Security Threats in the Data Plane of Software-Defined Networks

被引:38
|
作者
Gao, Shang [1 ]
Li, Zecheng [1 ]
Xiao, Bin [1 ]
Wei, Guiyi [2 ]
机构
[1] Hong Kong Polytech Univ, Dept Comp, Hong Kong, Hong Kong, Peoples R China
[2] Zhejiang Gongshang Univ, Sch Comp Sci & Informat Engn, Hangzhou, Zhejiang, Peoples R China
来源
IEEE NETWORK | 2018年 / 32卷 / 04期
关键词
D O I
10.1109/MNET.2018.1700283
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
SDN has enabled extensive network programmability and speedy network innovations by decoupling the control plane from the data plane. However, the separation of the two planes could also be a potential threat to the whole network. Previous approaches pointed out that attackers can launch various attacks from the data plane against SDN, such as DoS attacks, topology poisoning attacks, and side-channel attacks. To address the security issues, we present a comprehensive study of data plane attacks in SDN, and propose FlowKeeper, a common framework to build a robust data plane against different attacks. FlowKeeper enforces port control of the data plane and reduces the workload of the control plane by filtering out illegal packets. Experimental results show that FlowKeeper could be used to efficiently mitigate different kinds of attacks (i.e., DoS and topology poisoning attacks).
引用
收藏
页码:108 / 113
页数:6
相关论文
共 50 条
  • [31] Software-Defined Optical Data Centre Networks
    PENG Shuping
    GUO Bingli
    SHU Yi
    George Zervas
    Reza Nejabati
    Dimitra Simeonidou
    中国通信, 2015, 12 (08) : 1 - 9
  • [32] Securing Data Planes in Software-Defined Networks
    Chao, Tzu-Wei
    Ke, Yu-Ming
    Chen, Bo-Han
    Chen, Jhu-Lin
    Hsieh, Chen Jung
    Lee, Shao-Chuan
    Hsiao, Hsu-Chun
    2016 IEEE NETSOFT CONFERENCE AND WORKSHOPS (NETSOFT), 2016, : 465 - 470
  • [33] On Generality of the Data Plane and Scalability of the Control Plane in Software-Defined Networking
    Zuo Qingyun
    Chen Ming
    Ding Ke
    Xu Bo
    CHINA COMMUNICATIONS, 2014, 11 (02) : 55 - 64
  • [34] A New Bandwidth Management Model using Software-Defined Networking Security Threats
    Nisar, Kashif
    Jimson, Emilia Rosa
    Hijazi, Mohd Hanafi bin Ahmad
    Ibrahim, Ag Asri Ag
    Park, Yong Jin
    Welch, Ian
    2019 IEEE 13TH INTERNATIONAL CONFERENCE ON APPLICATION OF INFORMATION AND COMMUNICATION TECHNOLOGIES (AICT 2019), 2019, : 189 - 191
  • [35] Virtual Network Mapping for Multi-Domain Data Plane in Software-Defined Networks
    Zhou, Boyang
    Gao, Wen
    Zhao, Shanshan
    Lu, Xinjia
    Du, Zhong
    Wu, Chunming
    Yang, Qiang
    2014 4TH INTERNATIONAL CONFERENCE ON WIRELESS COMMUNICATIONS, VEHICULAR TECHNOLOGY, INFORMATION THEORY AND AEROSPACE & ELECTRONIC SYSTEMS (VITAE), 2014,
  • [36] Increasing fault tolerance of data plane on the internet of things using the software-defined networks
    Kiadehi, Katayoun Bakhshi
    Rahmani, Amir Masoud
    Molahosseini, Amir Sabbagh
    PEERJ COMPUTER SCIENCE, 2021,
  • [37] Lossless Reconfiguration Protocol for Multi-Domain Data Plane in Software-Defined Networks
    Zhou, Boyang
    Zhou, Haifeng
    Gao, Wen
    Hong, Xiaoyan
    Wang, Bin
    Wu, Chunming
    2014 IEEE CONFERENCE ON COMPUTER COMMUNICATIONS WORKSHOPS (INFOCOM WKSHPS), 2014, : 193 - +
  • [38] ReSDN: A Lightweight Solution for Data-plane State Recovery in Software-defined Networks
    Chen, Guan-Rong
    Li, Chi-Yu
    Wang, Kuochen
    2017 IEEE INTERNATIONAL CONFERENCE ON COMMUNICATIONS (ICC), 2017,
  • [39] CPMan: Adaptive Control Plane Management for Software-Defined Networks
    Li, Jian
    Yoo, Jae-Hyoung
    Hong, James Won-Ki
    2015 IEEE CONFERENCE ON NETWORK FUNCTION VIRTUALIZATION AND SOFTWARE DEFINED NETWORK (NFV-SDN), 2015, : 121 - 127
  • [40] Control Plane Reflection Attacks and Defenses in Software-Defined Networks
    Zhang, Menghao
    Li, Guanyu
    Xu, Lei
    Bai, Jiasong
    Xu, Mingwei
    Gu, Guofei
    Wu, Jianping
    IEEE-ACM TRANSACTIONS ON NETWORKING, 2021, 29 (02) : 623 - 636
12345