Security Modelling and Analysis for Software Defined Networking

Abstract

Software-defined networking (SDN) is an emerging paradigm that is garnering attention by both researchers and industries for next-generation networking. The concept of SDN separates the control logic from traditional network devices so that a network can function in a more flexible and programmable manner. This approach to networking architecture improves upon conventional networks in terms of scalability, security, and availability. While remarkable enhancements may be attained in network security through centralization and programmability, these two views can also attract a new level of threats and attacks. In this thesis, we provide a clear perspective of the working of SDN and an open interface protocol called OpenFlow. An overview of security threats related to individual SDN planes (application layer, control plane, and data plane) are analysed using STRIDE and attack tree modelling methods. Thereafter, appropriatesecurity recommendations and mitigation techniques are provided. Then, security solutions for securing each of the planes are described, followed by multiple security approaches and principles for network-wide security in SDN.