Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Security Analysis of SDN Routing Applications

: Sagare, A.A.; Khondoker, R.


Khondoker, R.:
SDN and NFV Security. Security Analysis of Software-Defined Networking and Network Function Virtualization
Cham: Springer International Publishing, 2018 (Lecture Notes in Networks and Systems 30)
ISBN: 978-3-319-71760-9 (Print)
ISBN: 978-3-319-71761-6 (Online)
Book Article
Fraunhofer SIT ()

With the steady increase in the information and high network resource sharing, organizations require big data centers. To control the workload in the data centers and minimize the response time, effective load-balancing systems are necessary. The routing applications play an important role here. Some routing applications based on Software Defined Networking (SDN) like Plug-n-Serve , Hedera, ElasticTree suggest an efficient way to handle such a traffic load in the data centers. Centralised routing makes it possible to adjust the network elements like switches, ports, links dynamically as per the traffic load. The routing application takes control of data flow management in the data center system, finds a non-conflicting way for the flow and instructs the switches accordingly. Security of routing applications is important. If an attacker takes control over the data flow routing or scheduling, it can result in forwarding traffic to the servers/switches which are controlled by the attackers. The attacker can even shut down the data center system as some data centers may rely totally on routing application for data flow management. In this paper, several SDN routing applications are compared and detail analysis of two applications Plug-n-Serve and ElasticTree are performed. The architecture of these applications is explained and the security analysis is done using a threat analysis tool called STRIDE . We suggest some mitigation techniques for the well known threats like spoofing , tampering, repudiation etc. and also check if the application has an in-built countermeasure against these threats. In this paper, we describe how ElasticTree application by design provides some mitigation techniques against the threats and the mitigation techniques that the Plug-n-Serve application could use to avoid the threats.