Towards Security in Virtualization of SDN
Authors: Wanqing You, Kai Qian, Xi He, Ying Qian
Abstract:
In this paper, the potential security issues brought by the virtualization of a Software Defined Networks (SDN) would be analyzed. The virtualization of SDN is achieved by FlowVisor (FV). With FV, a physical network is divided into multiple isolated logical networks while the underlying resources are still shared by different slices (isolated logical networks). However, along with the benefits brought by network virtualization, it also presents some issues regarding security. By examining security issues existing in an OpenFlow network, which uses FlowVisor to slice it into multiple virtual networks, we hope we can get some significant results and also can get furtherdiscussions among the security of SDN virtualization.
Keywords: FlowVisor, Network virtualization, Potential threats, Possible solutions.
Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1337445
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2120References:
[1] Rob Sherwood, Glen Gibb, Kok-kiongYap, Guido Appenzeller, Martin Casado, Nick Mckeown, and Guru Parulkar. FlowVisor: A Network Virtualization Layer.OpenFlow Switch, page 15, 2009
[2] Rowan Kloeti, OpenFlow: A Security Analysis, 2012 ftp://yosemite.ee.ethz.ch/pub/students/2012-HS/MA-2012-20_signed.pdf
[3] incntre.iu.edu/sites/default/files/FlowVisor%20Intro.pptx, accessed 2014
[4] Victor T. Costa, Luıs Henrique M. K. Costa, Vulnerability Study of FlowVisor-based Virtualized Network Environments http://www.gta.ufrj.br/wnetvirt13/papers/ts5-02.pdf
[5] Romão, Daniel, et al. "Practical security analysis of OpenFlow implementation." ,2013
[6] D. Kreutz, F. Ramos, and P. Verissimo, "Towards secure and dependable software-defined networks,” in Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking. ACM,pp. 55–60, 2013
[7] Canini, Marco, et al. "A NICE way to test OpenFlow applications." NSDI,04/2012
[8] Khurshid, Ahmed, et al. "Veriflow: Verifying network-wide invariants in real time." ACM SIGCOMM Computer Communication Review 42.4: 467-472, 2012