SlideShare a Scribd company logo

Ericsson Technology Review: Identifying and addressing the vulnerabilities and security issues of SDN

Ericsson, profile picture
Ericsson

The document discusses the security vulnerabilities associated with Software-Defined Networking (SDN), emphasizing the challenges posed by centralized control, especially through the SDN controller. Although SDN offers significant benefits such as programmability and improved agility, its architecture introduces a larger attack surface compared to traditional networks, necessitating robust security measures. The authors highlight the importance of authentication, authorization, and resilience to mitigate risks and protect network integrity against malicious intrusions.

Technology
1 of 12
Downloaded 30 times
1
2
3
4
5
6
7
8
9
10
11
12
WHAT DOES SDN EXPOSE? ✱ AUGUST 31, 2015 ✱ ERICSSON TECHNOLOGY REVIEW 1 C H A R T I N G T H E F U T U R E O F I N N O V A T I O N V O L U M E 9 2 | # 7 . 2 0 1 5 Review IDENTIFYINGAND ADDRESSINGTHE VULNERABILITIES ANDSECURITYISSUES OFSDN ERICSSON TECHNOLOGY Tenants Network elements C Applic Managementmodules Management plane SDN applications SDN controllers D-CPI A-CPI MM MM MM SDN app SDNc NE NE
✱ WHAT DOES SDN EXPOSE? 2 ERICSSON TECHNOLOGY REVIEW ✱ AUGUST 31, 2015 vulnerabilities IDENTIFYING AND ADDRESSING THE KRISTIAN SLAVOV DANIEL MIGAULT MAKAN POURZANDI The promises of agility, simplified control, and real-time programmability offered by software-defined networking (sdn) are attractive incentives for operators to keep network evolution apace with advances in virtualization technologies. But do these capabilities undermine security? To answer this question, we have investigated the potential vulnerabilities of sdn. The aim is for this architecture to serve as a secure complement to cloud computing, and to ensure that networks are protected from attack by malicious intruders. Tr a d i t i o n a l n e t w o r k architecture has reached the point where its ability to adapt to dynamic environments, like those enabled by virtualization technologies, has become a hindrance. By separating the control plane from the data plane, sdn raises the level of system abstraction, which in turn opens the door for network programmability, increased speed of operations, and simplification: in short, the key to delivering on its promises, and enabling telecom networks and it to develop in parallel. Attheheartofsdn architectureliesthesdn controller(sdnc).Logicallypositionedbetween networkelements(nes)andsdn applications(sdn apps),thesdnc providesaninterfacebetweenthe two.Itscentralizedpositionenablesittoprovide othersdn componentswithaglobaloverviewof whatishappeninginthenetwork;itcanconfigure nesontheflyanddeterminethebestpathfortraffic. Thesdnc andtheshifttocentralizedcontrolset sdn architectureapartfromtraditionalnetworks –inwhichcontrolisdistributed.Unfortunately,the centralizedpositionofthesdnc makesitaprimary surfaceforattack. SECURITY ISSUES OF SDN &
WHAT DOES SDN EXPOSE? ✱ AUGUST 31, 2015 ✱ ERICSSON TECHNOLOGY REVIEW 3 Forthepurposesofthisarticle,welimited thescopeofourstudyintothevulnerabilitiesof sdn tothesinglecontrollerusecase(withone controllergoverningthedataplane),eventhough sdn architectureallowsforseveral.Ourdiscussion coversthesdn elementsandtheirinteractionsin thesinglecontrollercase,aswellastheinteractions betweenthesdnc andthemanagementplane. Whycentralize? Asdefinedbyonf1 ,alogicallycentralizedcontrol planemakesitpossibletomaintainanetwork- wideviewofresources,whichcanthenbe exposedtotheapplicationlayer.Toprovidesuch acentralizedarchitecture,sdn usesoneormore nesthatinterfacewiththesdnc.Thebenefitof buildingnetworksinthiswayissimplifiednetwork management,andimprovedagility. Centralizationequipsnetworksfor programmability,whichinturnincreasesautonomy. Onepossibilityenabledbyprogrammabilityis theautomaticdetectionandmitigationofddos attacks,whichresultsinrapidresolutionofany problemsthatmayarise.Programmabilityalso allowsnetworkresourcestobesharedautomatically, which–togetherwiththecapabilitytocreate virtualnetworkscreatedontopofexistingnetwork infrastructure–enablesautomaticsharingby multipletenants. Benefitsandvulnerabilities sdn facilitatestheintegrationofsecurityappliances intonetworks,whichcanbeimplementeddirectlyon topofthecontrolplane,ratherthanbeingaddedas separateappliancesorinstantiatedwithinmultiple nes.sdn’scentralizedmanagementapproach enableseventswithintheentirenetworktobe collectedandaggregated,Theresultingbroader, morecoherentandmoreaccurateimageofthe network’sstatus,makessecuritystrategiesboth easiertoenforceandtomonitor. Theabilitytoimplementsecuritymechanisms directlyontopofthecontrolleroronsteeringtraffic atruntime(usinglegacyapplianceswhennecessary) makesitpossibletodynamicallyaddtapsand sensorsatvariousplacesinthenetwork–which makesformoreeffectivenetworkmonitoring.With anaccuratepictureofitsstatus,thenetworkcan morereadilydetectattacks,andthenumberoffalse positivesreportedcanbereduced.Inpractice,ifa tapindicatestothesdnc thatadeviceisshowing signsofbeinghijackedbyabotnet,thesdnc can steerthepotentiallyoffendingtraffictoanids for analysisandmonitoring.Ifthetrafficisdeemed maliciousbytheids,thesdnc canfilteritand instructthefirst-hopne accordingly. Itsabilitytofacilitatethecollectionofnetwork- statusinformationaswellasenablingautomatic detectionandresolutionofanybreachinsecurity, makessdn idealforintegrationintonetworkthreat intelligencecentersandServiceOperationCenters (socs).Unfortunately,therichfeaturesetofsdn alsoprovidesalargerattacksurfacecomparedwith traditionalnetworks–anissuedocumentedina numberofrecentlypublishedresearchpapers2 . Referencemodel Theoverallsdn architecturecomprisesthe followingelements: 〉〉 nes–whichareresponsibleforforwardingpacketsto thenextappropriatene orendhost; 〉〉 sdnc –whichsendsforwardingrulesontothenes accordingtoinstructionsitreceivesfromsdn apps; Termsand abbreviations ddos–Distributed DoS | dos–Denial of Service | gre–Generic Routing Encapsulation | ids–intrusion detection system | ipsec–Internet Protocol Security | mm– management module | mpls–multi-protocol label switching | ne–network element | onf–Open Networking Foundation | rbac role-based access control | sdnsoftware-defined networking | sdnc–sdn controller | sla–Service Level Agreement | tls–Transport Layer Security domain-specific modeling language
✱ WHAT DOES SDN EXPOSE? 4 ERICSSON TECHNOLOGY REVIEW ✱ AUGUST 31, 2015 Tenants Network elements Data plane Control plane Application plane Managementmodules Management plane SDN applications SDN controllers D-CPI A-CPI MM MM MM SDN app SDNc NE NE Figure 1 sdn architecture
AUGUST 31, 2015 ✱ ERICSSON TECHNOLOGY REVIEW 5 〉〉 sdn apps–whichissuecommandstodynamically configurethenetwork; 〉〉 tenants–thelogicalownersofthevirtualnetwork,who provideconfigurationandpolicyinformationthrough networkapps;and 〉〉 managementmodules(mms)–whichareresponsible fordeviceadministration. AsillustratedinFigure1,thesdn architecture comprisesfourplanes:thedataplane,thecontrol plane,theapplicationandthemanagementplane. Thedataplanecarriesusertrafficthroughthe differentnes,whicharedynamicallyprogrammed torespondtothepoliciesofthedifferenttenants. Forwardingpoliciesareelaborated,andsenton bythecontrolplanetoeachne.Themanagement planeisdedicatedtoinfrastructuremanagement, physicaldevicemanagementaswellasplatform managementissuessuchasfirmwareandsoftware upgrades3,4 .Theapplicationplaneisconstitutedby allapplicationsthatprogramthenetworkthrough interactionswiththesdnc.Theseapplicationsmay beindependentandownedbydifferenttenants. Networksthatarebuiltaccordingtosdn architectureprinciplesneedtoprotectanumberof keysecurityassets: 〉〉 availability–thenetworkshouldremainoperational evenunderattack; 〉〉 performance–thenetworkshouldbeabletoguarantee abaselinebandwidthandlatencyintheeventofan attack; 〉〉 integrityandconfidentiality–controlplaneanddata planeintegrityandisolationshouldbeupheldbetween tenants. Toassureprotectionoftheseassets,anumberof processesneedtobeinplace: Authenticationandauthorization Onlyauthenticatedandauthorizedactorsshould beabletoaccesssdn components.Thegranularity ofauthenticationandauthorizationmustbe detailedenoughtolimittheconsequencesofstolen credentialsoridentityhijacking. Resiliency Networksmustbeabletorecoverasautonomously aspossiblefromanattack,orasoftwareorhardware failure.Alternatively,networksmustbeableto dynamicallyworkaroundanyaffectedfunctionality. Contractualcompliance Tofulfillslas,mitigationtechniquesmustbe implemented,andproofthatsuchtechniqueshave beenactivatedeffectivelymustbeprovided. Multi-domainisolation Systemsmustbeabletoisolatetenantsinmultiple domains,suchastheresourceandtrafficdomains. Thefollowingformsofisolationapply: 〉〉 resourceisolation–preventstenantsfromstealing resources,likebandwidth,fromeachother,andis requiredforsla fulfillment;and 〉〉 trafficisolation–requiredbymulti-tenant deployments,soatenantcanseeitsowntrafficonly (thisrequirementappliestobothdataplaneandcontrol planetraffic). Repudiation Allactionscarriedoutbyallsystemactors–both internalandexternal–mustbelogged,andtheall logsneedtobesecured. Transparency Systemsshouldprovidevisibilityintooperations andnetworkstatussotheycandeterminethemost appropriateactionwhenissuesarise.Anactive approachtosecurityrequirescorrectidentification andclassificationofanissuesothemostappropriate actiontomitigateitmaybechosen.Anyaction shouldbeverifiedtoensurethatithasbeenenforced effectively. Thepotentialvulnerabilitiesofsdn architecture areillustratedinFigure2,whichforthesakeof simplicityshowsonlyasubsetofthepossiblemajor attacks. What’sdifferentaboutsdn security? Manyofthesecurityissuesrelatedtosdn networks aresimilartothosethatappearintraditional
✱ WHAT DOES SDN EXPOSE? 6 ERICSSON TECHNOLOGY REVIEW ✱ AUGUST 31, 2015 Configuration Log Control logic Hardware Software LogConfiguration Net topologyControl logic Hardware Software Configuration Flow rules Hardware Software Tenant impersonation Communication hijacking API abuse App manipulation Communication hijacking Network manipulation Information leakage Compromised network Compromised system Communication hijacking DoSattack Admin impersonation Tenants Network elements Data plane Control plane Application plane Management module Management plane SDN applications SDN controllers D-CPI A-CPI MM MM MM SDN app SDNc NE NE DoS attack Network manipulation Figure 2 Potential vulnerabilities of sdn architecture
AUGUST 31, 2015 ✱ ERICSSON TECHNOLOGY REVIEW 7 networks.What’sinteresting,however,iswhatsets sdn apartfromtraditionalnetworks. Comparedwithtraditionalnetworks,the separationofthecontrolanddataplanesenables multi-tenancyandprogrammability,andintroduces centralizedmanagementintothenetwork architecture.Inthisnewmodel,tenantsrunsdn appsthatinterfacewiththesdnc,whichsends instructionstones.Fromasecurityperspective, theabilitytoshareanddynamicallyoperatethe samephysicalnetworkisoneofthekeysecurity- relateddifferencesbetweensdn andtraditional architectures.Assuch,sdn securityissuesrelateto thenewcontrolplanemodel,andmorespecifically tosecuringinter-componentcommunication,and controllingthescopeofapplicationsandtenants throughspecificapisandaccesspolicies. Whileitmaysoundlikethereareanumberof obstaclestoovercome,theprogrammabilityand centralizedmanagementbroughtaboutbysdn enablesamuchgreateralevelofautonomyto mitigateanysecuritybreaches–outweighingthe needforadditionaltechnology. Centralizednetworkmanagement Intraditionalnetworks,nestendtobemonitored andmanagedindividually.However,without theexistenceofstandardprotocolscapableof interactingwithallnesirrespectiveoftheir vendororgeneration,networkmanagement hasbecomecumbersome.Thesdn approach enablescoordinatedmonitoringandmanagement offorwardingpoliciesamongdistributednes, resultinginamoreflexiblemanagementprocess. Whilethereisariskofthesdn controlplane becomingabottleneck,thefactthatithasan overviewoftheentirenetwork,makesitcapableof mitigatinganyreportedincidentdynamically.For example,addos attackcanbedetectedandquickly mitigatedbyisolatingthesuspecttraffic,networksor hosts.Unliketraditionalddos appliances–which generallycarryonlyalocalviewofthenetwork– centralizedelementspossessamuchbroaderviewof networktopologyandperformance,makingthesdn anidealcandidateforthedynamicenforcementofa coherentsecurityposture. However,whileitisclearthatcentralization providessignificantbenefits,italsopresentsa numberofchallenges,likethefactthatthesdnc isahighlyattractiveattacksurface.Thankfully, resiliency,authentication,andauthorizationaddress thisrisk,reducingtheimpactofattack. Resilientcontrolplane Thethreemainelementsofsdn are:sdn apps,the sdnc,andnes.Giventhatcontrolofthenetworkis centralized,allcommunicationwithinthecontrol planeneedstobetreatedascritical,asanoutage resultingfromasuccessfulattackmayleadtoan undesiredimpactonbusinesscontinuity.If,for example,thesdnc ispreventedfromtakingcritical actiontomitigateados attack,theentirenetwork andallofitstenantsmaybeaffected.Toavoidthis, thecontrolplaneneedsagreaterlevelofresiliency builtintoit. Tocommunicatewithtenantapplicationsand nes,thesdnc exposesasetofinterfaces.Allthese interfacesmayexperienceheavytrafficloads, dependingonthetypeandnumberofrunning applications.Trafficontheinterfacescanbefurther impactedbynes,forexample,forwardingpackets forwhichtheyhavenoforwardingrules.So,interms ofdependenceonthesdnc,traditionalnetworks appeartobemorerobust. Aneffectivewaytoimprovetheresilienceofthe centralizedcontrolplaneandpreventthespread ofddos control-planeattackstotherestofthe networkistorate-limitnesintermsofbandwidth andresourceconsumption–suchascpu load, memoryusage,andapi calls. Resiliencecanbefurtherenhancedthrough properresourcededication–wherethesdnc authenticateseachresourcerequest,and subsequentlychecksrequestsagainststrong authorizationcontrolpolicies. Strongauthenticationandauthorization Authenticationandauthorizationaretheprocesses usedtoidentifyanunknownsourceandthen determineitsaccessprivileges.Implemented correctly,theseprocessescanprotectnetworksfrom certaintypesofattack,suchas:
✱ WHAT DOES SDN EXPOSE? 8 ERICSSON TECHNOLOGY REVIEW ✱ AUGUST 31, 2015 〉〉 provisionoffalse(statistical)feedbacktothesystem –forexample,foolingthesystemintobelievingitis underattack,resultinginunnecessarydeployment ofcountermeasures,whichconsumesresourcesand inevitablyleadstosuboptimalusage; 〉〉 modificationofavalidon-pathrequest–whichresults inadirectattackthataltersnetworkbehavior; 〉〉 forwardingtrafficthatisnotmeanttobeforwarded, ornotforwardingtrafficthatshouldbe–subverting networkisolation;and 〉〉 gainingcontrolaccesstoanycomponent–rendering theentirenetworkuntrustworthy. Thecriticalnatureofthesdnc dictatesthat additionalsecuritymeasuresneedtobetakento protectit.Attheveryleast,trafficmustbeintegrity protectedtopreventtamperingofon-pathtraffic, buteventhislevelofprotectiondoesnotsecure controldata. Encryptionisonewayofpreventingcontrol datafrombeingleaked.But,eventogetherwith integrityprotection,encryptionisnotsufficientto protectagainstman-in-the-middle-typeattacks. Andso,allcommunicationwithinthecontrolplane mustbemutuallyauthenticated.Securityprotocols liketls andipsec provideameansformutual authenticationaswellasforreplayattackprotection, confidentiality,andintegrityprotection. Mutualauthenticationdoes,however,present somedifficulties,suchashowtobootstrapsecurity intothesystem.Onewaytosolvethisisbyusing securitycertificates.Howthenthesecertificatesare issued,installed,stored,andrevokedthenbecomes thesignificantsecuritydifficulty.Encryptionand integrityprotectionwithoutmutualauthentication arelessusefulfromasecuritypointofview. Theproblemwithmutualauthenticationis thatitrequirespreviousknowledgeoftheremote communicatingendpoint–unlessacommonly trustedthirdpartyexists. Onasmallscale,mutualauthenticationcanbe implementedmanually–requiringadministrators toinstallpropercertificatesorsharedsecretson allendpoints.However,forcomplexandphysically separatedsystems–andespeciallyinnetworks wheremanysdn componentscanbecreated dynamicallyandadministeredbymultipleparties– manualimplementationmaynotbefeasible. Thesdnc providesnetworkconfiguration informationthroughAPI callstoitsservices,which enablestenantstousesdn applicationstocontrol networkbehavior.Thissituationissomewhat alarming,giventhatphysicalhardwareresources maybesharedamongrivaltenants.Whileordinary securitymeasures–suchasargumentsanitization andvalidation–mustbeinplace,thesdnc also needsasolidauthentication,authorizationand accountabilityinfrastructuretoprotectthenetwork fromunauthorizedchanges.Strongauthentication andauthorizationprovidesadditionalprotection,as itpreventsanattackerfromimpersonatingansdn component,especiallythesdnc. Byenforcingstrictauthorizationand accountabilityprocesses,damagescanbelimited, andreliabletracesforforensicsprovided.Role- basedaccesscontrol(rbac)isacommonlyused approachforrestrictingtheactionspermittedby anapplicationbyassigningaroletoit.Rolescanbe definedonahost,userorapplicationbasis. Ineffect,rbac isasecuritypolicyenforcing system.Thefewerthenumberofpermittedactions, themorelimitedtheexploitablefunctionality.When implementedcorrectly,rbac canbeinvaluable. Unfortunately,thisapproachisrathercumbersome insystemswithverynarrowlydefinedroles wherefrequentchangestakeplace.Attheother endofthescale,rbac losesitsedgeifrolesaretoo looselydefined. Forthepurposesofsystemintegrityassurance, everyeventthatoccursinthesystemshouldbe recordedinalog.Howtheselogsarestoredand securedagainstimproperaccessalsoneedstobe considered,andanexternalhostisrecommended. Multi-tenancy Wherenetworksarebuiltusingsdn techniques,itis possibleforthesamephysicalnetworktobeshared amongseveraltenants,whichcaninturnmanage theirownvirtualnetworks.Multi-tenancyallowsfor betterutilizationofnetworkresources,loweringthe totalcostofownership.Fortenants,sdn shortens thetimetakentoreacttochangingsituations
WHAT DOES SDN EXPOSE? ✱ AUGUST 31, 2015 ✱ ERICSSON TECHNOLOGY REVIEW 9 through,forexample,automaticscalingofresources. Tomaintainanacceptablelevelofsecurity,tenants shouldnotbeabletointerferewitheachother’s networks,andneednotevenbeawarethattheyare sharingnetworkresourceswithothers. Tenantisolation(theseparationofonetenant’s resourcesandactionsfromanother)isanimportant featureofsdn frameworksecurity. Controlplaneisolation Isolationisonewaytopreventtheactionsofone tenantfromimpactingothers.Thisisacritical businessaspectthatmustbestronglyenforced. Tenantisolationisorchestratedbythesdnc, andimplementedinsdn nesthroughspecific forwardingrules.Whiletheburdenofproviding secureisolationlieswiththesdnc,tenantsalsoplay animportantroleinsharingthatburden. Thenetworkprovidesisolationprimarilyonthe linklayer.Ifatenanthasweaknetworksecurity procedures,informationdisclosuremayoccur, resultinginabreachofisolationathigherlayers. Forexample,aroguesdn appwithprivilegesthat spanbeyondisolationbordersmayimpactoverall networksecuritybysteeringtraffictoathirdparty (informationdisclosure)byover-orunder-billing (theftofservice)orbydroppingtraffic(dos). Thecentralizednatureofthesdn controlplane furtheraccentuatestheimpactofsuchattacks. Consequently,thetaskofprovidingisolationcannot beentirelyoffloadedontothesdn network. Dataplaneisolation Tenantsrunningabusinessonvirtualnetworks builtusingsdn maybesubjecttothesame kindofnetwork-basedattacksasintraditional networks.However,duetothesharednetworking infrastructure,theimpactofsuchanattackmaybe dividedamongsomeorevenallofthesetenants. Thisisanewrisk,whichmayhaveacommercial impact;nobodywantstoopenabusinessnexttoa known(orperceived)troublemakeroronethatis pronetoattack. So,forthedataplane,flowsassociatedwith eachparticulartenantmustremainisolatedatall times.Isolationmaybeperformedlogicallythrough overlaynetworks andenforced withinthenes.For example,bytagging theownershipof trafficgenerated byeachtenant, thetrafficcanbe carriedoverasharedinfrastructure–onceithas beenencapsulated(tagged).Tunnelstaggedfor agiventenantarethenforwardedtothevirtual networkforthattenant.Manyalternative(and complementary)techniquesareavailableforthis typeofencapsulation,includinggre,mpls and ipsec. Taggingisonewaytoperformlogicalisolation, butIP addressescanalsobeused,removingthe needforspecifictaggingtechniques.Bearingin mindthatseparatenetworkfunctioninstances arenotrequiredtoservicedifferenttenants,some networkfunctionalitycanbesharedbytenantsas longasisolationispreservedandenforced. Inadditiontologicalisolation,trafficmaybe encryptedwithspecifictenantkeys.Thisguarantees thatinthecaseoflogicalencapsulationviolation,the datatrafficremainsisolatedandinformationcannot beleaked. Isolationissuesneedtoberesolvedwhilebearing resourceconsumptioninmind.Whiletraffic isolationcanhelpwithdataleakage,sharedresource usagealsorequiresresourceisolation.Forexample, theexistenceofaforwardingloopwithinonetenant maypotentiallyimpactalltenants,astheproblem overloadstheunderlyingnetworkequipment.To counteractthisproblem,thesdnc mustenforce resourceisolation,andusemeasureslikerate limitingtominimizetheimpactthatatenantcan haveonthenetwork. Programmability Oneofthesignificantbenefitsbroughtabout throughsdn isprogrammability:theabilityto configureanetworkefficiently,securely,andin atimelymanner.sdn programmabilityexistsin varyingdegreesofcomplexityandabstraction.At oneendofthescale,programmabilityenablesnes AS THE SDNC IS SO CRITICAL,ADDITIONAL SECURITY MEASURES ARE NEEDED TO PROTECT IT
✱ WHAT DOES SDN EXPOSE? 10 ERICSSON TECHNOLOGY REVIEW ✱ AUGUST 31, 2015 tobedynamicallyreprogrammedtoforwarddata flowsaccordingtotheircapabilitiesandhigher- levelpoliciesinthenetwork.Attheotherend,sdn appsenabletenantstoprogrammaticallyissuerun- timerequirementstothenetwork.Allrequestsare consolidatedbythesdnc,whichfulfillshigher-level requestsfromthecapabilitiesavailableatthelower levels.Tomakethistasktrickier,sdn appsmay issueorthogonal(mutuallyexclusive/contradicting) requests.Theautomatedsolutionmaythenneedto dynamicallyreconfigureachunkofthesdn network –andallofthismusthappenwithinsecondsorless. Theprimarybenefitthatprogrammabilitybrings fornetworksbuiltusingthesdn architecture approachisflexiblecontrol.Theabilitytocontrol anetworkandapplychangesinatimelymanner increasesthenetwork’slevelofagility.Suchflexibility canmakethenetworkmoresecure,asitisconstantly monitoredanddesignedtomitigatemalicious behaviorinmoreorlessrealtime.Thedownsideof theflexibilityprovidedbyprogrammabilityisthe significantimpactithasonsecurity. Configurationcoherency Allowingtenantstoissueprogrammaticchangesto thenetworkenablesnetworkstoadapttochanging conditions–increasingnetworkagility.Inpractical terms,programmabilitycan,forexample,reduce thetimeittakestosetupacustomercollaboration networkfromdaysormonthstominutesorhours. Programmabilitymayalsoremovetheneedfor manualconfiguration,whichispronetoerror.The result:theautomaticreconfigurationofnetworksis feasible,providingthesdnc withaglobalviewof thenetwork,enablingittoperformsanitychecking andregressiontestingsothatnewnetworkscanbe rapidlydeployed. Unfortunately,theflexibilityprovidedby programmabilityallowstenantstomakechanges tothesharedenvironment,whichcancripplethe operationoftheentirenetwork–eitherintentionally orunintentionallyasaresultofmisinformation. Ensuringcoherencyamongtheactionsofthe varioussdn appsonthenetworkalsoneedsto beconsideredfromasecuritypointofview(as describedin5 ).Considerthecasewheresecurity andload-balancingapplicationsareinstantiated foragiventenant.Acoherencyconflictarises,for example,whenthesecurityapplicationdecides toquarantineaserver,whiletheload-balancing applicationsimultaneouslydecidestoroutetraffic tothequarantinedserver–becauseitappearsto havelowload.Toavoidcoherencyissues,thesdnc mustbeabletoassessandeliminatethepossibleside effectsoftheacceptablenetworkchangesby eachtenant,andtofeatureeffectiveconflict resolutionheuristics. Anothertypeofconflictarisesduetothe complexityofvirtualnetworktopologies,andthe difficultyofmaintainingacoherentsecuritypolicy acrossanetwork.Specialcareisrequiredfortraffic thatneedstobeforwardedtosecurityappliances formonitoringpurposes.Asthetrafficorpartsofit canberoutedoverdifferentpaths,methodsneed tobeputinplacetoensurethatallthetrafficis covered.Consequently,monitoringisnecessaryon allpaths.Similarissuesariseintraditionalnetworks, buttheincreasedservicevelocityofferedbysdn architecturemayfuelthistypeofconflict. Dynamicity Thedynamicandreactivenatureofnetworksbuilt usingthesdn approachopensupnewpossibilities forfightingnetworkattacks.Automatednetwork reconfigurations,forwardingtohoneypots,and blackholeroutingarejustsomeofthetechniques thatcanbeemployed.Servicechainingisyet anothertechniquethatutilizessdn propertiesand canbeusedtoscreenformaliciouspayloadand triggermitigatingactions. Anetworkbuiltusingsdn techniquescando lower-layeranalysisbasedonparameterssuchas datarate,source,andpacketsize,whilethetenant canprovidehigher-layeranalysisbasedonprotocols, transportports,andpayloadfingerprints.Once suspiciousbehaviorhasbeendetected,thenetwork canuseitsprogrammabilityfeaturestoanalyzethe situationinmoredetailortriggermitigatingactions. However,whilethefeedbacksystemprovides someadvantagesintermsofsecurity,italsopresents someissues.Theinteractionbetweenthedata planeandthecontrolplanebreaksthefundamental
WHAT DOES SDN EXPOSE? ✱ AUGUST 31, 2015 ✱ ERICSSON TECHNOLOGY REVIEW 11 sdn concept:theseparationofthesetwoplanes. Thisinturnmakesthedataplaneasteppingstone forattackingthecontrolplane.Aswithother feedbackloops,thisinteraction,unlessmanaged appropriately,mayleadtoanoscillatingsituation thatwilleventuallymakethenetworkunstable. Conclusion Thebeautyofsdn liesinitsabilityasatechnology tomakenetworksflexible,ensureefficientuse ofresources,andfacilitateamuchhigherlevelof systemautonomy.Likeanynascenttechnology,sdn shouldbehandledcautiouslytoavoiditbecoming anattackvector.However,sdn opensupnew possibilitiesfortheimplementationofimproved securitymechanismsinthenetwork,offering broadervisibility,programmability,aswellasa centralizedapproachtonetworkmanagement. Kristian Slavov ◆ Works at Ericsson Security Research in Jorvas, Finland. He has a background in programming and a keen interest in security, with more than 10 years of experience in this field. He holds an M.Sc. in telecommunications software from Helsinki University of Technology. He is also an avid canoe polo player. Daniel Migault ◆ Works at Ericsson Security Research in Montreal, Canada. He works on standardization at IETF and serves as a liaison between IAB and ICANN/RSSAC. He used to work in the Security Department at Orange Labs for France Telecom RD and holds a Ph.D. in Telecom and Security from Pierre and Marie Curie University (UPMC) and Institut National des Telecommunications (INT), France. Makan Pourzandi ◆ Works at Ericsson Security Research in Montreal, Canada. He has more than 15 years’ experience in security for telecom systems, cloud, and distributed security and software security. He holds a Ph.D. in parallel computing and distributed systems from the Université Claude Bernard Lyon 1, France, and an M.Sc. in parallel processing from École Normale Supérieure (ENS) de Lyon, France. THEAUTHORS References 1. Open Networking Foundation, 2014, sdn Architecture Overview, available at: http://www.opennetworking.org/images/stories/ downloads/sdn-resources/technical-reports/TR_ SDN-ARCH-Overview-1.1-11112014.02.pdf 2. ACM, 2013, Proceedings,Towards secure and dependable software-defined networks, abstract available at: http://dl.acm.org/citation.cfm?id=2491199 3. Ericsson, 2013, Ericsson Review, Software- defined networking: the service provider perspective, available at: http://www.ericsson.com/news/130221-software- defined-networking-the-service-provider- perspective_244129229_c 4. OpenDaylight project, available at: http://www.opendaylight.org/ 5. CSL, SRI International, 2015, Proceedings, Securing the Software-Defined Network, available at: http://www.csl.sri.com/users/porras/SE- Floodlight.pdf
✱ WHAT DOES SDN EXPOSE? 12 ERICSSON TECHNOLOGY REVIEW ✱ AUGUST 31, 2015 ISSN 0014-0171 284 23-3259 | Uen © Ericsson AB 2015 Ericsson SE-164 83 Stockholm, Sweden Phone: + 46 10 719 0000

More Related Content

PDF
Advanced Applications & Networks
Prakash Nagpal
 
PDF
Performance Analysis of Wireless Trusted Software Defined Networks
IRJET Journal
 
PPTX
Software defined networking players
Ameer Sameer
 
DOCX
Emerging Technology Paper
Vincent Belken
 
PDF
Tinysec
Dhara Ladumor
 
PDF
Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...
Siyabonga Masuku
 
PDF
SDN - beyond the obvious
Peter van der Voort
 
DOC
Unified Security Plugin for Opendaylight Controller
Saikat Chaudhuri
 
Advanced Applications & Networks
Prakash Nagpal
 
Performance Analysis of Wireless Trusted Software Defined Networks
IRJET Journal
 
Software defined networking players
Ameer Sameer
 
Emerging Technology Paper
Vincent Belken
 
Tinysec
Dhara Ladumor
 
Evaluation of Authentication Mechanisms in Control Plane Applications for Sof...
Siyabonga Masuku
 
SDN - beyond the obvious
Peter van der Voort
 
Unified Security Plugin for Opendaylight Controller
Saikat Chaudhuri
 

What's hot (12)

PDF
Attacking SDN infrastructure: Are we ready for the next gen networking
Priyanka Aash
 
PDF
“Visual AI at the Edge: From Surveillance Cameras to People Counters,” a Pres...
Edge AI and Vision Alliance
 
PDF
VERIZON Network Infraestructure Planning
Bootcamp SCL
 
PPTX
Cloud: Session 3 - Defining the True Cloud
SugarCRM
 
PDF
SCADA White Paper March2012
James Collinge, CISSP
 
PDF
SDN Security: Two Sides of the Same Coin
Zivaro Inc
 
PDF
A sentient network - How High-velocity Data and Machine Learning will Shape t...
Wenjing Chu
 
PPTX
BsidesSP: Pentesting in SDN - Owning the Controllers
Roberto Soares
 
PDF
Cast vs sonar
Rajesh Kumar
 
PDF
Pulverisation in Cyber-Physical Systems: Engineering the Self-Organising Logi...
Roberto Casadei
 
PDF
Vortex 2.0 -- The Industrial Internet of Things Platform
Angelo Corsaro
 
PPTX
Infrastructure Attacks - The Next generation, ESET LLC
Infosec Europe
 
Attacking SDN infrastructure: Are we ready for the next gen networking
Priyanka Aash
 
“Visual AI at the Edge: From Surveillance Cameras to People Counters,” a Pres...
Edge AI and Vision Alliance
 
VERIZON Network Infraestructure Planning
Bootcamp SCL
 
Cloud: Session 3 - Defining the True Cloud
SugarCRM
 
SCADA White Paper March2012
James Collinge, CISSP
 
SDN Security: Two Sides of the Same Coin
Zivaro Inc
 
A sentient network - How High-velocity Data and Machine Learning will Shape t...
Wenjing Chu
 
BsidesSP: Pentesting in SDN - Owning the Controllers
Roberto Soares
 
Cast vs sonar
Rajesh Kumar
 
Pulverisation in Cyber-Physical Systems: Engineering the Self-Organising Logi...
Roberto Casadei
 
Vortex 2.0 -- The Industrial Internet of Things Platform
Angelo Corsaro
 
Infrastructure Attacks - The Next generation, ESET LLC
Infosec Europe
 
Ad

Similar to Ericsson Technology Review: Identifying and addressing the vulnerabilities and security issues of SDN (20)

PDF
Software Defined Network Based Internet on thing Eco System for Shopfloor
IRJET Journal
 
PDF
IRJET- Survey on SDN based Network Intrusion Detection System using Machi...
IRJET Journal
 
PDF
TheimplementationofSoftwareDefinedNetworkinginenterprisenetworks.pdf
Fernando Velez Varela
 
PDF
A Novel SDN Architecture for IoT Security
ijtsrd
 
PDF
Software Defined Networking Architecture for Empowering Internet of Things & ...
IRJET Journal
 
PDF
Controller Placement Problem Resiliency Evaluation in SDN-based Architectures
IJCNCJournal
 
PDF
Controller Placement Problem resiliency evaluation in SDN-based architectures
IJCNCJournal
 
PDF
Controller Placement Problem Resiliency Evaluation in SDN-based Architectures
IJCNCJournal
 
PPTX
SDN NOTES (2).pptx for engineering students
SabarigiriVason
 
PDF
A Survey On Software-Defined Wireless Sensor Networks Challenges And Design ...
Angela Tyger
 
DOCX
Software Defined Networking Attacks and Countermeasures .docx
rosemariebrayshaw
 
PDF
Software Defined Networking (SDN): A Revolution in Computer Network
IOSR Journals
 
PDF
Sdnhpkorea
deepersnet
 
PDF
Whitepaper - Software Defined Networking for the Telco Industry
aap3 IT Recruitment
 
PPT
Security of software defined networking (sdn) and cognitive radio network (crn)
Ameer Sameer
 
PDF
Security and risk analysis in the cloud with software defined networking arch...
IJECEIAES
 
PDF
What is SDN.pdf
Konverge Technologies Pvt. Ltd.
 
PDF
An Analysis on Software Defined Wireless Network using Stride Model
IRJET Journal
 
PDF
A review on software defined network security risks and challenges
TELKOMNIKA JOURNAL
 
PDF
SDN and Security: A Marriage Made in Heaven. Or Not.
Priyanka Aash
 
Software Defined Network Based Internet on thing Eco System for Shopfloor
IRJET Journal
 
IRJET- Survey on SDN based Network Intrusion Detection System using Machi...
IRJET Journal
 
TheimplementationofSoftwareDefinedNetworkinginenterprisenetworks.pdf
Fernando Velez Varela
 
A Novel SDN Architecture for IoT Security
ijtsrd
 
Software Defined Networking Architecture for Empowering Internet of Things & ...
IRJET Journal
 
Controller Placement Problem Resiliency Evaluation in SDN-based Architectures
IJCNCJournal
 
Controller Placement Problem resiliency evaluation in SDN-based architectures
IJCNCJournal
 
Controller Placement Problem Resiliency Evaluation in SDN-based Architectures
IJCNCJournal
 
SDN NOTES (2).pptx for engineering students
SabarigiriVason
 
A Survey On Software-Defined Wireless Sensor Networks Challenges And Design ...
Angela Tyger
 
Software Defined Networking Attacks and Countermeasures .docx
rosemariebrayshaw
 
Software Defined Networking (SDN): A Revolution in Computer Network
IOSR Journals
 
Sdnhpkorea
deepersnet
 
Whitepaper - Software Defined Networking for the Telco Industry
aap3 IT Recruitment
 
Security of software defined networking (sdn) and cognitive radio network (crn)
Ameer Sameer
 
Security and risk analysis in the cloud with software defined networking arch...
IJECEIAES
 
What is SDN.pdf
Konverge Technologies Pvt. Ltd.
 
An Analysis on Software Defined Wireless Network using Stride Model
IRJET Journal
 
A review on software defined network security risks and challenges
TELKOMNIKA JOURNAL
 
SDN and Security: A Marriage Made in Heaven. Or Not.
Priyanka Aash
 
Ad

More from Ericsson (20)

PDF
Ericsson Technology Review: Versatile Video Coding explained – the future of ...
Ericsson
 
PDF
Ericsson Technology Review: issue 2, 2020
Ericsson
 
PDF
Ericsson Technology Review: Integrated access and backhaul – a new type of wi...
Ericsson
 
PDF
Ericsson Technology Review: Critical IoT connectivity: Ideal for time-critica...
Ericsson
 
PDF
Ericsson Technology Review: 5G evolution: 3GPP releases 16 & 17 overview (upd...
Ericsson
 
PDF
Ericsson Technology Review: The future of cloud computing: Highly distributed...
Ericsson
 
PDF
Ericsson Technology Review: Optimizing UICC modules for IoT applications
Ericsson
 
PDF
Ericsson Technology Review: issue 1, 2020
Ericsson
 
PDF
Ericsson Technology Review: 5G BSS: Evolving BSS to fit the 5G economy
Ericsson
 
PDF
Ericsson Technology Review: 5G migration strategy from EPS to 5G system
Ericsson
 
PDF
Ericsson Technology Review: Creating the next-generation edge-cloud ecosystem
Ericsson
 
PDF
Ericsson Technology Review: Issue 2/2019
Ericsson
 
PDF
Ericsson Technology Review: Spotlight on the Internet of Things
Ericsson
 
PDF
Ericsson Technology Review - Technology Trends 2019
Ericsson
 
PDF
Ericsson Technology Review: Driving transformation in the automotive and road...
Ericsson
 
PDF
SD-WAN Orchestration
Ericsson
 
PDF
Ericsson Technology Review: 5G-TSN integration meets networking requirements ...
Ericsson
 
PDF
Ericsson Technology Review: Meeting 5G latency requirements with inactive state
Ericsson
 
PDF
Ericsson Technology Review: Cloud-native application design in the telecom do...
Ericsson
 
PDF
Ericsson Technology Review: Service exposure: a critical capability in a 5G w...
Ericsson
 
Ericsson Technology Review: Versatile Video Coding explained – the future of ...
Ericsson
 
Ericsson Technology Review: issue 2, 2020
Ericsson
 
Ericsson Technology Review: Integrated access and backhaul – a new type of wi...
Ericsson
 
Ericsson Technology Review: Critical IoT connectivity: Ideal for time-critica...
Ericsson
 
Ericsson Technology Review: 5G evolution: 3GPP releases 16 & 17 overview (upd...
Ericsson
 
Ericsson Technology Review: The future of cloud computing: Highly distributed...
Ericsson
 
Ericsson Technology Review: Optimizing UICC modules for IoT applications
Ericsson
 
Ericsson Technology Review: issue 1, 2020
Ericsson
 
Ericsson Technology Review: 5G BSS: Evolving BSS to fit the 5G economy
Ericsson
 
Ericsson Technology Review: 5G migration strategy from EPS to 5G system
Ericsson
 
Ericsson Technology Review: Creating the next-generation edge-cloud ecosystem
Ericsson
 
Ericsson Technology Review: Issue 2/2019
Ericsson
 
Ericsson Technology Review: Spotlight on the Internet of Things
Ericsson
 
Ericsson Technology Review - Technology Trends 2019
Ericsson
 
Ericsson Technology Review: Driving transformation in the automotive and road...
Ericsson
 
SD-WAN Orchestration
Ericsson
 
Ericsson Technology Review: 5G-TSN integration meets networking requirements ...
Ericsson
 
Ericsson Technology Review: Meeting 5G latency requirements with inactive state
Ericsson
 
Ericsson Technology Review: Cloud-native application design in the telecom do...
Ericsson
 
Ericsson Technology Review: Service exposure: a critical capability in a 5G w...
Ericsson
 

Recently uploaded (20)

PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 

Ericsson Technology Review: Identifying and addressing the vulnerabilities and security issues of SDN

  • 1. WHAT DOES SDN EXPOSE? ✱ AUGUST 31, 2015 ✱ ERICSSON TECHNOLOGY REVIEW 1 C H A R T I N G T H E F U T U R E O F I N N O V A T I O N V O L U M E 9 2 | # 7 . 2 0 1 5 Review IDENTIFYINGAND ADDRESSINGTHE VULNERABILITIES ANDSECURITYISSUES OFSDN ERICSSON TECHNOLOGY Tenants Network elements C Applic Managementmodules Management plane SDN applications SDN controllers D-CPI A-CPI MM MM MM SDN app SDNc NE NE
  • 2. ✱ WHAT DOES SDN EXPOSE? 2 ERICSSON TECHNOLOGY REVIEW ✱ AUGUST 31, 2015 vulnerabilities IDENTIFYING AND ADDRESSING THE KRISTIAN SLAVOV DANIEL MIGAULT MAKAN POURZANDI The promises of agility, simplified control, and real-time programmability offered by software-defined networking (sdn) are attractive incentives for operators to keep network evolution apace with advances in virtualization technologies. But do these capabilities undermine security? To answer this question, we have investigated the potential vulnerabilities of sdn. The aim is for this architecture to serve as a secure complement to cloud computing, and to ensure that networks are protected from attack by malicious intruders. Tr a d i t i o n a l n e t w o r k architecture has reached the point where its ability to adapt to dynamic environments, like those enabled by virtualization technologies, has become a hindrance. By separating the control plane from the data plane, sdn raises the level of system abstraction, which in turn opens the door for network programmability, increased speed of operations, and simplification: in short, the key to delivering on its promises, and enabling telecom networks and it to develop in parallel. Attheheartofsdn architectureliesthesdn controller(sdnc).Logicallypositionedbetween networkelements(nes)andsdn applications(sdn apps),thesdnc providesaninterfacebetweenthe two.Itscentralizedpositionenablesittoprovide othersdn componentswithaglobaloverviewof whatishappeninginthenetwork;itcanconfigure nesontheflyanddeterminethebestpathfortraffic. Thesdnc andtheshifttocentralizedcontrolset sdn architectureapartfromtraditionalnetworks –inwhichcontrolisdistributed.Unfortunately,the centralizedpositionofthesdnc makesitaprimary surfaceforattack. SECURITY ISSUES OF SDN &
  • 3. WHAT DOES SDN EXPOSE? ✱ AUGUST 31, 2015 ✱ ERICSSON TECHNOLOGY REVIEW 3 Forthepurposesofthisarticle,welimited thescopeofourstudyintothevulnerabilitiesof sdn tothesinglecontrollerusecase(withone controllergoverningthedataplane),eventhough sdn architectureallowsforseveral.Ourdiscussion coversthesdn elementsandtheirinteractionsin thesinglecontrollercase,aswellastheinteractions betweenthesdnc andthemanagementplane. Whycentralize? Asdefinedbyonf1 ,alogicallycentralizedcontrol planemakesitpossibletomaintainanetwork- wideviewofresources,whichcanthenbe exposedtotheapplicationlayer.Toprovidesuch acentralizedarchitecture,sdn usesoneormore nesthatinterfacewiththesdnc.Thebenefitof buildingnetworksinthiswayissimplifiednetwork management,andimprovedagility. Centralizationequipsnetworksfor programmability,whichinturnincreasesautonomy. Onepossibilityenabledbyprogrammabilityis theautomaticdetectionandmitigationofddos attacks,whichresultsinrapidresolutionofany problemsthatmayarise.Programmabilityalso allowsnetworkresourcestobesharedautomatically, which–togetherwiththecapabilitytocreate virtualnetworkscreatedontopofexistingnetwork infrastructure–enablesautomaticsharingby multipletenants. Benefitsandvulnerabilities sdn facilitatestheintegrationofsecurityappliances intonetworks,whichcanbeimplementeddirectlyon topofthecontrolplane,ratherthanbeingaddedas separateappliancesorinstantiatedwithinmultiple nes.sdn’scentralizedmanagementapproach enableseventswithintheentirenetworktobe collectedandaggregated,Theresultingbroader, morecoherentandmoreaccurateimageofthe network’sstatus,makessecuritystrategiesboth easiertoenforceandtomonitor. Theabilitytoimplementsecuritymechanisms directlyontopofthecontrolleroronsteeringtraffic atruntime(usinglegacyapplianceswhennecessary) makesitpossibletodynamicallyaddtapsand sensorsatvariousplacesinthenetwork–which makesformoreeffectivenetworkmonitoring.With anaccuratepictureofitsstatus,thenetworkcan morereadilydetectattacks,andthenumberoffalse positivesreportedcanbereduced.Inpractice,ifa tapindicatestothesdnc thatadeviceisshowing signsofbeinghijackedbyabotnet,thesdnc can steerthepotentiallyoffendingtraffictoanids for analysisandmonitoring.Ifthetrafficisdeemed maliciousbytheids,thesdnc canfilteritand instructthefirst-hopne accordingly. Itsabilitytofacilitatethecollectionofnetwork- statusinformationaswellasenablingautomatic detectionandresolutionofanybreachinsecurity, makessdn idealforintegrationintonetworkthreat intelligencecentersandServiceOperationCenters (socs).Unfortunately,therichfeaturesetofsdn alsoprovidesalargerattacksurfacecomparedwith traditionalnetworks–anissuedocumentedina numberofrecentlypublishedresearchpapers2 . Referencemodel Theoverallsdn architecturecomprisesthe followingelements: 〉〉 nes–whichareresponsibleforforwardingpacketsto thenextappropriatene orendhost; 〉〉 sdnc –whichsendsforwardingrulesontothenes accordingtoinstructionsitreceivesfromsdn apps; Termsand abbreviations ddos–Distributed DoS | dos–Denial of Service | gre–Generic Routing Encapsulation | ids–intrusion detection system | ipsec–Internet Protocol Security | mm– management module | mpls–multi-protocol label switching | ne–network element | onf–Open Networking Foundation | rbac role-based access control | sdnsoftware-defined networking | sdnc–sdn controller | sla–Service Level Agreement | tls–Transport Layer Security domain-specific modeling language
  • 4. ✱ WHAT DOES SDN EXPOSE? 4 ERICSSON TECHNOLOGY REVIEW ✱ AUGUST 31, 2015 Tenants Network elements Data plane Control plane Application plane Managementmodules Management plane SDN applications SDN controllers D-CPI A-CPI MM MM MM SDN app SDNc NE NE Figure 1 sdn architecture
  • 5. AUGUST 31, 2015 ✱ ERICSSON TECHNOLOGY REVIEW 5 〉〉 sdn apps–whichissuecommandstodynamically configurethenetwork; 〉〉 tenants–thelogicalownersofthevirtualnetwork,who provideconfigurationandpolicyinformationthrough networkapps;and 〉〉 managementmodules(mms)–whichareresponsible fordeviceadministration. AsillustratedinFigure1,thesdn architecture comprisesfourplanes:thedataplane,thecontrol plane,theapplicationandthemanagementplane. Thedataplanecarriesusertrafficthroughthe differentnes,whicharedynamicallyprogrammed torespondtothepoliciesofthedifferenttenants. Forwardingpoliciesareelaborated,andsenton bythecontrolplanetoeachne.Themanagement planeisdedicatedtoinfrastructuremanagement, physicaldevicemanagementaswellasplatform managementissuessuchasfirmwareandsoftware upgrades3,4 .Theapplicationplaneisconstitutedby allapplicationsthatprogramthenetworkthrough interactionswiththesdnc.Theseapplicationsmay beindependentandownedbydifferenttenants. Networksthatarebuiltaccordingtosdn architectureprinciplesneedtoprotectanumberof keysecurityassets: 〉〉 availability–thenetworkshouldremainoperational evenunderattack; 〉〉 performance–thenetworkshouldbeabletoguarantee abaselinebandwidthandlatencyintheeventofan attack; 〉〉 integrityandconfidentiality–controlplaneanddata planeintegrityandisolationshouldbeupheldbetween tenants. Toassureprotectionoftheseassets,anumberof processesneedtobeinplace: Authenticationandauthorization Onlyauthenticatedandauthorizedactorsshould beabletoaccesssdn components.Thegranularity ofauthenticationandauthorizationmustbe detailedenoughtolimittheconsequencesofstolen credentialsoridentityhijacking. Resiliency Networksmustbeabletorecoverasautonomously aspossiblefromanattack,orasoftwareorhardware failure.Alternatively,networksmustbeableto dynamicallyworkaroundanyaffectedfunctionality. Contractualcompliance Tofulfillslas,mitigationtechniquesmustbe implemented,andproofthatsuchtechniqueshave beenactivatedeffectivelymustbeprovided. Multi-domainisolation Systemsmustbeabletoisolatetenantsinmultiple domains,suchastheresourceandtrafficdomains. Thefollowingformsofisolationapply: 〉〉 resourceisolation–preventstenantsfromstealing resources,likebandwidth,fromeachother,andis requiredforsla fulfillment;and 〉〉 trafficisolation–requiredbymulti-tenant deployments,soatenantcanseeitsowntrafficonly (thisrequirementappliestobothdataplaneandcontrol planetraffic). Repudiation Allactionscarriedoutbyallsystemactors–both internalandexternal–mustbelogged,andtheall logsneedtobesecured. Transparency Systemsshouldprovidevisibilityintooperations andnetworkstatussotheycandeterminethemost appropriateactionwhenissuesarise.Anactive approachtosecurityrequirescorrectidentification andclassificationofanissuesothemostappropriate actiontomitigateitmaybechosen.Anyaction shouldbeverifiedtoensurethatithasbeenenforced effectively. Thepotentialvulnerabilitiesofsdn architecture areillustratedinFigure2,whichforthesakeof simplicityshowsonlyasubsetofthepossiblemajor attacks. What’sdifferentaboutsdn security? Manyofthesecurityissuesrelatedtosdn networks aresimilartothosethatappearintraditional
  • 6. ✱ WHAT DOES SDN EXPOSE? 6 ERICSSON TECHNOLOGY REVIEW ✱ AUGUST 31, 2015 Configuration Log Control logic Hardware Software LogConfiguration Net topologyControl logic Hardware Software Configuration Flow rules Hardware Software Tenant impersonation Communication hijacking API abuse App manipulation Communication hijacking Network manipulation Information leakage Compromised network Compromised system Communication hijacking DoSattack Admin impersonation Tenants Network elements Data plane Control plane Application plane Management module Management plane SDN applications SDN controllers D-CPI A-CPI MM MM MM SDN app SDNc NE NE DoS attack Network manipulation Figure 2 Potential vulnerabilities of sdn architecture
  • 7. AUGUST 31, 2015 ✱ ERICSSON TECHNOLOGY REVIEW 7 networks.What’sinteresting,however,iswhatsets sdn apartfromtraditionalnetworks. Comparedwithtraditionalnetworks,the separationofthecontrolanddataplanesenables multi-tenancyandprogrammability,andintroduces centralizedmanagementintothenetwork architecture.Inthisnewmodel,tenantsrunsdn appsthatinterfacewiththesdnc,whichsends instructionstones.Fromasecurityperspective, theabilitytoshareanddynamicallyoperatethe samephysicalnetworkisoneofthekeysecurity- relateddifferencesbetweensdn andtraditional architectures.Assuch,sdn securityissuesrelateto thenewcontrolplanemodel,andmorespecifically tosecuringinter-componentcommunication,and controllingthescopeofapplicationsandtenants throughspecificapisandaccesspolicies. Whileitmaysoundlikethereareanumberof obstaclestoovercome,theprogrammabilityand centralizedmanagementbroughtaboutbysdn enablesamuchgreateralevelofautonomyto mitigateanysecuritybreaches–outweighingthe needforadditionaltechnology. Centralizednetworkmanagement Intraditionalnetworks,nestendtobemonitored andmanagedindividually.However,without theexistenceofstandardprotocolscapableof interactingwithallnesirrespectiveoftheir vendororgeneration,networkmanagement hasbecomecumbersome.Thesdn approach enablescoordinatedmonitoringandmanagement offorwardingpoliciesamongdistributednes, resultinginamoreflexiblemanagementprocess. Whilethereisariskofthesdn controlplane becomingabottleneck,thefactthatithasan overviewoftheentirenetwork,makesitcapableof mitigatinganyreportedincidentdynamically.For example,addos attackcanbedetectedandquickly mitigatedbyisolatingthesuspecttraffic,networksor hosts.Unliketraditionalddos appliances–which generallycarryonlyalocalviewofthenetwork– centralizedelementspossessamuchbroaderviewof networktopologyandperformance,makingthesdn anidealcandidateforthedynamicenforcementofa coherentsecurityposture. However,whileitisclearthatcentralization providessignificantbenefits,italsopresentsa numberofchallenges,likethefactthatthesdnc isahighlyattractiveattacksurface.Thankfully, resiliency,authentication,andauthorizationaddress thisrisk,reducingtheimpactofattack. Resilientcontrolplane Thethreemainelementsofsdn are:sdn apps,the sdnc,andnes.Giventhatcontrolofthenetworkis centralized,allcommunicationwithinthecontrol planeneedstobetreatedascritical,asanoutage resultingfromasuccessfulattackmayleadtoan undesiredimpactonbusinesscontinuity.If,for example,thesdnc ispreventedfromtakingcritical actiontomitigateados attack,theentirenetwork andallofitstenantsmaybeaffected.Toavoidthis, thecontrolplaneneedsagreaterlevelofresiliency builtintoit. Tocommunicatewithtenantapplicationsand nes,thesdnc exposesasetofinterfaces.Allthese interfacesmayexperienceheavytrafficloads, dependingonthetypeandnumberofrunning applications.Trafficontheinterfacescanbefurther impactedbynes,forexample,forwardingpackets forwhichtheyhavenoforwardingrules.So,interms ofdependenceonthesdnc,traditionalnetworks appeartobemorerobust. Aneffectivewaytoimprovetheresilienceofthe centralizedcontrolplaneandpreventthespread ofddos control-planeattackstotherestofthe networkistorate-limitnesintermsofbandwidth andresourceconsumption–suchascpu load, memoryusage,andapi calls. Resiliencecanbefurtherenhancedthrough properresourcededication–wherethesdnc authenticateseachresourcerequest,and subsequentlychecksrequestsagainststrong authorizationcontrolpolicies. Strongauthenticationandauthorization Authenticationandauthorizationaretheprocesses usedtoidentifyanunknownsourceandthen determineitsaccessprivileges.Implemented correctly,theseprocessescanprotectnetworksfrom certaintypesofattack,suchas:
  • 8. ✱ WHAT DOES SDN EXPOSE? 8 ERICSSON TECHNOLOGY REVIEW ✱ AUGUST 31, 2015 〉〉 provisionoffalse(statistical)feedbacktothesystem –forexample,foolingthesystemintobelievingitis underattack,resultinginunnecessarydeployment ofcountermeasures,whichconsumesresourcesand inevitablyleadstosuboptimalusage; 〉〉 modificationofavalidon-pathrequest–whichresults inadirectattackthataltersnetworkbehavior; 〉〉 forwardingtrafficthatisnotmeanttobeforwarded, ornotforwardingtrafficthatshouldbe–subverting networkisolation;and 〉〉 gainingcontrolaccesstoanycomponent–rendering theentirenetworkuntrustworthy. Thecriticalnatureofthesdnc dictatesthat additionalsecuritymeasuresneedtobetakento protectit.Attheveryleast,trafficmustbeintegrity protectedtopreventtamperingofon-pathtraffic, buteventhislevelofprotectiondoesnotsecure controldata. Encryptionisonewayofpreventingcontrol datafrombeingleaked.But,eventogetherwith integrityprotection,encryptionisnotsufficientto protectagainstman-in-the-middle-typeattacks. Andso,allcommunicationwithinthecontrolplane mustbemutuallyauthenticated.Securityprotocols liketls andipsec provideameansformutual authenticationaswellasforreplayattackprotection, confidentiality,andintegrityprotection. Mutualauthenticationdoes,however,present somedifficulties,suchashowtobootstrapsecurity intothesystem.Onewaytosolvethisisbyusing securitycertificates.Howthenthesecertificatesare issued,installed,stored,andrevokedthenbecomes thesignificantsecuritydifficulty.Encryptionand integrityprotectionwithoutmutualauthentication arelessusefulfromasecuritypointofview. Theproblemwithmutualauthenticationis thatitrequirespreviousknowledgeoftheremote communicatingendpoint–unlessacommonly trustedthirdpartyexists. Onasmallscale,mutualauthenticationcanbe implementedmanually–requiringadministrators toinstallpropercertificatesorsharedsecretson allendpoints.However,forcomplexandphysically separatedsystems–andespeciallyinnetworks wheremanysdn componentscanbecreated dynamicallyandadministeredbymultipleparties– manualimplementationmaynotbefeasible. Thesdnc providesnetworkconfiguration informationthroughAPI callstoitsservices,which enablestenantstousesdn applicationstocontrol networkbehavior.Thissituationissomewhat alarming,giventhatphysicalhardwareresources maybesharedamongrivaltenants.Whileordinary securitymeasures–suchasargumentsanitization andvalidation–mustbeinplace,thesdnc also needsasolidauthentication,authorizationand accountabilityinfrastructuretoprotectthenetwork fromunauthorizedchanges.Strongauthentication andauthorizationprovidesadditionalprotection,as itpreventsanattackerfromimpersonatingansdn component,especiallythesdnc. Byenforcingstrictauthorizationand accountabilityprocesses,damagescanbelimited, andreliabletracesforforensicsprovided.Role- basedaccesscontrol(rbac)isacommonlyused approachforrestrictingtheactionspermittedby anapplicationbyassigningaroletoit.Rolescanbe definedonahost,userorapplicationbasis. Ineffect,rbac isasecuritypolicyenforcing system.Thefewerthenumberofpermittedactions, themorelimitedtheexploitablefunctionality.When implementedcorrectly,rbac canbeinvaluable. Unfortunately,thisapproachisrathercumbersome insystemswithverynarrowlydefinedroles wherefrequentchangestakeplace.Attheother endofthescale,rbac losesitsedgeifrolesaretoo looselydefined. Forthepurposesofsystemintegrityassurance, everyeventthatoccursinthesystemshouldbe recordedinalog.Howtheselogsarestoredand securedagainstimproperaccessalsoneedstobe considered,andanexternalhostisrecommended. Multi-tenancy Wherenetworksarebuiltusingsdn techniques,itis possibleforthesamephysicalnetworktobeshared amongseveraltenants,whichcaninturnmanage theirownvirtualnetworks.Multi-tenancyallowsfor betterutilizationofnetworkresources,loweringthe totalcostofownership.Fortenants,sdn shortens thetimetakentoreacttochangingsituations
  • 9. WHAT DOES SDN EXPOSE? ✱ AUGUST 31, 2015 ✱ ERICSSON TECHNOLOGY REVIEW 9 through,forexample,automaticscalingofresources. Tomaintainanacceptablelevelofsecurity,tenants shouldnotbeabletointerferewitheachother’s networks,andneednotevenbeawarethattheyare sharingnetworkresourceswithothers. Tenantisolation(theseparationofonetenant’s resourcesandactionsfromanother)isanimportant featureofsdn frameworksecurity. Controlplaneisolation Isolationisonewaytopreventtheactionsofone tenantfromimpactingothers.Thisisacritical businessaspectthatmustbestronglyenforced. Tenantisolationisorchestratedbythesdnc, andimplementedinsdn nesthroughspecific forwardingrules.Whiletheburdenofproviding secureisolationlieswiththesdnc,tenantsalsoplay animportantroleinsharingthatburden. Thenetworkprovidesisolationprimarilyonthe linklayer.Ifatenanthasweaknetworksecurity procedures,informationdisclosuremayoccur, resultinginabreachofisolationathigherlayers. Forexample,aroguesdn appwithprivilegesthat spanbeyondisolationbordersmayimpactoverall networksecuritybysteeringtraffictoathirdparty (informationdisclosure)byover-orunder-billing (theftofservice)orbydroppingtraffic(dos). Thecentralizednatureofthesdn controlplane furtheraccentuatestheimpactofsuchattacks. Consequently,thetaskofprovidingisolationcannot beentirelyoffloadedontothesdn network. Dataplaneisolation Tenantsrunningabusinessonvirtualnetworks builtusingsdn maybesubjecttothesame kindofnetwork-basedattacksasintraditional networks.However,duetothesharednetworking infrastructure,theimpactofsuchanattackmaybe dividedamongsomeorevenallofthesetenants. Thisisanewrisk,whichmayhaveacommercial impact;nobodywantstoopenabusinessnexttoa known(orperceived)troublemakeroronethatis pronetoattack. So,forthedataplane,flowsassociatedwith eachparticulartenantmustremainisolatedatall times.Isolationmaybeperformedlogicallythrough overlaynetworks andenforced withinthenes.For example,bytagging theownershipof trafficgenerated byeachtenant, thetrafficcanbe carriedoverasharedinfrastructure–onceithas beenencapsulated(tagged).Tunnelstaggedfor agiventenantarethenforwardedtothevirtual networkforthattenant.Manyalternative(and complementary)techniquesareavailableforthis typeofencapsulation,includinggre,mpls and ipsec. Taggingisonewaytoperformlogicalisolation, butIP addressescanalsobeused,removingthe needforspecifictaggingtechniques.Bearingin mindthatseparatenetworkfunctioninstances arenotrequiredtoservicedifferenttenants,some networkfunctionalitycanbesharedbytenantsas longasisolationispreservedandenforced. Inadditiontologicalisolation,trafficmaybe encryptedwithspecifictenantkeys.Thisguarantees thatinthecaseoflogicalencapsulationviolation,the datatrafficremainsisolatedandinformationcannot beleaked. Isolationissuesneedtoberesolvedwhilebearing resourceconsumptioninmind.Whiletraffic isolationcanhelpwithdataleakage,sharedresource usagealsorequiresresourceisolation.Forexample, theexistenceofaforwardingloopwithinonetenant maypotentiallyimpactalltenants,astheproblem overloadstheunderlyingnetworkequipment.To counteractthisproblem,thesdnc mustenforce resourceisolation,andusemeasureslikerate limitingtominimizetheimpactthatatenantcan haveonthenetwork. Programmability Oneofthesignificantbenefitsbroughtabout throughsdn isprogrammability:theabilityto configureanetworkefficiently,securely,andin atimelymanner.sdn programmabilityexistsin varyingdegreesofcomplexityandabstraction.At oneendofthescale,programmabilityenablesnes AS THE SDNC IS SO CRITICAL,ADDITIONAL SECURITY MEASURES ARE NEEDED TO PROTECT IT
  • 10. ✱ WHAT DOES SDN EXPOSE? 10 ERICSSON TECHNOLOGY REVIEW ✱ AUGUST 31, 2015 tobedynamicallyreprogrammedtoforwarddata flowsaccordingtotheircapabilitiesandhigher- levelpoliciesinthenetwork.Attheotherend,sdn appsenabletenantstoprogrammaticallyissuerun- timerequirementstothenetwork.Allrequestsare consolidatedbythesdnc,whichfulfillshigher-level requestsfromthecapabilitiesavailableatthelower levels.Tomakethistasktrickier,sdn appsmay issueorthogonal(mutuallyexclusive/contradicting) requests.Theautomatedsolutionmaythenneedto dynamicallyreconfigureachunkofthesdn network –andallofthismusthappenwithinsecondsorless. Theprimarybenefitthatprogrammabilitybrings fornetworksbuiltusingthesdn architecture approachisflexiblecontrol.Theabilitytocontrol anetworkandapplychangesinatimelymanner increasesthenetwork’slevelofagility.Suchflexibility canmakethenetworkmoresecure,asitisconstantly monitoredanddesignedtomitigatemalicious behaviorinmoreorlessrealtime.Thedownsideof theflexibilityprovidedbyprogrammabilityisthe significantimpactithasonsecurity. Configurationcoherency Allowingtenantstoissueprogrammaticchangesto thenetworkenablesnetworkstoadapttochanging conditions–increasingnetworkagility.Inpractical terms,programmabilitycan,forexample,reduce thetimeittakestosetupacustomercollaboration networkfromdaysormonthstominutesorhours. Programmabilitymayalsoremovetheneedfor manualconfiguration,whichispronetoerror.The result:theautomaticreconfigurationofnetworksis feasible,providingthesdnc withaglobalviewof thenetwork,enablingittoperformsanitychecking andregressiontestingsothatnewnetworkscanbe rapidlydeployed. Unfortunately,theflexibilityprovidedby programmabilityallowstenantstomakechanges tothesharedenvironment,whichcancripplethe operationoftheentirenetwork–eitherintentionally orunintentionallyasaresultofmisinformation. Ensuringcoherencyamongtheactionsofthe varioussdn appsonthenetworkalsoneedsto beconsideredfromasecuritypointofview(as describedin5 ).Considerthecasewheresecurity andload-balancingapplicationsareinstantiated foragiventenant.Acoherencyconflictarises,for example,whenthesecurityapplicationdecides toquarantineaserver,whiletheload-balancing applicationsimultaneouslydecidestoroutetraffic tothequarantinedserver–becauseitappearsto havelowload.Toavoidcoherencyissues,thesdnc mustbeabletoassessandeliminatethepossibleside effectsoftheacceptablenetworkchangesby eachtenant,andtofeatureeffectiveconflict resolutionheuristics. Anothertypeofconflictarisesduetothe complexityofvirtualnetworktopologies,andthe difficultyofmaintainingacoherentsecuritypolicy acrossanetwork.Specialcareisrequiredfortraffic thatneedstobeforwardedtosecurityappliances formonitoringpurposes.Asthetrafficorpartsofit canberoutedoverdifferentpaths,methodsneed tobeputinplacetoensurethatallthetrafficis covered.Consequently,monitoringisnecessaryon allpaths.Similarissuesariseintraditionalnetworks, buttheincreasedservicevelocityofferedbysdn architecturemayfuelthistypeofconflict. Dynamicity Thedynamicandreactivenatureofnetworksbuilt usingthesdn approachopensupnewpossibilities forfightingnetworkattacks.Automatednetwork reconfigurations,forwardingtohoneypots,and blackholeroutingarejustsomeofthetechniques thatcanbeemployed.Servicechainingisyet anothertechniquethatutilizessdn propertiesand canbeusedtoscreenformaliciouspayloadand triggermitigatingactions. Anetworkbuiltusingsdn techniquescando lower-layeranalysisbasedonparameterssuchas datarate,source,andpacketsize,whilethetenant canprovidehigher-layeranalysisbasedonprotocols, transportports,andpayloadfingerprints.Once suspiciousbehaviorhasbeendetected,thenetwork canuseitsprogrammabilityfeaturestoanalyzethe situationinmoredetailortriggermitigatingactions. However,whilethefeedbacksystemprovides someadvantagesintermsofsecurity,italsopresents someissues.Theinteractionbetweenthedata planeandthecontrolplanebreaksthefundamental
  • 11. WHAT DOES SDN EXPOSE? ✱ AUGUST 31, 2015 ✱ ERICSSON TECHNOLOGY REVIEW 11 sdn concept:theseparationofthesetwoplanes. Thisinturnmakesthedataplaneasteppingstone forattackingthecontrolplane.Aswithother feedbackloops,thisinteraction,unlessmanaged appropriately,mayleadtoanoscillatingsituation thatwilleventuallymakethenetworkunstable. Conclusion Thebeautyofsdn liesinitsabilityasatechnology tomakenetworksflexible,ensureefficientuse ofresources,andfacilitateamuchhigherlevelof systemautonomy.Likeanynascenttechnology,sdn shouldbehandledcautiouslytoavoiditbecoming anattackvector.However,sdn opensupnew possibilitiesfortheimplementationofimproved securitymechanismsinthenetwork,offering broadervisibility,programmability,aswellasa centralizedapproachtonetworkmanagement. Kristian Slavov ◆ Works at Ericsson Security Research in Jorvas, Finland. He has a background in programming and a keen interest in security, with more than 10 years of experience in this field. He holds an M.Sc. in telecommunications software from Helsinki University of Technology. He is also an avid canoe polo player. Daniel Migault ◆ Works at Ericsson Security Research in Montreal, Canada. He works on standardization at IETF and serves as a liaison between IAB and ICANN/RSSAC. He used to work in the Security Department at Orange Labs for France Telecom RD and holds a Ph.D. in Telecom and Security from Pierre and Marie Curie University (UPMC) and Institut National des Telecommunications (INT), France. Makan Pourzandi ◆ Works at Ericsson Security Research in Montreal, Canada. He has more than 15 years’ experience in security for telecom systems, cloud, and distributed security and software security. He holds a Ph.D. in parallel computing and distributed systems from the Université Claude Bernard Lyon 1, France, and an M.Sc. in parallel processing from École Normale Supérieure (ENS) de Lyon, France. THEAUTHORS References 1. Open Networking Foundation, 2014, sdn Architecture Overview, available at: http://www.opennetworking.org/images/stories/ downloads/sdn-resources/technical-reports/TR_ SDN-ARCH-Overview-1.1-11112014.02.pdf 2. ACM, 2013, Proceedings,Towards secure and dependable software-defined networks, abstract available at: http://dl.acm.org/citation.cfm?id=2491199 3. Ericsson, 2013, Ericsson Review, Software- defined networking: the service provider perspective, available at: http://www.ericsson.com/news/130221-software- defined-networking-the-service-provider- perspective_244129229_c 4. OpenDaylight project, available at: http://www.opendaylight.org/ 5. CSL, SRI International, 2015, Proceedings, Securing the Software-Defined Network, available at: http://www.csl.sri.com/users/porras/SE- Floodlight.pdf
  • 12. ✱ WHAT DOES SDN EXPOSE? 12 ERICSSON TECHNOLOGY REVIEW ✱ AUGUST 31, 2015 ISSN 0014-0171 284 23-3259 | Uen © Ericsson AB 2015 Ericsson SE-164 83 Stockholm, Sweden Phone: + 46 10 719 0000