رئوس مطالب
- چکیده
- کلیدواژه ها
- 1.مقدمه و انگیزه
- 2. بردارهای تهدید
- 3. امنیت و قابلیت اطمینان به SDN
- 3.1 پیش زمینه
- 3.3 امنیت و قابلیت اطمینان از طریق طراحی
- 3.4 آثار مرتبط
- 4. ملاحظات نتیجه گیری
Abstract
Software-defined networking empowers network operators with more flexibility to program their networks. With SDN, network management moves from codifying functionality in terms of low-level device configurations to building software that facilitates network management and debugging. By separating the complexity of state distribution from network specification, SDN provides new ways to solve long-standing problems in networking — routing, for instance — while simultaneously allowing the use of security and dependability techniques, such as access control or multi-path.
However, the security and dependability of the SDN itself is still an open issue. In this position paper we argue for the need to build secure and dependable SDNs by design. As a first step in this direction we describe several threat vectors that may enable the exploit of SDN vulnerabilities. We then sketch the design of a secure and dependable SDN control platform as a materialization of the concept here advocated. We hope that this paper will trigger discussions in the SDN community around these issues and serve as a catalyser to join efforts from the networking and security & dependability communities in the ultimate goal of building resilient control planes.
Keywords: Controllers - Dependability - SDN - Security - Threat Vectors4. CONCLUDING REMARKS
In this paper we argue for the need to consider security and dependability when designing Software Defined Networks. We have presented several threats identified in these networks as strong arguments for this need, together with a brief discussion of the mechanisms we are using in building a secure and dependable SDN control platform.
The novel concepts introduced by SDN are enabling a revolution in networking research. The know-how and good practices from several communities (databases, programming languages, systems) are being put together to help solve long-standing networking problems. We hope that this paper will trigger discussions in the SDN community around issues related to security and dependability, to serve as a catalyser of joint efforts in these critical issues.