SDN Architecture Impact on Network Security
Krzysztof Cabaj, Jacek Wytrębowicz, Sławomir Kukliński, Paweł Radziszewski, Khoa Truong Dinh
DOI: http://dx.doi.org/10.15439/2014F473
Citation: Position Papers of the 2014 Federated Conference on Computer Science and Information Systems, M. Ganzha, L. Maciaszek, M. Paprzycki (eds). ACSIS, Vol. 3, pages 143–148 (2014)
Abstract. The Software Defined Networking (SDN) paradigm introduces separation of data and control planes for flow-switched networks and enables different approaches to network security than those that exists in IP networks. The control plane in SDN is logically centralized. The network devices, i.e. switches have only possibility to communicate with the controller via control protocols like OpenFlow. The controller on the other hand may interact with applications. In effect new security services can be implemented as applications or inside SDN controller. In fact network operations are centralized what impacts security mechanisms implementation. Due to the fact that all unknown traffic must be transmitted for investigation to the controller, maliciously crafted traffic can lead to DoS attack on it. In this paper we analyse features of SDN in the context of security application. Additionally we point out some aspects of SDN networks that, if changed, could improve SDN network security capabilities