Security in SDN: A comprehensive survey

Juan Camilo Correa Chica, Jenny Cuatindioy Imbachi, Juan Felipe Botero Vega

Research output: Contribution to journalReview article

Abstract

Software Defined Networking (SDN) is a revolutionary paradigm that is maturing along with other network technologies in the next-gen trend. The separation of control and data planes in SDN enables the emergence of novel network features like centralized flow management and network programmability that encourage the introduction of new and enhanced network functions in order to improve prominent network deployment aspects such as flexibility, scalability, network-wide visibility and cost-effectiveness. Although SDN exhibits a rapid evolution that is shaping this technology as a key enabler for future implementations in heterogeneous network scenarios, namely, datacenters, ISPs, corporate, academic and home; the technology is far from being considered secure and dependable to this day which inhibits its agile adoption. In recent years, the scientific community has been attracted to explore the field of SDN security to close the gap to SDN adoption. A twofold research context has been identified: on the one hand, leveraging SDN features to enhance security; while on the other hand one can find the pursue of a secure SDN system architecture. This article includes a description of security threats that menace SDN and a list of attacks that take advantage of vulnerabilities and misconfigurations in SDN constitutive elements. Accordingly, a discussion emphasizing the duality SDN-for-security and SDN-security is also presented. A comprehensive review of state-of-the art is accompanied by a categorization of the current research literature in a taxonomy that highlights the main characteristics and contributions of each proposal. Finally, the identified urgent needs and less explored topics are used to outline the opportunities and future challenges in the field of SDN security.

Original languageEnglish
Article number102595
JournalJournal of Network and Computer Applications
Volume159
DOIs
StatePublished - 1 Jun 2020

Keywords

  • Attack detection
  • Forensics
  • Network applications
  • Network monitoring
  • Network security
  • Openflow
  • Programmable networks
  • Security threats
  • Software defined networking
  • Threats mitigation
  • Traffic inspection
  • Virtualized network functions
  • Vulnerabilities

Fingerprint Dive into the research topics of 'Security in SDN: A comprehensive survey'. Together they form a unique fingerprint.

  • Cite this