da/sec scientific talk on Internet-Security

Topic: Blessing or Curse? Revisiting Security Aspects of Software-Defined Networking

by Lisa Schehlmann
FBI D14/0.13, October 23, 2014 (Thursday), 12.00 noon

Keywords — Software defined Networking, OpenFlow, Network security, Security evaluation

Abstract

Software-Defined Networking (SDN) is an emerging technology, physically separating data and control planes of network devices. From a security point of view SDN has two sides. First, it enables network security functions by design, because traffic flows can be redirected or filtered based on packet content or application layer state — functionality, which to date requires additional network security devices like firewalls, intrusion detection systems or spam filters in conventional networks. On the other hand, due to physical separation of planes, SDN possibly offers additional attack vectors compared to traditional network architectures, which may severely impact overall network availability as well as confidentiality, authenticity, integrity and consistency of network traffic and control data. In this paper, we discuss and balance security provided by SDN with security threats of SDN also in respect of traditional networks. We develop an evaluation methodology for both sides and show that from a security point of view SDN is a blessing for today’s and future network design and operation.

Rehearsal of conference presentation

Lisa Schehlmann, Sebastian Abt, Harald Baier: Blessing or Curse? Revisiting Security Aspects of Software-Defined Networking. In Proceedings of 1st International Workshop on Management of SDN and NFV Systems (ManSDN/NFV 2014), Rio de Janeiro (Brazil), November 2014, to appear.