Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Security analysis of approaches to integrate middleboxes into software defined networks

: Eggert, T.; Khondoker, R.


Institute of Electrical and Electronics Engineers -IEEE-:
3rd International Conference on Electrical Engineering and Information & Communication Technology, iCEEiCT 2016 : 22 to 24 September 2016, Dhaka, Bangladesh
Piscataway, NJ: IEEE, 2016
ISBN: 978-1-5090-2906-8
ISBN: 978-1-5090-2907-5
International Conference on Electrical Engineering and Information & Communication Technology (ICEEICT) <3, 2016, Dhaka>
Conference Paper
Fraunhofer SIT ()

Software-defined Networking (SDN) is a novel approach to manage enterprise and data center networks easily. Integration of middleboxes, which provides Network Functions (NF)s that are crucial for network security, performance and reliability, raises new challenges, for example, traversing middle-boxes in a given order makes routing more complex. Rerouted traffic flows require that the state of middleboxes that is no longer part of the route is transferred to middleboxes which becomes part of the route. Software-defined Middlebox PoLicy Enforcement (SIMPLE) and OpenNF are two approaches to integrate middleboxes in SDNs which address these challenges. Since they are responsible to enforce middlebox policies, possible design flaws in their architecture could lead to severe vulnerabilities and put security of the network at stake. Therefore, security analysis of SIMPLE and OpenNF was conducted using Microsoft's threat modeling approach called STRIDE, whose results show the threats on these approaches.