5 CONCLUSIONS
Using SDN in DC environments facilitates the utili-
sation of cloud applications for multiple users. The
emerging architecture enables a dynamic, manage-
able, and adaptable network solution by decoupling
the control from the data plane. However, it also poses
new network security challenges.
In this paper we presented an SDN security eval-
uation framework and showed how it can be used
to identify SDN threats and vulnerability including
a risk and impact analysis. Once a security threat
has been identified, the correlation mapping within
the framework directly indicates which vulnerability
caused the threat and which countermeasure can be
applied to mitigate it. Furthermore, the CVSS scoring
shows the impact severity of the threat on the DC en-
vironment if countermeasures are not applied. In case
a security flaw has been identified which is not men-
tioned in the evaluation framework, it still provides all
necessary models, tools, and procedures to facilitate
the extension of the correlation mapping and classi-
fication of the impact. The presented framework en-
ables network administrators to evaluate, classify and
enhance security of their SDN-based DC networks.
In future work, the SDN threat and vulnerability
analysis will be enhanced by adding a complete list
of attack scenarios. Due to the enormous number of
possible attacks per threat, a complete list would pro-
vide more insights into their technical realisation and
help to provide mitigating solutions. Furthermore, we
plan to increase the accuracy of the CVSS scoring by
comparing long and short-term severity impacts on
DC environments. We aim at answering the ques-
tions, whether attacks that affect the functionality of
an SDN for a short period of time are more harm-
ful compared to attacks that longer remain undetected
(e.g., eavesdropping on sensitive data). In future work
we will provide an answer to this question by intro-
ducing an additional metric to the CVSS model to
evaluate the impact of long- and short-term effects on
DC environments.
REFERENCES
Al-Saghier, H. (2019). Attack on sdn infrastructure and se-
curity measures. Journal of Engineering and Applied
Sciences, 6(2).
Anisetti, M., Ardagna, C. A., Bena, N., and Foppiani, A.
(2021). An assurance-based risk management frame-
work for distributed systems. In 2021 IEEE Interna-
tional Conference on Web Services (ICWS). IEEE.
Bilal, K., Khan, S. U., Kolodziej, J., Zhang, L., Hayat, K.,
Madani, S. A., Min-Allah, N., Wang, L., and Chen, D.
(2012). A comparative study of data center network
architectures. In ECMS, pages 526–532.
Cabaj, K., Wytrebowicz, J., Kuklinski, S., Radziszewski,
P., and Dinh, K. T. (2014). Sdn architecture impact on
network security. In FedCSIS (Position Papers).
Chica, J. C. C., Imbachi, J. C., and Vega, J. F. B. (2020).
Security in sdn: A comprehensive survey. Journal of
Network and Computer Applications, 159:102595.
Eswaraprasad, R. and Raja, L. (2017). A review of vir-
tual machine (vm) resource scheduling algorithms in
cloud computing environment. Journal of Statistics
and Management Systems, 20(4):703–711.
Fawcett, L., Scott-Hayward, S., Broadbent, M., Wright, A.,
and Race, N. (2018). Tennison: A distributed sdn
framework for scalable network security. IEEE Jour-
nal on Selected Areas in Communications.
Iqbal, M., Iqbal, F., Mohsin, F., Rizwan, M., and Ahmad, F.
(2019). Security issues in software defined network-
ing (sdn): Risks, challenges and potential solutions.
International Journal of Advanced Computer Science
and Applications, 10(10).
Jiasi, W., Jian, W., Jia-Nan, L., and Yue, Z. (2019). Secure
software-defined networking based on blockchain.
arXiv preprint arXiv:1906.04342.
Kaur, K., Singh, J., and Ghumman, N. S. (2014). Mininet as
software defined networking testing platform. In In-
ternational conference on communication, computing
& systems (ICCCS), pages 139–42.
Kreutz, D., Ramos, F. M., and Verissimo, P. (2013). To-
wards secure and dependable software-defined net-
works. In Proceedings of the second ACM SIGCOMM
workshop on Hot topics in SDN, pages 55–60.
Lasserre, M. and Kompella, V. (2007). Virtual private lan
service (vpls) using label distribution protocol (ldp)
signaling. Technical report.
Prathima Mabel, J., Vani, K., and Rama Mohan Babu, K.
(2019). Sdn security: challenges and solutions. In
Emerging Research in Electronics, Computer Science
and Technology, pages 837–848. Springer.
Ruffy, F., Hommel, W., and von Eye, F. (2016). A stride-
based security architecture for software-defined net-
working. ICN 2016, page 107.
Scott-Hayward, S., O’Callaghan, G., and Sezer, S. (2013).
Sdn security: A survey. In 2013 IEEE SDN For Future
Networks and Services (SDN4FNS), pages 1–7. IEEE.
Shaghaghi, A., Kaafar, M. A., Buyya, R., and Jha, S.
(2020). Software-defined network (sdn) data plane se-
curity: issues, solutions, and future directions. Hand-
book of Computer Networks and Cyber Security.
Sjoholmsierchio, M., Hale, B., Lukaszewski, D., and Xie,
G. (2021). Strengthening sdn security: Protocol di-
alecting and downgrade attacks. In 2021 IEEE 7th
International Conference on Network Softwarization
(NetSoft), pages 321–329. IEEE.
UcedaVelez, T. and Morana, M. M. (2015). Risk Centric
Threat Modeling: process for attack simulation and
threat analysis. John Wiley & Sons.
Varadharajan, V., Karmakar, K., Tupakula, U., and
Hitchens, M. (2018). A policy-based security archi-
tecture for software-defined networks. IEEE Transac-
tions on Information Forensics and Security.
CLOSER 2023 - 13th International Conference on Cloud Computing and Services Science
286