A comprehensive security assessment framework for software-defined networks

A comprehensive security assessment framework for software-defined networks

As Software-Defined Networking (SDN) is getting popular, its security issue is being magnified as a new controversy, and this trend can be found from recent studies of presenting possible security vulnerabilities in SDN. Understanding the attack surface of SDN is necessary, and it is the starting po...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computers & security 2020-04, Vol.91, p.101720-15, Article 101720
Hauptverfasser: Lee, Seungsoo, Kim, Jinwoo, Woo, Seungwon, Yoon, Changhoon, Scott-Hayward, Sandra, Yegneswaran, Vinod, Porras, Phillip, Shin, Seungwon
Format: Artikel
Sprache:eng
Schlagworte:
Cybersecurity
Network security
Penetration testing
Security
Software testing
Software-Defined Networking
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 15
container_issue
container_start_page 101720
container_title Computers & security
container_volume 91
creator Lee, Seungsoo
Kim, Jinwoo
Woo, Seungwon
Yoon, Changhoon
Scott-Hayward, Sandra
Yegneswaran, Vinod
Porras, Phillip
Shin, Seungwon
description As Software-Defined Networking (SDN) is getting popular, its security issue is being magnified as a new controversy, and this trend can be found from recent studies of presenting possible security vulnerabilities in SDN. Understanding the attack surface of SDN is necessary, and it is the starting point to make it more secure. However, most existing studies depend on empirical methods in different environments, and thus they have stopped short of converging on a systematic methodology or developing automated systems to rigorously test for security flaws in SDNs. Therefore, we need to disclose any possible attack scenarios in diverse SDN environments and examine how these attacks operate in those environments. Inspired by the necessity for disclosing the vulnerabilities in diverse SDN operating scenarios, we suggest an SDN penetration tool, DELTA, to regenerate known attack scenarios in diverse test cases. Furthermore, DELTA can even provide a chance of discovering unknown security problems in SDN by employing a fuzzing module. In our evaluation, DELTA successfully reproduced 26 known attack scenarios, across diverse SDN controller environments, and also discovered 9 novel SDN application mislead attacks.
doi_str_mv 10.1016/j.cose.2020.101720
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2434467685</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0167404820300079</els_id><sourcerecordid>2434467685</sourcerecordid><originalsourceid>FETCH-LOGICAL-c372t-6dd55ca8135ea76d8ac1c2f3523e6bb8835c756c1c619db653beb0ab2932f55b3</originalsourceid><addsrcrecordid>eNp9kMtOwzAQRS0EEqXwA6wisU7xI3ZciU1V8RKV2MDacuyxcCBxsdNW_XscwprVSHfOncdF6JrgBcFE3LYLExIsKKa_Qk3xCZoRWdNSUCxP0SxDdVnhSp6ji5RanBkh5Qy9rAoTum2ED-iT30ORwOyiH46FTglS6qAfChd1B4cQPwsXYpGCGw46QmnB-R5s0cMwNtMlOnP6K8HVX52j94f7t_VTuXl9fF6vNqVhNR1KYS3nRkvCOOhaWKkNMdQxThmIppGScVNzkUVBlrYRnDXQYN3QJaOO84bN0c00dxvD9w7SoNqwi31eqWjFqkrk13im6ESZGFKK4NQ2-k7HoyJYjaGpVo2hqTE0NYWWTXeTCfL9ew9RJeOhN2B9BDMoG_x_9h-wM3Zx</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2434467685</pqid></control><display><type>article</type><title>A comprehensive security assessment framework for software-defined networks</title><source>ScienceDirect Journals (5 years ago - present)</source><creator>Lee, Seungsoo ; Kim, Jinwoo ; Woo, Seungwon ; Yoon, Changhoon ; Scott-Hayward, Sandra ; Yegneswaran, Vinod ; Porras, Phillip ; Shin, Seungwon</creator><creatorcontrib>Lee, Seungsoo ; Kim, Jinwoo ; Woo, Seungwon ; Yoon, Changhoon ; Scott-Hayward, Sandra ; Yegneswaran, Vinod ; Porras, Phillip ; Shin, Seungwon</creatorcontrib><description>As Software-Defined Networking (SDN) is getting popular, its security issue is being magnified as a new controversy, and this trend can be found from recent studies of presenting possible security vulnerabilities in SDN. Understanding the attack surface of SDN is necessary, and it is the starting point to make it more secure. However, most existing studies depend on empirical methods in different environments, and thus they have stopped short of converging on a systematic methodology or developing automated systems to rigorously test for security flaws in SDNs. Therefore, we need to disclose any possible attack scenarios in diverse SDN environments and examine how these attacks operate in those environments. Inspired by the necessity for disclosing the vulnerabilities in diverse SDN operating scenarios, we suggest an SDN penetration tool, DELTA, to regenerate known attack scenarios in diverse test cases. Furthermore, DELTA can even provide a chance of discovering unknown security problems in SDN by employing a fuzzing module. In our evaluation, DELTA successfully reproduced 26 known attack scenarios, across diverse SDN controller environments, and also discovered 9 novel SDN application mislead attacks.</description><identifier>ISSN: 0167-4048</identifier><identifier>EISSN: 1872-6208</identifier><identifier>DOI: 10.1016/j.cose.2020.101720</identifier><language>eng</language><publisher>Amsterdam: Elsevier Ltd</publisher><subject>Cybersecurity ; Network security ; Penetration testing ; Security ; Software testing ; Software-Defined Networking</subject><ispartof>Computers &amp; security, 2020-04, Vol.91, p.101720-15, Article 101720</ispartof><rights>2020</rights><rights>Copyright Elsevier Sequoia S.A. Apr 2020</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c372t-6dd55ca8135ea76d8ac1c2f3523e6bb8835c756c1c619db653beb0ab2932f55b3</citedby><cites>FETCH-LOGICAL-c372t-6dd55ca8135ea76d8ac1c2f3523e6bb8835c756c1c619db653beb0ab2932f55b3</cites><orcidid>0000-0002-0330-1963 ; 0000-0003-1303-8668</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://dx.doi.org/10.1016/j.cose.2020.101720$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>314,780,784,3550,27924,27925,45995</link.rule.ids></links><search><creatorcontrib>Lee, Seungsoo</creatorcontrib><creatorcontrib>Kim, Jinwoo</creatorcontrib><creatorcontrib>Woo, Seungwon</creatorcontrib><creatorcontrib>Yoon, Changhoon</creatorcontrib><creatorcontrib>Scott-Hayward, Sandra</creatorcontrib><creatorcontrib>Yegneswaran, Vinod</creatorcontrib><creatorcontrib>Porras, Phillip</creatorcontrib><creatorcontrib>Shin, Seungwon</creatorcontrib><title>A comprehensive security assessment framework for software-defined networks</title><title>Computers &amp; security</title><description>As Software-Defined Networking (SDN) is getting popular, its security issue is being magnified as a new controversy, and this trend can be found from recent studies of presenting possible security vulnerabilities in SDN. Understanding the attack surface of SDN is necessary, and it is the starting point to make it more secure. However, most existing studies depend on empirical methods in different environments, and thus they have stopped short of converging on a systematic methodology or developing automated systems to rigorously test for security flaws in SDNs. Therefore, we need to disclose any possible attack scenarios in diverse SDN environments and examine how these attacks operate in those environments. Inspired by the necessity for disclosing the vulnerabilities in diverse SDN operating scenarios, we suggest an SDN penetration tool, DELTA, to regenerate known attack scenarios in diverse test cases. Furthermore, DELTA can even provide a chance of discovering unknown security problems in SDN by employing a fuzzing module. In our evaluation, DELTA successfully reproduced 26 known attack scenarios, across diverse SDN controller environments, and also discovered 9 novel SDN application mislead attacks.</description><subject>Cybersecurity</subject><subject>Network security</subject><subject>Penetration testing</subject><subject>Security</subject><subject>Software testing</subject><subject>Software-Defined Networking</subject><issn>0167-4048</issn><issn>1872-6208</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2020</creationdate><recordtype>article</recordtype><recordid>eNp9kMtOwzAQRS0EEqXwA6wisU7xI3ZciU1V8RKV2MDacuyxcCBxsdNW_XscwprVSHfOncdF6JrgBcFE3LYLExIsKKa_Qk3xCZoRWdNSUCxP0SxDdVnhSp6ji5RanBkh5Qy9rAoTum2ED-iT30ORwOyiH46FTglS6qAfChd1B4cQPwsXYpGCGw46QmnB-R5s0cMwNtMlOnP6K8HVX52j94f7t_VTuXl9fF6vNqVhNR1KYS3nRkvCOOhaWKkNMdQxThmIppGScVNzkUVBlrYRnDXQYN3QJaOO84bN0c00dxvD9w7SoNqwi31eqWjFqkrk13im6ESZGFKK4NQ2-k7HoyJYjaGpVo2hqTE0NYWWTXeTCfL9ew9RJeOhN2B9BDMoG_x_9h-wM3Zx</recordid><startdate>202004</startdate><enddate>202004</enddate><creator>Lee, Seungsoo</creator><creator>Kim, Jinwoo</creator><creator>Woo, Seungwon</creator><creator>Yoon, Changhoon</creator><creator>Scott-Hayward, Sandra</creator><creator>Yegneswaran, Vinod</creator><creator>Porras, Phillip</creator><creator>Shin, Seungwon</creator><general>Elsevier Ltd</general><general>Elsevier Sequoia S.A</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>K7.</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><orcidid>https://orcid.org/0000-0002-0330-1963</orcidid><orcidid>https://orcid.org/0000-0003-1303-8668</orcidid></search><sort><creationdate>202004</creationdate><title>A comprehensive security assessment framework for software-defined networks</title><author>Lee, Seungsoo ; Kim, Jinwoo ; Woo, Seungwon ; Yoon, Changhoon ; Scott-Hayward, Sandra ; Yegneswaran, Vinod ; Porras, Phillip ; Shin, Seungwon</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c372t-6dd55ca8135ea76d8ac1c2f3523e6bb8835c756c1c619db653beb0ab2932f55b3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2020</creationdate><topic>Cybersecurity</topic><topic>Network security</topic><topic>Penetration testing</topic><topic>Security</topic><topic>Software testing</topic><topic>Software-Defined Networking</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Lee, Seungsoo</creatorcontrib><creatorcontrib>Kim, Jinwoo</creatorcontrib><creatorcontrib>Woo, Seungwon</creatorcontrib><creatorcontrib>Yoon, Changhoon</creatorcontrib><creatorcontrib>Scott-Hayward, Sandra</creatorcontrib><creatorcontrib>Yegneswaran, Vinod</creatorcontrib><creatorcontrib>Porras, Phillip</creatorcontrib><creatorcontrib>Shin, Seungwon</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Criminal Justice (Alumni)</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Computers &amp; security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Lee, Seungsoo</au><au>Kim, Jinwoo</au><au>Woo, Seungwon</au><au>Yoon, Changhoon</au><au>Scott-Hayward, Sandra</au><au>Yegneswaran, Vinod</au><au>Porras, Phillip</au><au>Shin, Seungwon</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A comprehensive security assessment framework for software-defined networks</atitle><jtitle>Computers &amp; security</jtitle><date>2020-04</date><risdate>2020</risdate><volume>91</volume><spage>101720</spage><epage>15</epage><pages>101720-15</pages><artnum>101720</artnum><issn>0167-4048</issn><eissn>1872-6208</eissn><abstract>As Software-Defined Networking (SDN) is getting popular, its security issue is being magnified as a new controversy, and this trend can be found from recent studies of presenting possible security vulnerabilities in SDN. Understanding the attack surface of SDN is necessary, and it is the starting point to make it more secure. However, most existing studies depend on empirical methods in different environments, and thus they have stopped short of converging on a systematic methodology or developing automated systems to rigorously test for security flaws in SDNs. Therefore, we need to disclose any possible attack scenarios in diverse SDN environments and examine how these attacks operate in those environments. Inspired by the necessity for disclosing the vulnerabilities in diverse SDN operating scenarios, we suggest an SDN penetration tool, DELTA, to regenerate known attack scenarios in diverse test cases. Furthermore, DELTA can even provide a chance of discovering unknown security problems in SDN by employing a fuzzing module. In our evaluation, DELTA successfully reproduced 26 known attack scenarios, across diverse SDN controller environments, and also discovered 9 novel SDN application mislead attacks.</abstract><cop>Amsterdam</cop><pub>Elsevier Ltd</pub><doi>10.1016/j.cose.2020.101720</doi><tpages>15</tpages><orcidid>https://orcid.org/0000-0002-0330-1963</orcidid><orcidid>https://orcid.org/0000-0003-1303-8668</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 0167-4048
ispartof Computers & security, 2020-04, Vol.91, p.101720-15, Article 101720
issn 0167-4048
1872-6208
language eng
recordid cdi_proquest_journals_2434467685
source ScienceDirect Journals (5 years ago - present)
subjects Cybersecurity
Network security
Penetration testing
Security
Software testing
Software-Defined Networking
title A comprehensive security assessment framework for software-defined networks
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-05T17%3A21%3A35IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20comprehensive%20security%20assessment%20framework%20for%20software-defined%20networks&rft.jtitle=Computers%20&%20security&rft.au=Lee,%20Seungsoo&rft.date=2020-04&rft.volume=91&rft.spage=101720&rft.epage=15&rft.pages=101720-15&rft.artnum=101720&rft.issn=0167-4048&rft.eissn=1872-6208&rft_id=info:doi/10.1016/j.cose.2020.101720&rft_dat=%3Cproquest_cross%3E2434467685%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2434467685&rft_id=info:pmid/&rft_els_id=S0167404820300079&rfr_iscdi=true