Title :
A comprehensive security architecture for SDN
Author :
Zhiyuan Hu ; Mingwen Wang ; Xueqiang Yan ; Yueming Yin ; Zhigang Luo
Author_Institution :
Alcatel-Lucent Shanghai Bell Co., Ltd., Shanghai, China
Abstract :
SDN enables the administrators to configure network resources very quickly and to adjust network-wide traffic flow to meet changing needs dynamically. However, there are some challenges for implementing a full-scale carrier SDN. One of the most important challenges is SDN security, which is beginning to receive attention. With new SDN architecture, some security threats are common to traditional networking, but the profile of these threats (including their likelihood and impact and hence their overall risk level) changes. Moreover, there are some new security challenges such as bypassing predefined mandatory policies by overwriting flow entries and data eavesdropping by inserting fraudulent flow entries. This paper is to design open-flow specific security solutions and propose a comprehensive security architecture to provide security services such as enforcing mandatory network policy correctly and receiving network policy securely for SDN in order to solve these common security issues and new security challenges. It can also help the developers to implement security functions to provide security services when developing the SDN controller.
Keywords :
data communication; software radio; telecommunication security; telecommunication traffic; SDN architecture; SDN controller; SDN security; comprehensive security architecture; data eavesdropping; fraudulent flow entries; mandatory policies; network-wide traffic flow; security architecture; security functions; security issues; security services; Authorization; Communication networks; Control systems; Monitoring; Protocols; Transportation; SDN; Security Architecture;
Conference_Titel :
Intelligence in Next Generation Networks (ICIN), 2015 18th International Conference on
Conference_Location :
Paris
DOI :
10.1109/ICIN.2015.7073803
