Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Security analysis of software defined networking applications for monitoring and measurement. sFlow and BigTap

: Dauer, Pascal; Khondoker, Rahamatullah; Marx, Ronald; Bayarou, Kpatcha

Fulltext urn:nbn:de:0011-n-3605625 (324 KByte PDF)
MD5 Fingerprint: ff0da8a40dc6a0a479877bbb6132ea8c
© ACM This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution.
Created on: 6.10.2015

Association for Computing Machinery -ACM-:
CFI 2015, 10th International Conference on Future Internet. Proceedings : June 8-10, 2015, Seoul, Korea
New York: ACM, 2015
ISBN: 978-1-4503-3564-5
International Conference on Future Internet (CFI) <10, 2015, Seoul>
Conference Paper, Electronic Publication
Fraunhofer SIT ()
Software Defined Networking (SDN); STRIDE; OpenFlow; sFlow; BigTap

Security is one of the most important aspects in networks which sometimes need network monitoring and measurement tools to identify the source of misbehavior and performance degradation. Monitoring and measurement tools promise to provide critical functions including an early detection of a Denial of Service (DoS) attack. To ensure the internal security of those tools, they must also be evaluated. This paper analyses two networking monitoring and measurement tools: sFlow (open source) and BigTap (commercial), by applying the STRIDE threat model. This paper concludes that sFlow relies on the correct configuration of the agent and that the deployment environment must be properly secured. BigTap comes with several security mechanisms, however, other mechanisms are required to improve its security.