Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Security analysis of software defined networking architectures - PCE, 4D and SANE

 
: Klingel, David; Khondoker, Rahamatullah; Marx, Ronald; Bayarou, Kpatcha

:
Postprint urn:nbn:de:0011-n-3238646 (703 KByte PDF)
MD5 Fingerprint: 9c7aaa09ed103a18a6f947e40fc16bd8
© ACM This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution.
Created on: 29.1.2015


Association for Computing Machinery -ACM-; Association for Computing Machinery -ACM-, Special Interest Group on Data Communication -SIGCOMM-:
AINTEC 2014, 10th Asian Internet Engineering Conference. Proceedings : November 26 - 28, 2014, Chiang Mai, Thailand
New York: ACM, 2014
ISBN: 978-1-4503-3251-4
pp.15-22
Asian Internet Engineering Conference (AINTEC) <10, 2014, Chiang Mai>
English
Conference Paper, Electronic Publication
Fraunhofer SIT ()
Software Defined Networking (SDN); STRIDE; Open-Flow; SDN security; SDN architectures; SANE; PCE; 4D

Abstract
Todays data networks are steadily growing in size and complexity. Especially in enterprise networks, these development lead to the requirement of a central network administration. With Software Defined Networking (SDN), this requirement can be fulfilled. However, new security considerations such as the protection of the central component must be taken into account. Motivated by the new security requirements that security should play a key role in SDN architectures. This paper chooses some architectures, namely, the Path Computation Element (PCE), 4D, and the Secure Architecture for the Networked Enterprise (SANE). These architectures are analyzed with respect to its security capabilities using Microsofts threat modeling technique, STRIDE. The analysis shows that architectures such as PCE and 4D are vulnerable to tampering and information disclosure as well as Denial of Service attacks. The detected threats can be mitigated by using standard technologies such as TLS and IPsec for securing the communication between interactors.

: http://publica.fraunhofer.de/documents/N-323864.html