Abstract
Software-defined network (SDN) is an emerging approach to replace legacy network’s (coupled software and hardware) control and management by decoupling the control plane (software) from the data plane (hardware). SDN provides flexibility to the developers by making the central control plane directly programmable. Some new challenges, such as single point of failure, might be encountered due to the central control plane. SDN focused on flexibility where as the security of the network was primarily not considered. Decoupling of control plane (software) from data plane (hardware) is a great step for innovation and research. Centralized control plane may cause the single point of failure and compromising the controller means the whole network is compromised. Many organizations and data centers are moving towards SDN. Now, security is their primary concern. Security issues of the four controllers including FloodLight, ZeroSDN, Beacon and POX are analyzed with STRIDE threat modeling technique. We found that SE-FloodLight is the most secure controller because it is the most resilient controller as compared to the other controllers.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Abusing Software Defined Networks (Whitepaper). https://www.blackhat.com/docs/eu-14/materials/eu-14-Pickett-Abusing-Software-Defined-Networks-wp.pdf
Akyildiz Ian F et al (2014) A roadmap for traffic engineering in SDN-OpenFlownetworks. Comput Netw 71:1–30
Authorization. http://searchsoftwarequality.techtarget.com/definition/authorization. Accessed Feb 2017
Beacom release. https://openflow.stanford.edu/display/Beacon/Home. Accessed Feb 2017
Beacon TLS. https://support.breezy.com/hc/en-us/articles/216771338-Beacon-Deployment. Accessed Feb 2017
Chappell D (2004) Enterprise service bus. O’Reilly Media Inc
CIA. http://whatis.techtarget.com/definition/Confidentialityintegrity-and-availability-CIA. Accessed Feb 2017
Douligeris C, Mitrokotsa A (2004) DDoS attacks and defensemechanisms: classification and state-of-the-art. Comput Netw 44(5):643–666
Dover JM (2013) A denial of service attack against the Open Floodlight SDNcontroller
DĂĽrr F et al (2016) ZeroSDN: a message bus for flexible and light-weight network control distribution in SDN. arXiv preprint arXiv:1610.04421
Erickson D (2013) The beacon openflow controller. In: Proceedings of the second ACM SIGCOMM workshop on hot topics in software defined networking. ACM, pp 13–18
Floodlight Release and of Support. https://floodlight.atlassian.net/wiki/display/floodlightcontroller/Floodlight+v1.0. Accessed Feb 2017
FloodLight. http://floodlight.openflowhub.org/
Gilliam DP, Powell JD (2002) Integrating a flexible modeling framework(FMF) with the network security assessment instrument to reduce software security risk. In: Proceedings eleventh IEEE international workshops on enabling technologies: infrastructure for collaborative enterprises, WET ICE 2002. IEEE, pp 153–158
Hong S et al (2015) Poisoning network visibility in software-defined networks: new attacks and countermeasures. In: NDSS
Hu H et al (2014) FLOWGUARD: building robust firewalls for software defined networks. In: Proceedings of the third workshop on hot topics in software defined networking. ACM, pp 97–102
Kanika (2017) SDN threat analysis. http://sdntutorials.com/difference-between-control-plane-and-data-plane. Accessed Feb 2017
Kanika. SDN threat analysis. http://zerosdn.github.io. Accessed Feb 2017
Khondoker R et al (2014) Feature-based comparison and selection of Software Defined Networking (SDN) controllers. In: 2014 World Congress on Computer applications 6 security analysis of FloodLight, ZeroSDN, beacon and POX SDN Controllers 101 and Information Systems (WCCAIS). IEEE, pp 1–7
Klöti R, Kotronis V, Smith P (2013) Openflow: A securityanalysis. In: 2013 21st IEEE International Conference on Network Protocols (ICNP). IEEE, pp 1–6
Krishnan RR, Figueira N (2015) Analysis of data center SDN controller architectures: technology and business impacts. In: 2015 International Conference on Computing, Networking and Communications (ICNC). IEEE, pp 104–109
Laan J (2015) Securing the SDN northbound interface
LeBlanc D. DREADful. http://blogs.msdn.com/b/davidleblanc/archive/2007/08/13/dreadful.aspx
Lodderstedt T, Basin D, Doser J (2002) SecureUML: A UML based modeling language for model-driven security. In: International conference on the unified modeling language. Springer, pp 426–441
Mattos DMF, Duarte OCMB (2016) AuthFlow: authentication and access control mechanism for software defined networking. Ann Telecommun 71(11–12):607–615
McKeown N et al (2008) OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput Commun Rev 38(2):69–74
Non repudiation. http://searchsecurity.techtarget.com/definition/nonrepudiation. Accessed Feb 2017
OSGI spec. https://www.osgi.org/developer/specifications. Accessed Feb 2017
Porras P et al (2012) A security enforcement kernel for OpenFlow networks. In: Proceedings of the first workshop on hot topics in software defined networks. ACM, pp 121–126
Porras PA et al (2015) Securing the software defined network control layer. In: NDSS
POX release. http://searchsecurity.techtarget.com/definition/authentication. Accessed Feb 2017
POX release. https://openflow.stanford.edu/display/ONL/POX+Wiki. Accessed Feb 2017
POX versions. https://github.com/noxrepo/pox. Accessed Feb 2017
Poxgit. http://github.com/noxrepo/pox/
Radius authentication server. http://www.elektronikkompendium.de/sites/net/1409281.htm. Accessed Feb 2017
Saitta P, Larcom B, Eddington M (2005) Trike v. 1 methodology document [draft]. http://dymaxion.org/trike/Trike_v1_Methodology_Documentdraft.pdf
Samociuk D (2015) Secure communication between Openflow switches and controllers. In: AFIN 2015, p 39
Scott-Hayward S, Kane C, Sezer S (2014) Operationcheckpoint: Sdn application control. In: 2014 IEEE 22nd international conference on Network Protocols (ICNP). IEEE, pp 618–623
sdnarchiteture. https://www.sdxcentral.com/sdn/definitions/inside-sdn-architecture. Accessed Feb 2017
Shalimov A et al (2013) Advanced study of SDN/OpenFlow controllers. In: Proceedings of the 9th Central & Eastern European software engineering conference in Russia. ACM, p 1
Shin S et al (2014) Rosemary: a robust, secure, and high-performance network operating system. In: Proceedings of the 2014 ACM SIGSAC conference on computer and communications security. ACM, pp 78–89
Shreedhar M, Varghese G (1996) Efficient fair queuing usingdeficit round-robin. IEEE/ACM Trans Netw 4(3):375–385
Song H (2013) Protocol-oblivious forwarding: unleash the power of SDN through a future-proof forwarding plane. In: Proceedings of the second ACM SIGCOMM workshop on hot topics in software defined networking. ACM, pp 127–132
Song H. SDN Threat analysis. https://www.ietf.org/proceedings/93/slides/slides-93-sdnrg-0.pdf
Ucedavélez T, Morana MM. Intro to pasta. In: Risk centric threat modeling: process for attack simulation and threat analysis, pp 317–342
Whalen S (2001) An introduction to arp spoofing. In: Node99 [Online Document] April
Yan Q, Yu FR (2015) Distributed denial of service attacks in software defined networking with cloud computing. IEEE Commun Mag 53(4):52–59
Zaalouk A (2014) Orchsec: an orchestrator-based architecture for enhancing network-security using network monitoring and SDN control functions. In: IEEE Network Operations and Management Symposium (NOMS). IEEE, pp 1–9
zeromq. http://zeromq.org. Accessed Feb 2017
ZeroSDN release. http://zerosdn.github.io. Accessed Feb 2017
Zhu Z et al (2014) Centralized flat routing. In: 2014 International conference on Computing, Management and Telecommunications (ComManTel). IEEE, pp 52–57
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this chapter
Cite this chapter
Ilyas, Q., Khondoker, R. (2018). Security Analysis of FloodLight, ZeroSDN, Beacon and POX SDN Controllers. In: Khondoker, R. (eds) SDN and NFV Security. Lecture Notes in Networks and Systems, vol 30. Springer, Cham. https://doi.org/10.1007/978-3-319-71761-6_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-71761-6_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-71760-9
Online ISBN: 978-3-319-71761-6
eBook Packages: EngineeringEngineering (R0)