Dynamic vulnerability assessments of software-defined networks

Abstract

The networks (SDN) poses many potential security threats because of its principle of dissociating the network management interface from the underneath networking components and making a programmable networking system. Many security countermeasures have been proposed regarding this current trending environment, but none of the research has considered the existing vulnerabilities in SDN entities. This paper demonstrates the vulnerabilities using CVSS in the first place and then identifies the mutual relationship between the vulnerabilities using Bayesian network methodology.

This is a preview of subscription content, log in to check access.

Fig. 1
Fig. 2

References

  1. 1.

    Akhunzada A, Ahmed E, Gani A, Khan MK, Imran M, Guizani S (2015) Securing software defined networks: taxonomy, requirements, and open issues. IEEE Commun Mag 53(4):36–44

    Article  Google Scholar 

  2. 2.

    CVSS Special Interest Group(SIG), Common vulnerability scoring system v3.0: Specification, FIRST.ORG, Inc., (Jun 2015)

  3. 3.

    Open Networking Foundation Member, OpenFlow switch specificaion: version 1.3.0, The Open Networking Foundation, (Jun 2012)

  4. 4.

    Shu Z, Wan J, Li D, Lin J, Vasilakos AV, Imran M (2016) Security in software-defined networking: threats and countermeasures. Mob Netw Appl 21(5):764–776

    Article  Google Scholar 

  5. 5.

    Karmakar KK, Varadharajan V, Tupakula U (2016) On the design and implementation od a security architecture for software defined network. IEEE international conference on HPCC/Ssart city/data science and system 671–678

  6. 6.

    Al-Shaer E, Al-Haj S (2010) Flowchecker: configuration analysis and verification of federated OpenFlow infrastructures. In: Proceedings of the 3rd ACM workshop on assurable and usable security configuration, 37–44

  7. 7.

    Shin S, Yegneswaran V, Porras P, Gu G (2013) AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks. ACM SIGSAC conference on computer & communications security 413–424

  8. 8.

    Kloti R, Kotronis V, Smith P (2013) OpenFlow: a security analysis. IEEE international conference on network protocols pp. 1–6

  9. 9.

    Herman S, Lambert S, Ostwald T, Shostack A (2006) Uncover security design Flwas using the STRIDE approach, http://msdn.microsoft.com/en-gb/magazine/cc163519.asp

  10. 10.

    Saini V, Duan Q, Paruchuri V (2008) Threat modeling using attack trees. J Comput Sci Coll 23(4):124–131

    Google Scholar 

  11. 11.

    Wang H, Xu L, Gu G (2015) FloodGuard: a DoS attack prevention extension in software-defined networks. In: IEEE/IFIP international conference on dependable systems and networks pp. 239–250

  12. 12.

    Wang H, Xu L, Gu G (2015) OF-GUARD: a DoS attack prevention extension in software-defined networks. In: IEEE/IFIP international conference on dDependable systems and networks

  13. 13.

    Wang R, Jia Z, Ju L (2015) An entropy-based distributed DDoS detection mechanism in software-defined networking. In: IEEE Trustcom/BigDataSE/ISPA 310–317

  14. 14.

    Fonseca P, Bennesby R, Mota E, Passito A (2012) A replication component for resilient OpenFlow-based networking. In: IEEE network operations and management symposium (NOMS) 933–939

  15. 15.

    Wang S, Chavez K G, Kandeepan S (2017) SECO: SDN sEcure COntroller algorithm for detecting and defending denial of service attacks. In: International conference on information and communication technology (ICoIC7), 1–6

  16. 16.

    Wei L, Fung C (2015) FlowRanger: A request prioritizing algorithm for controller DoS attacks in Software Defined Networks. In: IEEE international conference on communications (ICC) 5254–5259

  17. 17.

    Dao NN, Park J, Cho S (January 2015) A feasible method to combat against DDoS attack in SDN network. In: International conference on information networking (ICOIN) 309–311

  18. 18.

    Sahay R, Blanc G, Zhang Z, Debar H (2015) Towards autonomic DDoS mitigation using software defined networking. Network and distributed system security (NDSS) symposium, 1–7

  19. 19.

    Dridi L, Zhani MF (2016) SDN-GUARD: DoS attacks mitigation in SDN networks. In: International conference on cloud networking 212–217

  20. 20.

    Porras P, Shin S, Yegneswaran V, Fong M, Tyson M, Gu G (2012) A security enforcement kernel for OpenFlow networks. In: Proceedings of the first workshop on Hot topics in software defined networks. ACM, 121–126

  21. 21.

    Canini M, Venzano D, Pereni P, Kosti D, Rexford J (2012) A NICE way to test OpenFlow applications. In: USENIX conference on networked systems design and implementation 10–10

  22. 22.

    Son S, Shin S, Yegneswaran V, Porras P, Gu G (June 2013) Model checking invariant security properties in OpenFlow. In: IEEE international conference on communications (ICC)

  23. 23.

    Mai H, Khurshid A, Agarwal R, Caesar M, Godfrey P, King S (2011) Debugging the data plane with anteater. In: ACM SIGCOMM 2011 conference, 29301

  24. 24.

    Kazemian P, Chan M, Zeng H, Varghese G, McKeown N, Whyte S (2013) Real time network policy checking using header space analysis. In: USENIX symposium on networked systems design and implementation, pp 99–112

  25. 25.

    Hp switch software - openflow supplement, https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03170243, 1-32 (February 2012)

  26. 26.

    Horny M (2014) Bayesian networks, Bostom University School of Public Health,Technical Report, No.5, 1–14

  27. 27.

    Liy Y, Man H (2005) Network vulnerability assessment using Bayesian networks. In: Proceedings of the SPIE, Volume 5812, 61–71 )

  28. 28.

    Wang L, Islam T, Long T, Singhal A, Jajioda S (2008) An attack graph-based security metric. In: IFIP WG 11.3 working conference on data and applications security, 283 – 296

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Raktim Deb.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Deb, R., Roy, S. Dynamic vulnerability assessments of software-defined networks. Innovations Syst Softw Eng 16, 45–51 (2020). https://doi.org/10.1007/s11334-019-00337-3

Download citation

Keywords

  • SDN:software-defined networks
  • Common vulnerability scoring system (CVSS)
  • Bayesian network