi.org/10.1016/j.cosrev.2020.100279
SNAC (2012) SNAC: simple network access control. https://github.com/
Son J, Buyya R (2018) A taxonomy of software-defined networking (SDN)-enabled cloud computing. ACM Comput Surv (CSUR) 51(3):59
Son J, Dastjerdi AV, Calheiros RN, Buyya R (2017) SLA-aware and energy-efficient dynamic overbooking in SDN-based cloud data centers. IEEE Trans Sustain Comput 2(2):76–89
Son S, Shin S, Yegneswaran V, Porras P, Gu G (2013) Model checking invariant security properties in OpenFlow. IEEE Int Conf Commun. https://doi.org/10.1109/ICC.2013.6654813
Specification OS (2013) Open networking foundation. Version ONF TS-015 1(3):1–164
Suh J, Choi H, Yoon W, You T, Kwon TT, Choi Y (2010) Implementation of content-oriented networking architecture (CONA): a focus on DDoS countermeasure. In: 1st European NetFPGA Developers Workshop. pp 1–5. https://mmlab.snu.ac.kr/publications/docs/2010_EU_netfpga_workshop_jhsuh.pdf
Tootoonchian A, Ganjali Y (2010) HyperFlow: a distributed control plane for OpenFlow
Tootoonchian A, Gorbunov S, Ganjali Y, Casado M, Sherwood R (2012) On controller performance in software-defined networks. In: 2nd {USENIX} Workshop on Hot Topics in Management of Internet, Cloud, and Enterprise Networks and Services (Hot-ICE 12). https://www.usenix.org/conference/hot-ice12/workshop-program/presentation/tootoonchian
Voellmy A, Hudak P (2011). In: Rocha R, Launchbury J (eds) Nettle: taking the sting out of programming network routers BT-practical aspects of declarative languages. Springer, Berlin, pp 235–249
Voellmy A, Kim H, Feamster N (2012). Procera: a language for high-level reactive network control. In: HotSDN’12 - Proceedings of the 1st ACM International Workshop on Hot Topics in Software Defined Networks. https://doi.org/10.1145/2342441.2342451
Voellmy A, Wang J (2012) Scalable software defined network controllers. In: Proceedings of the ACM SIGCOMM 2012 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication. pp 289–290. https://doi.org/10.1145/2342356.2342414
Wang H (2014) Authentic and confidential policy distribution in software defined wireless network. In: 2014 International Wireless Communications and Mobile Computing Conference (IWCMC). pp 1167–1171.https://doi.org/10.1109/IWCMC.2014.6906520
Wang H, Xu L, Gu G (2015) FloodGuard: a DoS attack prevention extension in software-defined networks. In: 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. pp 239–250. https://doi.org/10.1109/DSN.2015.27
Wang M, Liu J, Chen J, Liu X, Mao J (2016) PERM-GUARD: authenticating the validity of flow rules in software defined networking. In: Proceedings—2nd IEEE International Conference on Cyber Security and Cloud Computing, CSCloud 2015—IEEE International Symposium of Smart Cloud, IEEE SSC 2015, 37. pp 127–132. https://doi.org/10.1109/CSCloud.2015.89
Wei L, Fung C (2015) FlowRanger: a request prioritizing algorithm for controller DoS attacks in Software Defined Networks. In: 2015 IEEE International Conference on Communications (ICC). pp 5254–5259.https://doi.org/10.1109/ICC.2015.7249158
Wen X, Chen Y, Hu C, Shi C, Wang Y (2013) Towards a secure controller platform for openflow applications.https://doi.org/10.1145/2491185.2491212
Wu B, Li H, Wu Q, Jiang Z, Liu J (2020) TMPTCP: a lightweight trust extension for multipath-TCP. In: 2020 International Conference on Networking and Network Applications (NaNA). pp 342–347.https://doi.org/10.1109/NaNA51271.2020.00065
Wu G, Wang J, Obaidat MS, Yao L, Hsiao K-F (2019) Dynamic switch migration with noncooperative game towards control plane scalability in SDN. Int J Commun Syst 32(7):e3927. https://doi.org/10.1002/dac.3927
Xie R, Xu M, Cao J, Li Q (2019) SoftGuard: defend against the low-rate TCP attack in SDN. In: ICC 2019—2019 IEEE International Conference on Communications (ICC). pp 1–6. https://doi.org/10.1109/ICC.2019.8761806
Yan Z, Zhang P, Vasilakos AV (2016) A security and trust framework for virtualized networks and software-defined networking. Secur Commun Netw 9(16):3059–3069. https://doi.org/10.1002/sec.1243
Yang M, Li Y, Jin D, Zeng L, Wu X, Vasilakos AV (2015) Software-defined and virtualized future mobile and wireless networks: a survey. Mob Netw Appl 20(1):4–18. https://doi.org/10.1007/s11036-014-0533-8
Yao G, Bi J, Xiao P (2011) Source address validation solution with OpenFlow/NOX architecture. In: 2011 19th IEEE International Conference on Network Protocols. pp 7–12. https://doi.org/10.1109/ICNP.2011.6089085
Ying Q, Wanqssing Y, Kai Q (2016) OpenFlow flow table overflow attacks and countermeasures. In: 2016 European Conference on Networks and Communications (EuCNC). pp 205–209.https://doi.org/10.1109/EuCNC.2016.7561033
Yue M, Wang H, Liu L, Wu Z (2020) Detecting DoS attacks based on multi-features in SDN. IEEE Access 8:104688–104700. https://doi.org/10.1109/ACCESS.2020.2999668
Zhang C, Hu G, Chen G, Sangaiah AK, Zhang P, Yan X, Jiang W (2018) Towards a SDN-based integrated architecture for mitigating IP spoofing attack. IEEE Access 6:22764–22777. https://doi.org/10.1109/ACCESS.2017.2785236
Zhang H, Cai Z, Liu Q, Xiao Q, Li Y, Cheang CF (2018) A survey on security-aware measurement in SDN. Secur Commun Netw
Zhang K, Qiu X (2018) CMD: a convincing mechanism for MITM detection in SDN. In: 2018 IEEE International Conference on Consumer Electronics (ICCE). pp 1–6.https://doi.org/10.1109/ICCE.2018.8326334
Zhang L, Guo Y, Yuwen H, Wang Y (2016) A port hopping based DoS mitigation scheme in SDN network. In: 2016 12th International Conference on Computational Intelligence and Security (CIS). pp 314–317. https://doi.org/10.1109/CIS.2016.0077
Zhang L, Wang Z, Gu K, Miao F, Guo Y (2016) Transparent synchronization based port mutation scheme in SDN network. In: 2016 5th International Conference on Computer Science and Network Technology (ICCSNT). pp 581–585. https://doi.org/10.1109/ICCSNT.2016.8070225
Zhang L, Wei Q, Gu K, Yuwen H (2016) Path hopping based SDN network defense technology. In: 2016 12th International Conference on Natural Computation, Fuzzy Systems and Knowledge Discovery (ICNC-FSKD). pp 2058–2063. https://doi.org/10.1109/FSKD.2016.7603498
Zhang P, Wang H, Hu C, Lin C (2016) On denial of service attacks in software defined networks. IEEE Network 30(6):28–33. https://doi.org/10.1109/MNET.2016.1600109NM
Zhang Y, Beheshti N, Tatipamula M (2011) On resilience of split-architecture networks. In: 2011 IEEE Global Telecommunications Conference - GLOBECOM 2011. pp 1–6. https://doi.org/10.1109/GLOCOM.2011.6134496
Zheng J, Li Q, Gu G, Cao J, Yau DKY, Wu J (2018) Realtime DDoS defense using COTS SDN switches via adaptive correlation analysis. IEEE Trans Inf Forensics Secur 13(7):1838–1853. https://doi.org/10.1109/TIFS.2018.2805600
Zhou H, Wu C, Yang C, Wang P, Yang Q, Lu Z, Cheng Q (2018) SDN-RDCD: a real-time and reliable method for detecting compromised SDN devices. IEEE/ACM Trans Netw 26(5):2048–2061. https://doi.org/10.1109/TNET.2018.2859483
Zhu L, Tang X, Shen M, Du X, Guizani M (2018) Privacy-Preserving DDoS attack detection using cross-domain traffic in software defined networks. IEEE J Sel Areas Commun 36(3):628–643. https://doi.org/10.1109/JSAC.2018.2815442
Zou D, Lu Y, Yuan B, Chen H, Jin H (2018) A fine-grained multi-tenant permission management framework for SDN and NFV. IEEE Access 6:25562–25572. https://doi.org/10.1109/ACCESS.2018.2828132
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Maleh, Y., Qasmaoui, Y., El Gholami, K. et al. A comprehensive survey on SDN security: threats, mitigations, and future directions. J Reliable Intell Environ 9, 201–239 (2023). https://doi.org/10.1007/s40860-022-00171-8
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s40860-022-00171-8