A STRIDE-based Security Architecture for Software-Defined Networking

Ruffy, Fabian; Hommel, Wolfgang; von Eye, Felix

Home // ICN 2016, The Fifteenth International Conference on Networks // View article

A STRIDE-based Security Architecture for Software-Defined Networking

Authors:
Fabian Ruffy
Wolfgang Hommel
Felix von Eye

Keywords: Software-Defined Networking; STRIDE; Security Architecture; Network Security; Security Analysis.

Abstract:
While the novelty of Software-Defined Networking (SDN) --- the separation of network control and data planes --- is appealing and simple enough to foster massive vendor support, the resulting impact on the security of communication networks infrastructures and their management may be tremendous. The paradigm change affects the entire networking architecture. It involves new IP-based management communication protocols, and introduces newly engineered, potentially immature and vulnerable implementations in both network components and SDN controllers. In this paper, the well-known STRIDE threat model is applied to the generic SDN concepts as a basis for the design of a secure SDN architecture. The key elements are presented in detail along with a discussion of potentially fundamental security flaws in the current SDN concepts.

Pages: 95 to 101

Copyright: Copyright (c) IARIA, 2016

Publication date: February 21, 2016

Published in: conference

ISSN: 2308-4413

ISBN: 978-1-61208-450-3

Location: Lisbon, Portugal

Dates: from February 21, 2016 to February 25, 2016