Security in SDN: A comprehensive survey
Cargando...
Compartir
Fecha
Título de la revista
ISSN de la revista
Título del volumen
Editor
Academic Press
Resumen
Descripción
Software Defined Networking (SDN) is a revolutionary paradigm that is maturing along with other network technologies in the next-gen trend. The separation of control and data planes in SDN enables the emergence of novel network features like centralized flow management and network programmability that encourage the introduction of new and enhanced network functions in order to improve prominent network deployment aspects such as flexibility, scalability, network-wide visibility and cost-effectiveness. Although SDN exhibits a rapid evolution that is shaping this technology as a key enabler for future implementations in heterogeneous network scenarios, namely, datacenters, ISPs, corporate, academic and home; the technology is far from being considered secure and dependable to this day which inhibits its agile adoption. In recent years, the scientific community has been attracted to explore the field of SDN security to close the gap to SDN adoption. A twofold research context has been identified: on the one hand, leveraging SDN features to enhance security; while on the other hand one can find the pursue of a secure SDN system architecture. This article includes a description of security threats that menace SDN and a list of attacks that take advantage of vulnerabilities and misconfigurations in SDN constitutive elements. Accordingly, a discussion emphasizing the duality SDN-for-security and SDN-security is also presented. A comprehensive review of state-of-the art is accompanied by a categorization of the current research literature in a taxonomy that highlights the main characteristics and contributions of each proposal. Finally, the identified urgent needs and less explored topics are used to outline the opportunities and future challenges in the field of SDN security. © 2020 Elsevier Ltd
Palabras clave
Attack detection, Forensics, Network applications, Network monitoring, Network security, Openflow, Programmable networks, Security threats, Software defined networking, Threats mitigation, Traffic inspection, Virtualized network functions, Vulnerabilities, Application programs, Cost effectiveness, Heterogeneous networks, Information management, Network function virtualization, Security systems, Software defined networking, Transfer functions, Attack detection, Forensics, Network applications, Network functions, Network Monitoring, Openflow, Programmable network, Security threats, Threats mitigations, Vulnerabilities, Network security