Advertisement

Cloud Computing Security: What Changes with Software-Defined Networking?

  • Maurício Tsugawa
  • Andréa Matsunaga
  • José A. B. Fortes
Chapter

Abstract

Broadly construed, Software-Defined Networking (SDN) refers to the use of a standards-based open architecture and its supporting open source and open interfaces technologies to enable the deployment, management, and operation of networks. While traditional network management relies on vendor-specific hardware, protocols, and software, SDN systems are architected to have well-defined control and data planes offering flexible management interfaces. The enhanced control enabled by SDN opens opportunities for better cloud security engineering. At the same time, new vulnerabilities are potentially exposed as new technologies are introduced. This chapter discusses how SDN impacts cloud security, and potential risks that need to be addressed when SDN is deployed within and across clouds.

Keywords

Cloud Provider Simple Network Management Protocol Network Administrator Medium Access Control Address Network Hardware 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Notes

Acknowledgements

This work is supported in part by National Science Foundation (NSF) grants No. 0910812, 1139707, 1240171 and the AT&T Foundation. Any opinions, findings and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the NSF, and AT&T Foundation.

References

  1. 1.
    Apache CloudStack Project. http://www.cloudstack.org. Cited 14 June 2013.
  2. 2.
    Bernstein D and Vij D (2010) Intercloud Security Considerations. In 2010 IEEE Second International Conference on Cloud Computing Technology and Science (CloudCom). 537–44. IEEE, Indianapolis, USA. doi:10.1109/CloudCom.2010.82.CrossRefGoogle Scholar
  3. 3.
    Bernstein D, Ludvigson E, Sankar K, Diamond S, and Morrow M (2009) Blueprint for the Intercloud - Protocols and Formats for Cloud Computing Interoperability. In Fourth International Conference on Internet and Web Applications and Services 2009 (ICIW ’09). 328–36. Venice/Mestre. doi:10.1109/iciw.2009.55.Google Scholar
  4. 4.
    Case JD, Fedor M, Schoffstall ML, and Davin J (1990) A Simple Network Management Protocol (SNMP). IETF RFC 1157, 1–36.Google Scholar
  5. 5.
    Google - IPv6 statistics. http://www.google.com/intl/en/ipv6/statistics.html. Cited 14 June 2013.
  6. 6.
    Greene K (2009) TR10: Software-Defined Networking. Technology Review (MIT). http://www2.technologyreview.com/article/412194/tr10-software-defined-networking/. Accessed 14 June 2013.
  7. 7.
    Gude N, Koponen T, Pettit J, Pfaff B, Casado M, McKeown N et al. (2008) NOX: towards an operating system for networks. ACM SIGCOMM Computer Communication Review 38, 105–10. doi:10.1145/1384609.1384625.Google Scholar
  8. 8.
    Handigol N, Heller B, Jeyakumar V, Maziéres D, and McKeown N (2012) Where is the debugger for my software-defined network? In Proceedings of the first workshop on Hot topics in software defined networks. Vol. pp. 55–60, ACM, Helsinki.Google Scholar
  9. 9.
    Hölzle U (2012) OpenFlow@Google. Open Networking Summit 2012. http://www.youtube.com/watch?v=VLHJUfgxEO4. Accessed 14 June 2013.
  10. 10.
    Internet Engineering Task Force. http://www.ietf.org. Cited 14 June 2013.
  11. 11.
    Internet2 (2012) Internet2 Innovation Platform FAQ. Internet2. http://www.internet2.edu/pubs/Internet2-Innovation-Platform-FAQ.pdf. Accessed 14 June 2013.
  12. 12.
    Interworking Task Group of IEEE 802.1 (2011) IEEE Standard for Local and metropolitan area networks–Media Access Control (MAC) Bridges and Virtual Bridged Local Area Networks. IEEE Std 802.1Q-2011 (Revision of IEEE Std 802.1Q-2005) 1–1364. doi:10.1109/ieeestd.2011.6009146.Google Scholar
  13. 13.
    Keahey K, Tsugawa M, Matsunaga A, and Fortes JAB (2009) Sky Computing. In IEEE Internet Computing. Vol. 13, pp. 43–51.Google Scholar
  14. 14.
    McKeown N (2008) Why can’t I innovate in my wiring closet? The Stanford Clean Slate Program. http://www.openflow.org/documents/OpenFlow.ppt. Accessed 14 June 2013.
  15. 15.
    McKeown N, Anderson T, Balakrishnan H, Parulkar G, Peterson L, Rexford J et al. (2008) OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Computer Communication Review 38, 69–74. doi:10.1145/1355734.1355746.Google Scholar
  16. 16.
    Mehdi SA, Khalid J, and Khayam SA (2011) Revisiting traffic anomaly detection using software defined networking. In Proceedings of the 14th international conference on Recent Advances in Intrusion Detection (RAID’11). 161–80. Springer-Verlag, Menlo Park, CA. doi:10.1007/978-3-642-23644-0_9.CrossRefGoogle Scholar
  17. 17.
    Nadeau T and Pan P (2011) Software Driven Networks Problem Statement. IETF Internet-Draft (work-in-progress) draft-nadeau-sdnproblem-statement-01.Google Scholar
  18. 18.
    Nascimento MR, Rothenberg CE, Salvador MR, Corrêa CNA, Lucena SCd, and Magalhães MF (2011) Virtual routers as a service: the RouteFlow approach leveraging software-defined networks. In Proceedings of the 6th International Conference on Future Internet Technologies. 34–7. ACM, New York, NY, Seoul, Republic of Korea. doi:10.1145/2002396.2002405.Google Scholar
  19. 19.
    Nayak AK, Reimers A, Feamster N, and Clark R (2009) Resonance: dynamic access control for enterprise networks. In Proceedings of the 1st ACM workshop on Research on enterprise networking. 11–8. ACM, doi:10.1145/1592681.1592684.Google Scholar
  20. 20.
    NOX OpenFlow Controller. http://www.noxrepo.org. Cited 14 June 2013.
  21. 21.
    OpenFlow. http://www.openflow.org. Cited 14 June 2013.
  22. 22.
    OpenFlowSec. http://www.openflowsec.org. Cited 14 June 2013.
  23. 23.
    Open Networking Foundation. http://www.opennetworking.org. Cited 14 June 2013.
  24. 24.
    Open Networking Summit. http://www.opennetsummit.org. Cited 14 June 2013.
  25. 25.
    Piper S (2013) In Big Data Security for Dummies. John Wiley & Sons, Inc.Google Scholar
  26. 26.
    Porras P, Shin S, Yegneswaran V, Fong M, Tyson M, and Gu G (2012) A security enforcement kernel for OpenFlow networks. In Proceedings of the first workshop on Hot topics in software defined networks. 121–6. ACM, New York, NY, Helsinki, Finland. doi:10.1145/2342441.2342466.CrossRefGoogle Scholar
  27. 27.
    Reitblatt M, Foster N, Rexford J, and Walker D (2011) Consistent updates for software-defined networks: Change you can believe in! In Proceedings of the 10th ACM Workshop on Hot Topics in Networks. ACM, Cambridge. doi:10.1145/2070562.2070569.Google Scholar
  28. 28.
    Rothenberg CE, Nascimento MR, Salvador MR, Corrêa CNA, Lucena SCd, and Raszuk R (2012) Revisiting routing control platforms with the eyes and muscles of software-defined networking. In Proceedings of the first workshop on Hot topics in software defined networks. 13–8. ACM, Helsinki, Finland. doi:10.1145/2342441.2342445.Google Scholar
  29. 29.
    Sherwood R, Gibb G, Yap K-K, Appenzeller G, Casado M, McKeown N et al. (2009) FlowVisor: A Network Virtualization Layer. OpenFlow Switch Consortium, Tech. Rep. OPENFLOW-TR-2009-1.Google Scholar
  30. 30.
    Sherwood R, Gibb G, Yap K-K, Appenzeller G, Casado M, McKeown N et al. (2010) Can the Production Network Be the Testbed? In 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI). 365–78. USENIX Association, Vancouver, BC, Canada.Google Scholar
  31. 31.
    Shin S and Gu G (2012) CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?). In 2012 20th IEEE International Conference on Network Protocols (ICNP). 1–6. Austin, TX. doi:10.1109/icnp.2012.6459946.CrossRefGoogle Scholar
  32. 32.
    Skowyra R, Lapets A, Bestavros A, and Kfoury A (2013) Verifiably-Safe Software-Defined Networks for CPS. In Proceedings of the 2nd ACM International Conference on High Confidence Networked Systems (HiCoNS 2013), Philedelphia, PA, USA. ACM, Philadelphia.Google Scholar
  33. 33.
    Stabler G, Rosen A, Goasguen S, and Wang K-C (2012) Elastic IP and security groups implementation using OpenFlow. In Proceedings of the 6th international workshop on Virtualization Technologies in Distributed Computing Date. ACM, Delft, The Netherlands. doi:10.1145/2287056.2287069.Google Scholar
  34. 34.
    Waite A (2010) InfoSec Triads: Security/Functionality/Ease-of-use. http://blog.infosanity.co.uk/2010/06/12/infosec-triads-securityfunctionalityease-of-use/. Accessed 14 June 2013.
  35. 35.
    Yap K-K, Yiakoumis Y, Kobayashi M, Katti S, Parulkar G, and McKeown N (2011) Separating authentication, access and accounting: A case study with OpenWiFi. Technical report, OpenFlow 2011-1.Google Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  • Maurício Tsugawa
    • 1
  • Andréa Matsunaga
    • 1
  • José A. B. Fortes
    • 1
  1. 1.Advanced Computing and Information Systems Laboratory, Department of Electrical and Computer EngineeringUniversity of FloridaGainesvilleUSA

Personalised recommendations