research-article

Application Threats to Exploit Northbound Interface Vulnerabilities in Software Defined Networks

Authors:

Muhammad Usman,

Tanveer A. Zia,

Hammad AfzalAuthors Info & Claims

ACM Computing Surveys (CSUR), Volume 54, Issue 6

Article No.: 121, Pages 1 - 36

https://doi.org/10.1145/3453648

Published: 13 July 2021 Publication History

Abstract

Software Defined Networking (SDN) is an evolving technology that decouples the control functionality from the underlying hardware managed by the control plane. The application plane supports programmers to develop numerous applications (such as networking, management, security, etc.) that can even be executed from remote locations. Northbound interface (NBI) bridges the control and application planes to execute the third-party applications business logic. Due to the software bugs in applications and existing vulnerabilities such as illegal function calling, resource exhaustion, lack of trust, and so on, NBIs are susceptible to different attacks. Based on the extensive literature review, we have identified that the researchers and academia have mainly focused on the security of the control plane, data plane, and southbound interface (SBI). NBI, in comparison, has received far less attention. In this article, the security of the least explored, but a critical component of the SDN architecture, i.e., NBI, is analyzed. The article provides a brief overview of SDN, followed by a detailed discussion on the categories of NBI, vulnerabilities of NBI, and threats posed by malicious applications to NBI. Efforts of the researchers to counter malicious applications and NBI issues are then discussed in detail. The standardization efforts for the single acceptable NBI and security requirements of SDN by Open Networking Foundation (ONF) are also presented. The article concludes with the future research directions for the security of a single acceptable NBI.

Supplementary Material

a121-rauf-app.pdf (rauf.zip)

Supplemental movie, appendix, image and software files for, Application Threats to Exploit Northbound Interface Vulnerabilities in Software Defined Networks

Download
27.67 KB

References

[1]

Ijaz Ahmad, Suneth Namal, Mika Ylianttila, and Andrei Gurtov. 2015. Security in software defined networks: A survey. IEEE Commun. Surv. Tutor. 17 (2015), 2317–2346.

Digital Library

[2]

Richard Alimi, Reinaldo Penno, and Y. Yang. 2011. ALTO protocol. Retrieved from draft-ietfalto-protocol-09.txt.

[3]

Aliyu Lawal Aliyu, Adel Aneiba, Mohammad Patwary, and Peter Bull. 2020. A trust management framework for software defined network (SDN) controller and network applications. Comput. Netw. 181 (2020), 107421.

[4]

Aliyu Lawal Aliyu, Peter Bull, and Ali Abdallah. 2017. A trust management framework for network applications within an SDN environment. In 31st International Conference on Advanced Information Networking and Applications Workshops (WAINA’17). IEEE, 93–98.

[5]

Carolyn Jane Anderson, Nate Foster, Arjun Guha, Jean-Baptiste Jeannin, Dexter Kozen, Cole Schlesinger, and David Walker. 2014. NetKAT: Semantic foundations for networks. ACM SIGPLAN Not. 49, 1 (2014), 113–126.

Digital Library

[6]

Christian Banse and Sathyanarayanan Rangarajan. 2015. A secure northbound interface for SDN applications. In IEEE Trustcom/BigDataSE/ISPA, Vol. 1. IEEE, 834–839.

Digital Library

[7]

Kevin Benton, L. Jean Camp, and Chris Small. 2013. OpenFlow vulnerability assessment. In 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. ACM, 151–152.

Digital Library

[8]

Stéphane Betgé-Brezetz, Guy-Bertrand Kamga, and Monsef Tazi. 2015. Trust support for SDN controllers and virtualized network applications. In 1st IEEE Conference on Network Softwarization (NetSoft’15). IEEE, 1–5.

[9]

Giuseppe Bianchi, Marco Bonola, Antonio Capone, and Carmelo Cascone. 2014. OpenState: programming platform-independent stateful openflow applications inside the switch. ACM SIGCOMM Comput. Commun. Rev. 44, 2 (2014), 44–51.

Digital Library

[10]

Andy Bierman, Martin Bjorklund, Kent Watsen, and Rex Fernando. 2017. RESTCONF protocol. In IETF RFC 8040.

[11]

Zheng Cai, Alan L. Cox, and T. S. Ng. 2010. Maestro: A system for Scalable Openflow Control. Technical Report. Rice University. https://hdl.handle.net/1911/96391.

[12]

Balakrishnan Chandrasekaran and Theophilus Benson. 2014. Tolerating SDN application failures with LegoSDN. In 13th ACM Workshop on Hot Topics in Networks. ACM, 22.

Digital Library

[13]

Balakrishnan Chandrasekaran, Brendan Tschaen, and Theophilus Benson. 2016. Isolating and tolerating SDN application failures with LegoSDN. In Symposium on SDN Research. ACM, 7.

Digital Library

[14]

Juan Camilo Correa Chica, Jenny Cuatindioy Imbachi, and Juan Felipe Botero. 2020. Security in SDN: A comprehensive survey. J. Netw. Comput. Applic. 159 (2020), 102595. https://doi.org/10.1016/j.jnca.2020.102595

[15]

Hongyan Cui, Zunming Chen, Longfei Yu, Kun Xie, and Zongguo Xia. 2017. Authentication mechanism for network applications in SDN environments. In 20th International Symposium on Wireless Personal Multimedia Communications (WPMC’17). IEEE, 1–5.

[16]

Jie Cui, Sheng Zhou, Hong Zhong, Yan Xu, and Kewei Sha. 2018. Transaction-based flow rule conflict detection and resolution in SDN. In 27th International Conference on Computer Communication and Networks (ICCCN’18). IEEE, 1–9.

[17]

Yousef Ibrahim Daradkeh, Mujahed ADhaifallah, Dmitry Namiot, and Manfred Sneps-Sneppe. 2016. On standards for application level interfaces in SDN. Int. J. Adv. Comput. Sci. Applic. 7, 10 (2016).

[18]

John Dix. 2013. Clarifying the role of software-defined networking northbound APIs. Retrieved from https://www.networkworld.com/article/2165901/clarifying-the-role-of-software-defined-networking-northbound-apis.html.

[19]

Avri Doria, Jamal Hadi Salim, Robert Haas, Hormuzd M. Khosravi, Weiming Wang, Ligang Dong, Ram Gopal, and Joel M. Halpern. 2010. Forwarding and control element separation (ForCES) protocol specification.RFC 5810 (2010), 1–124.

[20]

Rob Enns, Martin Bjorklund, Juergen Schoenwaelder, and Andy Bierman. 2011. Network configuration protocol (NETCONF). Internet Engineering Task Force. http://www.rfc-editor.org/rfc/rfc6241.txt.

[21]

David Erickson. 2013. The beacon openflow controller. In 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. ACM, 13–18.

Digital Library

[22]

Morteza Fakoorrad. 2016. Application Layer of Software Defined Networking: Pros and Cons in Terms of Security. Master’s thesis. Tallinn University of Technology.

[23]

Xincai Fei, Fangming Liu, Qixia Zhang, Hai Jin, and Hongxin Hu. 2020. Paving the Way for NFV Acceleration: A taxonomy, survey and future directions. ACM Comput. Surv. 53, 4 (Aug. 2020).

Digital Library

[24]

Andrew D. Ferguson, Arjun Guha, Chen Liang, Rodrigo Fonseca, and Shriram Krishnamurthi. 2013. Participatory networking: An API for application control of SDNs. In ACM SIGCOMM Comput. Communication Review, Vol. 43. ACM, 327–338.

Digital Library

[25]

Roy T. Fielding. 2000. Architectural styles and the design of network-based software. Doctoral dissertation, University of California, Irvine.

[26]

Floodlight Project. 2019. Floodlight Controller. Retrieved from http://www.projectfloodlight.org/floodlight/.

[27]

Nate Foster, Rob Harrison, Michael J. Freedman, Christopher Monsanto, Jennifer Rexford, Alec Story, and David Walker. 2011. Frenetic: A network programming language. ACM SIGPLAN Not. 46, 9 (2011), 279–291.

Digital Library

[28]

Tyrone Grandison and Morris Sloman. 2000. A survey of trust in internet applications. IEEE Commun. Surv. Tutor. 3, 4 (2000), 2–16.

Digital Library

[29]

Natasha Gude, Teemu Koponen, Justin Pettit, Ben Pfaff, Martín Casado, Nick McKeown, and Scott Shenker. 2008. NOX: Towards an operating system for networks. ACM SIGCOMM Comput. Commun. Rev. 38, 3 (2008), 105–110.

Digital Library

[30]

Richard S. Hall, Karl Pauls, Stuart McCulloch, and David Savage. 2011. OSGi in Action: Creating Modular Applications in Java. Greenwich: Manning Publications.

[31]

Soheil Hassas Yeganeh and Yashar Ganjali. 2012. Kandoo: A framework for efficient and scalable offloading of control applications. In 1st Workshop on Hot Topics in Software Defined Networks. ACM, 19–24.

Digital Library

[32]

Timothy L. Hinrichs, Natasha S. Gude, Martin Casado, John C. Mitchell, and Scott Shenker. 2009. Practical declarative network management. In 1st ACM Workshop on Research on Enterprise Networking. ACM, 1–10.

Digital Library

[33]

Hien Do Hoang, Phan The Duy, and Van-Hau Pham. 2019. A security-enhanced monitoring system for northbound interface in SDN using blockchain. In 10th International Symposium on Information and Communication Technology. 197–204.

Digital Library

[34]

Fei Hu, Qi Hao, and Ke Bao. 2014. A survey on software-defined network and OpenFlow: From concept to implementation. IEEE Commun. Surv. Tutor. 16, 4 (2014), 2181–2206.

[35]

C. Janz, N. Davis, D. Hood, D. Lenrow, Li Fengkai, F. Schneider, J. Strassner, and A. Veitch. 2016. Intent NBI-Definition and Principles. Technical Report. ONF TR-523. https://opennetworking.org/wp-content/uploads/2014/10/TR-523_Intent_Definition_Principles.pdf.

[36]

Bassey Isong, Tebogo Kgogo, and Francis Lugayizi. 2017. Trust Establishment in SDN: Controller and applications. Int. J. Comput. Netw. Inf. Secur. 9, 7 (2017), 20.

[37]

Lalita J. Jagadeesan and Veena Mendiratta. 2016. Programming the network: Application software faults in software-defined networks. In IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW’16). IEEE, 125–131.

[38]

Murat Karakus and Arjan Durresi. 2017. A survey: Control plane scalability issues and approaches in Software-Defined Networking (SDN). Comput. Netw. 112 (2017), 279–293.

Digital Library

[39]

Suleman Khan, Abdullah Gani, Ainuddin Wahid Abdul Wahab, Mohsen Guizani, and Muhammad Khurram Khan. 2016. Topology discovery in software defined networks: Threats, taxonomy, and state-of-the-art. IEEE Commun. Surv. Tutor. 19, 1 (2016), 303–324.

Digital Library

[40]

Rahamatullah Khondoker, Adel Zaalouk, Ronald Marx, and Kpatcha Bayarou. 2014. Feature-based comparison and selection of software defined networking (SDN) controllers. In World Congress on Computer Applications and Information Systems (WCCAIS’14). IEEE, 1–7.

[41]

Ahmed Khurshid, Xuan Zou, Wenxuan Zhou, Matthew Caesar, and P. Brighten Godfrey. 2013. Veriflow: Verifying network-wide invariants in real time. In 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI’13). 15–27.

[42]

Green Kim, Junghyun An, and Keecheon Kim. 2017. A study on authentication mechanism in SEaaS for SDN. In 11th International Conference on Ubiquitous Information Management and Communication. ACM, 51.

Digital Library

[43]

Rowan Klöti, Vasileios Kotronis, and Paul Smith. 2013. OpenFlow: A security analysis. In IEEE International Conference on Network Protocols, Vol. 13. 1–6.

[44]

Teemu Koponen, Martin Casado, Natasha Gude, Jeremy Stribling, Leon Poutievski, Min Zhu, Rajiv Ramanathan, Yuichiro Iwata, Hiroaki Inoue, Takayuki Hama, et al. 2010. Onix: A distributed control platform for large-scale production networks. In USENIX Symposium on Operating Systems Design and Implementation, Vol. 10. 1–6.

[45]

L. Kreeger, Dinesh Dutt, Thomas Narten, David Black, and Murari Sridharan. 2012. Network Virtualization Overlay Control Protocol Requirements draft-kreeger-nvo3-overlay-cp-00. https://www.ietf.org/proceedings/83/slides/slides-83-nvo3-4.pdf.

[46]

Diego Kreutz, Fernando Ramos, and Paulo Verissimo. 2013. Towards secure and dependable software-defined networks. In 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. ACM, 55–60.

Digital Library

[47]

Diego Kreutz, Fernando Ramos, Paulo Verissimo, Christian Esteve Rothenberg, Siamak Azodolmolky, and Steve Uhlig. 2014. Software-defined networking: A comprehensive survey. arXiv preprint arXiv:1406.0440 (2014).

[48]

Zohaib Latif, Kashif Sharif, Fan Li, Md Monjurul Karim, and Yu Wang. 2019. A comprehensive survey of interface protocols for software defined networks. arXiv preprint arXiv:1902.07913 (2019).

[49]

Seungsoo Lee, Changhoon Yoon, and Seungwon Shin. 2016. The smaller, the shrewder: A simple malicious application can kill an entire SDN environment. In ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization. ACM, 23–28.

Digital Library

[50]

Ningning Li, Chungang Yan, Xin Wang, and Cheng Wang. 2016. Conflict-aware network state updates in SDN. In 12th International Conference on Mobile Ad Hoc and Sensor Networks (MSN’16). IEEE, 214–221.

[51]

Pingping Lin, Jun Bi, and Hongyu Hu. 2016. BTSDN: BGP-based transition for the existing networks to SDN. Wirel. Person. Commun. 86, 4 (2016), 1829–1843.

Digital Library

[52]

Pingping Lin, Jonathan Hart, Umesh Krishnaswamy, Tetsuya Murakami, Masayoshi Kobayashi, Ali Al-Shabibi, Kuang-Ching Wang, and Jun Bi. 2013. Seamless interworking of SDN and IP. In ACM SIGCOMM Computer Communication Review, Vol. 43. ACM, 475–476.

Digital Library

[53]

John W. Lloyd. 2012. Foundations of Logic Programming. Springer Science & Business Media.

[54]

M. McCauley. 2012. POX. Retrieved from http://www.noxrepo.org/.

[55]

Lusani Mamushiane, Albert Lysko, and Sabelo Dlamini. 2018. A comparative evaluation of the performance of popular SDN controllers. In Wireless Days Conference (WD’18). IEEE, 54–59.

[56]

Christopher Mansour and Danai Chasaki. 2018. Design of an SDN security mechanism to detect malicious activities. In 10th International Conference on Ubiquitous and Future Networks (ICUFN’18). IEEE, 186–190.

[57]

Diogo Menezes Ferrazani Mattos and Otto Carlos Muniz Bandeira Duarte. 2016. AuthFlow: authentication and access control mechanism for software defined networking. Ann. Telecommun. 71, 11–12 (2016), 607–615.

[58]

Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru Parulkar, Larry Peterson, Jennifer Rexford, Scott Shenker, and Jonathan Turner. 2008. OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput. Commun. Rev. 38, 2 (2008), 69–74.

Digital Library

[59]

Christopher Monsanto, Nate Foster, Rob Harrison, and David Walker. 2012. A compiler and run-time system for network programming languages. ACM SIGPLAN Not. 47, 1 (2012), 217–230.

Digital Library

[60]

J. Rexford N. P. Katta and D. Walker. 2019. Logic programming for software-defined networks. Retrieved from http://frenetic-lang.org/publications/logic-programming-xldi12-slides.pdf.

[61]

Jad Naous, David Erickson, Adam G. Covington, Guido Appenzeller, and Nick McKeown. 2008. Implementing an OpenFlow switch on the NetFPGA platform. In 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems. ACM, 1–9.

Digital Library

[62]

Seyed Bagher Hashemi Natanzi and Mohammad Reza Majma. 2017. Secure northbound interface for SDN applications with NTRU public key infrastructure. In IEEE 4th International Conference on Knowledge-based Engineering and Innovation (KBEI’17). IEEE, 0452–0458.

[63]

Tim Nelson, Andrew D. Ferguson, Michael J. G. Scheer, and Shriram Krishnamurthi. 2014. Tierless programming and reasoning for software-defined networks. In 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI’14). 519–531.

[64]

Anders Nygren, Ben Pfaff, Bob Lantz, Brandon Heller, Casey Barker, Curt Beckmann, Dan Cohn, Dan Malek, Dan Talayco, David Erickson, et al. 2014. OpenFlow Switch Specification 1.5.0. Technical Report.Open Netw. Found., Tech. Rep. ONF TS-020.

[65]

Yustus Eko Oktian, SangGon Lee, HoonJae Lee, and JunHuy Lam. 2015. Secure your northbound SDN API. In 7th International Conference on Ubiquitous and Future Networks. IEEE, 919–920.

[66]

Yustus Eko Oktian, SangGon Lee, HoonJae Lee, and JunHuy Lam. 2017. Distributed SDN controller system: A survey on design choice. Comput. Netw. 121 (2017), 100–111.

Digital Library

[67]

Yustus Eko Oktian, Sang-Gon Lee, and JunHuy Lam. 2018. Oauthkeeper: An authorization framework for software defined network. J. Netw. Syst. Manag. 26, 1 (2018), 147–168.

Digital Library

[68]

Nathalie Omnes, Marc Bouillon, Gael Fromentoux, and Olivier Le Grand. 2015. A programmable and virtualized network & IT infrastructure for the internet of things: How can NFV & SDN help for facing the upcoming challenges? In 18th International Conference on Intelligence in Next Generation Networks. IEEE, 64–69.

[69]

ONF. 2013. Open Networking Foundation Introduces Northbound Interface Working Group. Retrieved from https://www.opennetworking.org/news-and-events/press-releases/open-networking-foundation-introduces-northbound-interface/-working-group/.

[70]

ONF. 2014. Open Networking Foundation (ONF), OpenFlow management and configuration protocol (OF-CONFIG) v1.2. Technical Report.Retrieved from https://www.opennetworking.org/images/stories/downloads/sdn-resources/onf-specifications/openflow-confi.

[71]

ONOS PROJECT. 2019. Open Networking Operating System. Retrieved from http://onosproject.org/.

[72]

Open Networking Foundation (ONF). 2019. Retrieved from https://www.opennetworking.org/.

[73]

Open Networking Foundation (ONF). 2012. Software-defined Networking: The New Norm for Networks. Technical Reports. Retrieved from https://www.opennetworking.org/images/stories/downloads/sdn-resources/white-papers/wp-sdn-newnorm.pdf.

[74]

Open Networking Foundation (ONF). 2015. Principles and Practices for Securing Software-defined Networks. Technical Reports. Retrieved from https://www.opennetworking.org/images/stories/downloads/sdn-resources/technical-reports/Principles_and_Practices_for_Securing_Software-Defined_Networks_applied_to_OFv1.3.4_V1.0.pdf.

[75]

Open Networking Foundation (ONF). 2016. Threat Analysis for the SDN Architecture. Technical Reports. Retrieved from https://www.opennetworking.org/images/stories/downloads/sdn-resources/technical-reports/Threat_Analysis_for_the_SDN_Architecture.pdf.

[76]

OpenDaylight Project. 2019. OpenDaylight Controller. Retrieved from https://www.opendaylight.org/.

[77]

Hitesh Padekar, Younghee Park, Hongxin Hu, and Sang-Yoon Chang. 2016. Enabling dynamic access control for controller applications in software-defined networks. In 21st ACM on Symposium on Access Control Models and Technologies. ACM, 51–61.

Digital Library

[78]

Manish Paliwal, Deepti Shrimankar, and Omprakash Tembhurne. 2018. Controllers in SDN: A review report. IEEE Access 6 (2018), 36256–36270.

[79]

Kostas Pentikousis, Yan Wang, and Weihua Hu. 2013. MobileFlow: Toward software-defined mobile networks. IEEE Commun. Mag. 51, 7 (2013), 44–53.

[80]

Ben Pfaff and Bruce Davie. 2013. The Open vSwitch database management protocol. Internet Engineering Task Force, RFC 7047 (Informational). Retrieved from http://www.ietf.org/rfc/rfc7047.txt.

[81]

Paul Pichler, Barbara Weber, Stefan Zugal, Jakob Pinggera, Jan Mendling, and Hajo A. Reijers. 2011. Imperative versus declarative process modeling languages: An empirical investigation. In International Conference on Business Process Management. Springer, 383–394.

[82]

Philip Porras, Seungwon Shin, Vinod Yegneswaran, Martin Fong, Mabry Tyson, and Guofei Gu. 2012. A security enforcement kernel for openflow networks. In 1st Workshop on Hot Topics in Software Defined Networks. ACM, 121–126.

Digital Library

[83]

Phillip A. Porras, Steven Cheung, Martin W. Fong, Keith Skinner, and Vinod Yegneswaran. 2015. Securing the software defined network control layer. In Network and Distributed System Security Symposium.

[84]

Joshua Reich, Christopher Monsanto, Nate Foster, Jennifer Rexford, and David Walker. 2013. Modular SDN programming with pyretic. Usenix Magazine 5, 38 (2013).

[85]

Mark Reitblatt, Marco Canini, Arjun Guha, and Nate Foster. 2013. FatTire: Declarative fault tolerance for software-defined networks. In 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. ACM, 109–114.

Digital Library

[86]

Christian Röpke and Thosten Holz. 2018. Preventing malicious SDN applications from hiding adverse network manipulations. In Workshop on Security in Softwarized Networks: Prospects and Challenges. ACM, 40–45.

Digital Library

[87]

SDN Ryu. 2015. Framework community: RYU SDN framework. Retrieved from http://osrg.github.io/ryu.

[88]

Ola Salman, Imad H. Elhajj, Ayman Kayssi, and Ali Chehab. 2016. SDN Controllers: A comparative study. In 18th Mediterranean Electrotechnical Conference (MELECON’16). IEEE, 1–6.

[89]

David Lenrow Sarwar Raza. 2013. Open Networking Foundation North Bound Interface Working Group (NBI-WG) Charter. Retrieved from https://www.opennetworking.org/images/stories/downloads/working-groups/charter-nbi.pdf.

[90]

Sibylle Schaller and Dave Hood. 2017. Software defined networking architecture standardization. Comput. Stand. Interf. 54 (2017), 197–202.

Digital Library

[91]

Sandra Scott-Hayward, Christopher Kane, and Sakir Sezer. 2014. OperationCheckpoint: SDN application control. In IEEE 22nd International Conference on Network Protocols. IEEE, 618–623.

Digital Library

[92]

Sandra Scott-Hayward, Sriram Natarajan, and Sakir Sezer. 2015. A survey of security in software defined networks. IEEE Commun. Surv. Tutor. 18, 1 (2015), 623–654.

Digital Library

[93]

Sandra Scott-Hayward, Gemma O’Callaghan, and Sakir Sezer. 2013. SDN security: A survey. In IEEE SDN for Future Networks and Services (SDN4FNS’13). IEEE, 1–7.

[94]

Arash Shaghaghi, Mohamed Ali Kaafar, Rajkumar Buyya, and Sanjay Jha. 2018. Software-defined network (SDN) data plane security: Issues, solutions and future directions. arXiv preprint arXiv:1804.00262 (2018).

[95]

Zhedan Shao, Xiaorong Zhu, Alexander M. M. Chikuvanyanga, and Hongbo Zhu. 2019. Blockchain-based SDN security guaranteeing algorithm and analysis model. In International Conference on Wireless and Satellite Systems. Springer, 348–362.

[96]

Seungwon Shin, Yongjoo Song, Taekyung Lee, Sangho Lee, Jaewoong Chung, Phillip Porras, Vinod Yegneswaran, Jiseong Noh, and Brent Byunghoon Kang. 2014. Rosemary: A robust, secure, and high-performance network operating system. In ACM SIGSAC Conference on Computer and Communications Security. ACM, 78–89.

Digital Library

[97]

Seung Won Shin, Phillip Porras, Vinod Yegneswara, Martin Fong, Guofei Gu, and Mabry Tyson. 2013. FRESCO: Modular composable security services for software-defined networks. In 20th Network & Distributed System Security Symposium.

[98]

Zhaogang Shu, Jiafu Wan, Di Li, Athanasios Vasilakos, Jiaxiang Lin, and Muhammad Ali Imran. 2016. Security in software-defined networking: Threats and countermeasures. Mob. Netw. Applic. 21, 5 (2016), 764–776.

Digital Library

[99]

MEA Smith, M. Dvorkin, Y. Laribi, V. Pandey, P. Garg, and N. Weidenbacher. 2014. OpFlex control protocol. IETF J. (Apr. 2014).

[100]

Haoyu Song. 2013. Protocol-oblivious forwarding: Unleash the power of SDN through a future-proof forwarding plane. In 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. ACM, 127–132.

Digital Library

[101]

Robert Soulé, Shrutarshi Basu, Robert Kleinberg, Emin Gün Sirer, and Nate Foster. 2013. Managing the network with Merlin. In 12th ACM Workshop on Hot Topics in Networks. ACM, 24.

Digital Library

[102]

William Stallings. 2015. Foundations of Modern Networking: SDN, NFV, QoE, IoT, and Cloud. Addison-Wesley Professional.

[103]

Yan Lindsay Sun and Yafei Yang. 2007. Trust establishment in distributed networks: Analysis and modeling. In IEEE International Conference on Communications. IEEE, 1266–1273.

[104]

P. V. Tijare and D. Vasudevan. 2016. The northbound APIs of software defined networks. Int. J. Eng. Sci. Res. Tech. 5, 10 (2016).

[105]

Nippon Telegraph and Telephone Corporation. 2012. RYU network operating system. http://osrg.github.com/ryu/.

[106]

B. Toshniwal, K. D. Joshi, P. Shrivastava, and K. Kataoka. 2019. BEAM: behavior-based access control mechanism for SDN applications. In 28th International Conference on Computer Communication and Networks (ICCCN’19). 1–2.

[107]

Cuong Ngoc Tran and Vitalian Danciu. 2019. Hidden conflicts in software-defined networks. In International Conference on Advanced Computing and Applications (ACOMP’19). IEEE, 127–134.

[108]

Cuong Ngoc Tran and Vitalian Danciu. 2020. A general approach to conflict detection in software-defined networks. SN Comput. Sci. 1, 1 (2020), 9.

[109]

Trema. 2019. Trema project. Retrieved from http://trema.github.io/trema.

[110]

Yuchia Tseng, Farid Naït-Abdesselam, and Ashfaq Khokhar. 2018. A comprehensive 3-dimensional security analysis of a controller in software-defined networking. Secur. Priv. 1, 2 (2018), 21.

[111]

Yuchia Tseng, Montida Pattaranantakul, Ruan He, Zonghua Zhang, and Farid Naït-Abdesselam. 2017. Controller DAC: Securing SDN controller with dynamic access control. In IEEE International Conference on Communications (ICC’17). IEEE, 1–6.

[112]

Yuchia Tseng, Zonghua Zhang, and Farid Naït-Abdesselam. 2016. ControllerSEPA: A Security-enhancing SDN controller plug-in for openflow applications. In 17th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT’16). IEEE, 268–273.

[113]

Mengmeng Wang, Jianwei Liu, Jie Chen, Xiao Liu, and Jian Mao. 2017. PERM-GUARD: Authenticating the validity of flow rules in software defined networking. J. Sig. Process. Syst. 86, 2–3 (2017), 157–173.

[114]

Xitao Wen, Yan Chen, Chengchen Hu, Chao Shi, and Yi Wang. 2013. Towards a secure controller platform for openflow applications. In 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. ACM, 171–172.

Digital Library

[115]

Qiao Yan, F. Richard Yu, Qingxiang Gong, and Jianqiang Li. 2015. Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges. IEEE Commun. Surv. Tutor. 18, 1 (2015), 602–622.

Digital Library

[116]

Zhen Yao and Zheng Yan. 2018. A trust management framework for software-defined network applications. Concurr. Comput.: Pract. Exper. 32, 16 (2018), e4518.

[117]

H. Yin, H Xie, T. Tsou, D. Lopez, P. Aranda, and R. Sidi. 2012. SDNi: A Message Exchange Protocol for Software Defined Networks (SDNS) across Multiple Domains- Internet Draft.

[118]

W. Zhou, L. Li, M. Luo, and W. Chou. 2014. REST API design patterns for SDN Northbound API. In 28th International Conference on Advanced Information Networking and Applications Workshops. 358–365.

[119]

Deqing Zou, Yu Lu, Bin Yuan, Haoyu Chen, and Hai Jin. 2018. A fine-grained multi-tenant permission management framework for SDN and NFV. IEEE Access 6 (2018), 25562–25572.

Cited By

Su YXiong DQian KWang Y(2024)A Comprehensive Survey of Distributed Denial of Service Detection and Mitigation Technologies in Software-Defined NetworkElectronics10.3390/electronics1304080713:4(807)Online publication date: 19-Feb-2024
https://doi.org/10.3390/electronics13040807
Awan KUd Din IAlmogren ARodrigues J(2024)Artificial Intelligence and Quantum Synergies in Trust-Enhanced Consumer Applications for Software Defined NetworksIEEE Transactions on Consumer Electronics10.1109/TCE.2024.336567370:1(791-799)Online publication date: Mar-2024
https://doi.org/10.1109/TCE.2024.3365673
Rahman JSingh JNayak SJena BMohanty LSingh NLaird JSingh RGarg DKhanna NFouda MSaba LSuri J(2024)A Generalized and Robust Nonlinear Approach based on Machine Learning for Intrusion DetectionApplied Artificial Intelligence10.1080/08839514.2024.237698338:1Online publication date: 11-Jul-2024
https://doi.org/10.1080/08839514.2024.2376983
Show More Cited By

Index Terms

Application Threats to Exploit Northbound Interface Vulnerabilities in Software Defined Networks
1. Networks
  1. Network architectures
    1. Programming interfaces
2. Security and privacy
  1. Software and application security

Recommendations

Security in Software Defined Networks: A Survey
Software defined networking (SDN) decouples the network control and data planes. The network intelligence and state are logically centralized and the underlying network infrastructure is abstracted from applications. SDN enhances network security by means ...
A Secure Northbound Interface for SDN Applications
TRUSTCOM '15: Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA - Volume 01

Software-Defined Networking (SDN) promises to introduce flexibility and programmability into networks by offering a northbound interface (NBI) for developers to create SDN applications. However, current designs and implementations have several drawbacks,...
A Secure Northbound Interface for SDN Applications
TRUSTCOM '15: Proceedings of the 2015 IEEE Trustcom/BigDataSE/ISPA - Volume 01

Software-Defined Networking (SDN) promises to introduce flexibility and programmability into networks by offering a northbound interface (NBI) for developers to create SDN applications. However, current designs and implementations have several drawbacks,...

Comments

Information & Contributors

Information

Published In

cover image ACM Computing Surveys

ACM Computing Surveys Volume 54, Issue 6

Invited Tutorial

July 2022

799 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/3475936

Editor:
Albert Zomaya
University of Sydney, Australia

Issue’s Table of Contents

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 July 2021

Accepted: 01 March 2021

Revised: 01 March 2021

Received: 01 July 2020

Published in CSUR Volume 54, Issue 6

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
411
Total Downloads

Downloads (Last 12 months)63
Downloads (Last 6 weeks)4

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Su YXiong DQian KWang Y(2024)A Comprehensive Survey of Distributed Denial of Service Detection and Mitigation Technologies in Software-Defined NetworkElectronics10.3390/electronics1304080713:4(807)Online publication date: 19-Feb-2024
https://doi.org/10.3390/electronics13040807
Awan KUd Din IAlmogren ARodrigues J(2024)Artificial Intelligence and Quantum Synergies in Trust-Enhanced Consumer Applications for Software Defined NetworksIEEE Transactions on Consumer Electronics10.1109/TCE.2024.336567370:1(791-799)Online publication date: Mar-2024
https://doi.org/10.1109/TCE.2024.3365673
Rahman JSingh JNayak SJena BMohanty LSingh NLaird JSingh RGarg DKhanna NFouda MSaba LSuri J(2024)A Generalized and Robust Nonlinear Approach based on Machine Learning for Intrusion DetectionApplied Artificial Intelligence10.1080/08839514.2024.237698338:1Online publication date: 11-Jul-2024
https://doi.org/10.1080/08839514.2024.2376983
Kim JSeo MLee SNam JYegneswaran VPorras PGu GShin S(2024)Enhancing security in SDNComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2024.110203241:COnline publication date: 25-Jun-2024
https://dl.acm.org/doi/10.1016/j.comnet.2024.110203
Khan AAhmad SAli IHayat BTian YLiu W(2024)Dynamic mobility and handover management in software‐defined networking‐based fifth‐generation heterogeneous networksInternational Journal of Network Management10.1002/nem.2268Online publication date: 28-Mar-2024
https://doi.org/10.1002/nem.2268
Algarni SEassa FAlmarhabi KAlgarni AAlbeshri A(2022)BCNBI: A Blockchain-Based Security Framework for Northbound Interface in Software-Defined NetworkingElectronics10.3390/electronics1107099611:7(996)Online publication date: 23-Mar-2022
https://doi.org/10.3390/electronics11070996
Daneshmand BLe T(2022)Software-Defined Networking: A New Approach to Fifth Generation Networks – Security Issues and Challenges Ahead2022 Thirteenth International Conference on Ubiquitous and Future Networks (ICUFN)10.1109/ICUFN55119.2022.9829621(307-313)Online publication date: 5-Jul-2022
https://doi.org/10.1109/ICUFN55119.2022.9829621
Hong YLi YTan H(2022)A noninterference trusted dual system security guarantee method based on secure memoryConcurrency and Computation: Practice and Experience10.1002/cpe.746335:2Online publication date: 12-Nov-2022
https://doi.org/10.1002/cpe.7463

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Media

Figures

Other

Tables

View Issue’s Table of Contents