Skip to main content
SpringerLink
Log in

Security Analysis of FloodLight, ZeroSDN, Beacon and POX SDN Controllers

  • Chapter
  • First Online:
SDN and NFV Security

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 30))

Abstract

Software-defined network (SDN) is an emerging approach to replace legacy network’s (coupled software and hardware) control and management by decoupling the control plane (software) from the data plane (hardware). SDN provides flexibility to the developers by making the central control plane directly programmable. Some new challenges, such as single point of failure, might be encountered due to the central control plane. SDN focused on flexibility where as the security of the network was primarily not considered. Decoupling of control plane (software) from data plane (hardware) is a great step for innovation and research. Centralized control plane may cause the single point of failure and compromising the controller means the whole network is compromised. Many organizations and data centers are moving towards SDN. Now, security is their primary concern. Security issues of the four controllers including FloodLight, ZeroSDN, Beacon and POX are analyzed with STRIDE threat modeling technique. We found that SE-FloodLight is the most secure controller because it is the most resilient controller as compared to the other controllers.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Abusing Software Defined Networks (Whitepaper). https://www.blackhat.com/docs/eu-14/materials/eu-14-Pickett-Abusing-Software-Defined-Networks-wp.pdf

  2. Akyildiz Ian F et al (2014) A roadmap for traffic engineering in SDN-OpenFlownetworks. Comput Netw 71:1–30

    Article  Google Scholar 

  3. Authorization. http://searchsoftwarequality.techtarget.com/definition/authorization. Accessed Feb 2017

  4. Beacom release. https://openflow.stanford.edu/display/Beacon/Home. Accessed Feb 2017

  5. Beacon TLS. https://support.breezy.com/hc/en-us/articles/216771338-Beacon-Deployment. Accessed Feb 2017

  6. Chappell D (2004) Enterprise service bus. O’Reilly Media Inc

    Google Scholar 

  7. CIA. http://whatis.techtarget.com/definition/Confidentialityintegrity-and-availability-CIA. Accessed Feb 2017

  8. Douligeris C, Mitrokotsa A (2004) DDoS attacks and defensemechanisms: classification and state-of-the-art. Comput Netw 44(5):643–666

    Google Scholar 

  9. Dover JM (2013) A denial of service attack against the Open Floodlight SDNcontroller

    Google Scholar 

  10. DĂĽrr F et al (2016) ZeroSDN: a message bus for flexible and light-weight network control distribution in SDN. arXiv preprint arXiv:1610.04421

  11. Erickson D (2013) The beacon openflow controller. In: Proceedings of the second ACM SIGCOMM workshop on hot topics in software defined networking. ACM, pp 13–18

    Google Scholar 

  12. Floodlight Release and of Support. https://floodlight.atlassian.net/wiki/display/floodlightcontroller/Floodlight+v1.0. Accessed Feb 2017

  13. FloodLight. http://floodlight.openflowhub.org/

  14. Gilliam DP, Powell JD (2002) Integrating a flexible modeling framework(FMF) with the network security assessment instrument to reduce software security risk. In: Proceedings eleventh IEEE international workshops on enabling technologies: infrastructure for collaborative enterprises, WET ICE 2002. IEEE, pp 153–158

    Google Scholar 

  15. Hong S et al (2015) Poisoning network visibility in software-defined networks: new attacks and countermeasures. In: NDSS

    Google Scholar 

  16. Hu H et al (2014) FLOWGUARD: building robust firewalls for software defined networks. In: Proceedings of the third workshop on hot topics in software defined networking. ACM, pp 97–102

    Google Scholar 

  17. Kanika (2017) SDN threat analysis. http://sdntutorials.com/difference-between-control-plane-and-data-plane. Accessed Feb 2017

  18. Kanika. SDN threat analysis. http://zerosdn.github.io. Accessed Feb 2017

  19. Khondoker R et al (2014) Feature-based comparison and selection of Software Defined Networking (SDN) controllers. In: 2014 World Congress on Computer applications 6 security analysis of FloodLight, ZeroSDN, beacon and POX SDN Controllers 101 and Information Systems (WCCAIS). IEEE, pp 1–7

    Google Scholar 

  20. Klöti R, Kotronis V, Smith P (2013) Openflow: A securityanalysis. In: 2013 21st IEEE International Conference on Network Protocols (ICNP). IEEE, pp 1–6

    Google Scholar 

  21. Krishnan RR, Figueira N (2015) Analysis of data center SDN controller architectures: technology and business impacts. In: 2015 International Conference on Computing, Networking and Communications (ICNC). IEEE, pp 104–109

    Google Scholar 

  22. Laan J (2015) Securing the SDN northbound interface

    Google Scholar 

  23. LeBlanc D. DREADful. http://blogs.msdn.com/b/davidleblanc/archive/2007/08/13/dreadful.aspx

  24. Lodderstedt T, Basin D, Doser J (2002) SecureUML: A UML based modeling language for model-driven security. In: International conference on the unified modeling language. Springer, pp 426–441

    Google Scholar 

  25. Mattos DMF, Duarte OCMB (2016) AuthFlow: authentication and access control mechanism for software defined networking. Ann Telecommun 71(11–12):607–615

    Google Scholar 

  26. McKeown N et al (2008) OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput Commun Rev 38(2):69–74

    Google Scholar 

  27. Non repudiation. http://searchsecurity.techtarget.com/definition/nonrepudiation. Accessed Feb 2017

  28. OSGI spec. https://www.osgi.org/developer/specifications. Accessed Feb 2017

  29. Porras P et al (2012) A security enforcement kernel for OpenFlow networks. In: Proceedings of the first workshop on hot topics in software defined networks. ACM, pp 121–126

    Google Scholar 

  30. Porras PA et al (2015) Securing the software defined network control layer. In: NDSS

    Google Scholar 

  31. POX release. http://searchsecurity.techtarget.com/definition/authentication. Accessed Feb 2017

  32. POX release. https://openflow.stanford.edu/display/ONL/POX+Wiki. Accessed Feb 2017

  33. POX versions. https://github.com/noxrepo/pox. Accessed Feb 2017

  34. Poxgit. http://github.com/noxrepo/pox/

  35. Radius authentication server. http://www.elektronikkompendium.de/sites/net/1409281.htm. Accessed Feb 2017

  36. Saitta P, Larcom B, Eddington M (2005) Trike v. 1 methodology document [draft]. http://dymaxion.org/trike/Trike_v1_Methodology_Documentdraft.pdf

  37. Samociuk D (2015) Secure communication between Openflow switches and controllers. In: AFIN 2015, p 39

    Google Scholar 

  38. Scott-Hayward S, Kane C, Sezer S (2014) Operationcheckpoint: Sdn application control. In: 2014 IEEE 22nd international conference on Network Protocols (ICNP). IEEE, pp 618–623

    Google Scholar 

  39. sdnarchiteture. https://www.sdxcentral.com/sdn/definitions/inside-sdn-architecture. Accessed Feb 2017

  40. Shalimov A et al (2013) Advanced study of SDN/OpenFlow controllers. In: Proceedings of the 9th Central & Eastern European software engineering conference in Russia. ACM, p 1

    Google Scholar 

  41. Shin S et al (2014) Rosemary: a robust, secure, and high-performance network operating system. In: Proceedings of the 2014 ACM SIGSAC conference on computer and communications security. ACM, pp 78–89

    Google Scholar 

  42. Shreedhar M, Varghese G (1996) Efficient fair queuing usingdeficit round-robin. IEEE/ACM Trans Netw 4(3):375–385

    Article  Google Scholar 

  43. Song H (2013) Protocol-oblivious forwarding: unleash the power of SDN through a future-proof forwarding plane. In: Proceedings of the second ACM SIGCOMM workshop on hot topics in software defined networking. ACM, pp 127–132

    Google Scholar 

  44. Song H. SDN Threat analysis. https://www.ietf.org/proceedings/93/slides/slides-93-sdnrg-0.pdf

  45. Ucedavélez T, Morana MM. Intro to pasta. In: Risk centric threat modeling: process for attack simulation and threat analysis, pp 317–342

    Google Scholar 

  46. Whalen S (2001) An introduction to arp spoofing. In: Node99 [Online Document] April

    Google Scholar 

  47. Yan Q, Yu FR (2015) Distributed denial of service attacks in software defined networking with cloud computing. IEEE Commun Mag 53(4):52–59

    Google Scholar 

  48. Zaalouk A (2014) Orchsec: an orchestrator-based architecture for enhancing network-security using network monitoring and SDN control functions. In: IEEE Network Operations and Management Symposium (NOMS). IEEE, pp 1–9

    Google Scholar 

  49. zeromq. http://zeromq.org. Accessed Feb 2017

  50. ZeroSDN release. http://zerosdn.github.io. Accessed Feb 2017

  51. Zhu Z et al (2014) Centralized flat routing. In: 2014 International conference on Computing, Management and Telecommunications (ComManTel). IEEE, pp 52–57

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, TU Darmstadt, Darmstadt, Germany

    Qamar Ilyas

  2. Fraunhofer SIT, Darmstadt, Germany

    Rahamatullah Khondoker

Authors
  1. Qamar Ilyas
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rahamatullah Khondoker
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rahamatullah Khondoker .

Editor information

Editors and Affiliations

  1. Mobile Networks (MNE), Fraunhofer Institute for Secure Information Technology, Darmstadt, Germany

    Rahamatullah Khondoker

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Ilyas, Q., Khondoker, R. (2018). Security Analysis of FloodLight, ZeroSDN, Beacon and POX SDN Controllers. In: Khondoker, R. (eds) SDN and NFV Security. Lecture Notes in Networks and Systems, vol 30. Springer, Cham. https://doi.org/10.1007/978-3-319-71761-6_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-71761-6_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-71760-9

  • Online ISBN: 978-3-319-71761-6

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation