ANCHOR: logically-centralized security for Software-Defined Networks

Software-de ned networking; SDN; non-functional properties; control plane; security; perfect forward secrecy; post-compromise security; post-compromise recovery; post-quantum secure

Résumé :

[en] Software-de ned networking (SDN) decouples the control and data planes of traditional networks, logically centralizing the functional properties of the network in the SDN controller. While this centralization brought advantages such as a faster pace of innovation, it also disrupted some of the natural defenses of traditional architectures against di erent threats. The literature on SDN has mostly been concerned with the functional side, despite some speci c works concerning non-functional properties like ‘security’ or ‘dependability’. Though addressing the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to e ciency and e ectiveness problems. We claim that the enforcement of non-functional properties as a pillar of SDN robustness calls for a systemic approach. We further advocate, for its materialization, the re-iteration of the successful formula behind SDN – ‘logical centralization’. As a general concept, we propose anchor, a subsystem architecture that promotes the logical centralization of non-functional properties. To show the e ectiveness of the concept, we focus on ‘security’ in this paper: we identify the current security gaps in SDNs and we populate the architecture middleware with the appropriate security mechanisms, in a global and consistent manner. anchor sets to provide essential security mechanisms such as strong entropy, resilient pseudo-random generators, secure device registration and association, among other crucial services. We claim and justify in the paper that centralizing such mechanisms is key for their e ectiveness, by allowing us to: de ne and enforce global policies for those properties; reduce the complexity of controllers and forwarding devices; ensure higher levels of robustness for critical services; foster interoperability of the non-functional property enforcement mechanisms; and nally, better foster the resilience of the architecture itself. We discuss design and implementation aspects, and we prove and evaluate our algorithms and mechanisms.

Centre de recherche :

Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Critical and Extreme Security and Dependability Research Group (CritiX)

Disciplines :

Sciences informatiques

Auteur, co-auteur :

KREUTZ, Diego ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

YU, Jiangshan ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Ramos, Fernando M. V.

VERISSIMO, Paulo ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Co-auteurs externes :

yes

Langue du document :

Anglais

Titre :

ANCHOR: logically-centralized security for Software-Defined Networks

Date de publication/diffusion :

2019

Titre du périodique :

ACM Transactions on Privacy and Security

ISSN :

2471-2566

eISSN :

2471-2574

Maison d'édition :

Association for Computing Machinery, New York, Etats-Unis - New York

Peer reviewed :

Peer reviewed vérifié par ORBi

Focus Area :

Computational Sciences

URL complémentaire :

http://arxiv.org/abs/1711.03636

Projet européen :

H2020 - 643964 - SUPERCLOUD - USER-CENTRIC MANAGEMENT OF SECURITY AND DEPENDABILITY IN CLOUDS OF CLOUDS

Projet FnR :

FNR8149128 - Strategic Rtnd Program On Information Infrastructure Security And Dependability, 2014 (01/01/2015-31/12/2021) - Marcus Völp

Intitulé du projet de recherche :

IIS&D - Information Infrastructure Security and Dependability

Organisme subsidiant :

FNR - Fonds National de la Recherche
CE - Commission Européenne
European Union

Disponible sur ORBilu :

depuis le 11 février 2018

Statistiques

Nombre de vues

246 (dont 38 Unilu)

Nombre de téléchargements

344 (dont 6 Unilu)

Voir plus de statistiques

citations Scopus^®

citations Scopus^®
sans auto-citations

OpenCitations

citations OpenAlex

citations WoS^™

Bibliographie

O. I. Abdullaziz, Y. J. Chen, and L. C. Wang. 2016. Lightweight authentication mechanism for software defined network using information hiding. In 2016 IEEE Global Communications Conference (GLOBECOM'16). IEEE, 1-6. DOI:https://doi.org/10.1109/GLOCOM.2016.7841954
David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin, and Paul Zimmermann. 2015. Imperfect forward secrecy: How Diffie-Hellman fails in practice. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS'15). ACM, New York, NY, 5-17. DOI:https://doi.org/10.1145/2810103.2813707
Ijaz Ahmad, Suneth Namal, Mika Ylianttila, and Andrei Gurtov. 2015. Security in software defined networks: A survey. IEEE Communications Surveys & Tutorials 17, 4 (2015), 2317-2346.
Adnan Akhunzada, Ejaz Ahmed, Abdullah Gani, Muhammad Khurram Khan, Muhammad Imran, and Sghaier Guizani. 2015. Securing software defined networks: Taxonomy, requirements, and open issues. IEEE Communications Magazine 53, 4 (2015), 36-44.
Mohammad Al-Fares, Alexander Loukissas, and Amin Vahdat. 2008. A scalable, commodity data center network architecture. SIGCOMM Comput. Commun. Rev. 38, 4 (Aug. 2008), 63-74. DOI:https://doi.org/10.1145/1402946.1402967
Martin R. Albrecht, Davide Papini, Kenneth G. Paterson, and Ricardo Villanueva-Polanco. 2000. Factoring 512-bit RSA moduli for fun (and a profit of $9,000). In Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques - EUROCRYPT 2000. Lecture Notes in Computer Science. Springer, 1-18.
A. L. Aliyu, P. Bull, and A. Abdallah. 2017. A trust management framework for network applications within an SDN environment. In 2017 31st International Conference on Advanced Information Networking and Applications Workshops (WAINA'17). IEEE, 93-98. DOI:https://doi.org/10.1109/WAINA.2017.100
R. Alvizu, G. Maier, N. Kukreja, A. Pattavina, R. Morro, A. Capello, and C. Cavazzoni. 2017. Comprehensive survey on T-SDN: Software-defined networking for transport networks. IEEE Communications Surveys Tutorials PP, 99 (2017), 1-1. DOI:https://doi.org/10.1109/COMST.2017.2715220
Anchor. 2018. Tamarin models for ANCHOR. Retrieved January 24, 2019 from http://www.jiangshanyu.com/doc/paper/ANCHOR-proof.zip.
Markku Antikainen, Tuomas Aura, and MikkoSärelä. 2014. Spook in your network: Attacking an SDN with a compromised OpenFlow switch. In Secure IT Systems, Karin Bernsmed and Simone Fischer-Hübner (Eds.). Springer International Publishing, 229-244. DOI:https://doi.org/10.1007/978-3-319-11599-3_14
R. K. Arbettu, R. Khondoker, K. Bayarou, and F. Weber. 2016. Security analysis of OpenDaylight, ONOS, Rosemary and Ryu SDN controllers. In 2016 17th International Telecommunications Network Strategy and Planning Symposium (Networks). IEEE, 37-44. DOI:https://doi.org/10.1109/NETWKS.2016.7751150
Cyril Arnaud and Pierre-Alain Fouque. 2013. Timing attack against protected RSA-CRT implementation used in PolarSSL. In Topics in Cryptology - CT-RSA 2013, Ed Dawson (Ed.). Lecture Notes in Computer Science, Vol. 7779. Springer, Berlin, 18-33. DOI:https://doi.org/10.1007/978-3-642-36095-4_2
R. Barrett, A. Facey, W. Nxumalo, J. Rogers, P. Vatcher, and M. St-Hilaire. 2017. Dynamic traffic diversion in SDN: Testbed vs mininet. In 2017 International Conference on Computing, Networking and Communications (ICNC). IEEE, 167-171. DOI:https://doi.org/10.1109/ICCNC.2017.7876121
Lawrence E. Bassham, III, Andrew L. Rukhin, Juan Soto, James R. Nechvatal, Miles E. Smid, Elaine B. Barker, Stefan D. Leigh, Mark Levenson, Mark Vangel, David L. Banks, Nathanael Alan Heckert, James F. Dray, and San Vo. 2010. SP 800-22 Rev. 1a. A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications. Technical Report. National Institute of Standards and Technology (NIST), Gaithersburg, MD.
Theophilus Benson, Aditya Akella, and David A. Maltz. 2010. Network traffic characteristics of data centers in the wild. In ACM SIGCOMM IMC. ACM, New York, NY, 267-280.
Theophilus Benson, Ashok Anand, Aditya Akella, and Ming Zhang. 2010. Understanding data center traffic characteristics. SIGCOMM Comput. Commun. Rev. 40, 1 (Jan. 2010), 92-99. DOI:https://doi.org/10.1145/1672308.1672325
Pankaj Berde, Matteo Gerola, Jonathan Hart, Yuta Higuchi, Masayoshi Kobayashi, Toshio Koide, Bob Lantz, Brian O'Connor, Pavlin Radoslavov, William Snow, et al. 2014. ONOS: Towards an open, distributed SDN OS. In Proceedings of the 3rd Workshop on Hot Topics in Software Defined Networking. ACM, 1-6.
Daniel J. Bernstein, Tanja Lange, and Peter Schwabe. 2012. The security impact of a new cryptographic library. In LATINCRYPT. Lecture Notes in Computer Science, Vol. 7533. Springer, Berlin, 159-176.
Daniel J. Bernstein. 2009. Introduction to Post-quantum Cryptography. Springer, Berlin, 1-14.
Daniel J. Bernstein, Tanja Lange, and Ruben Niederhagen. 2016. Dual EC: A standardized back door. In The New Codebreakers. Springer, 256-281.
A. Bessani, J. Sousa, and E. E. P. Alchieri. 2014. State machine replication for the masses with BFT-SMART. In 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. 355-362.
Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cédric Fournet, Markulf Kohlweiss, Alfredo Pironti, Pierre-Yves Strub, and Jean Karim Zinzindohoue. 2015. A messy state of the union: Taming the composite state machines of TLS. In 2015 IEEE Symposium on Security and Privacy (SP'15). IEEE, 535-552.
Karthikeyan Bhargavan, Barry Bond, Antoine Delignat-Lavaud, Cédric Fournet, Chris Hawblitzel, Catalin Hritcu, Samin Ishtiaq, Markulf Kohlweiss, Rustan Leino, Jay Lorch, et al. 2017. Everest: Towards a verified, drop-in replacement of HTTPS. In LIPIcs-Leibniz International Proceedings in Informatics, Vol. 71. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik.
Karthikeyan Bhargavan, Cédric Fournet, Markulf Kohlweiss, Alfredo Pironti, and Pierre-Yves Strub. 2013. Implementing TLS with verified cryptographic security. In 2013 IEEE Symposium on Security and Privacy (SP'13). IEEE, 445-459.
Kevin Bocek. 2015. Infographic: How an Attack by a Cyber-espionage Operator Bypassed Security Controls. Retrieved January 24, 2019 from https://www.venafi.com/blog/post/infographic-cyber-espionage-operatorbypassed-security-controls/.
Fábio Botelho, Tulio A. Ribeiro, Paulo Ferreira, Fernando M. V. Ramos, and Alysson Bessani. 2016. Design and implementation of a consistent data store for a distributed SDN control plane. In 2016 12th European Dependable Computing Conference (EDCC'16). IEEE, 169-180.
Billy Bob Brumley and Nicola Tuveri. 2011. Remote timing attacks are still practical. In Computer Security - ESORICS 2011. Lecture Notes in Computer Science, Vol. 6879. Springer, Berlin, 355-371.
D. Buhov, M. Huber, G. Merzdovnik, E. Weippl, and V. Dimitrova. 2015. Network security challenges in Android applications. In 2015 10th International Conference on Availability, Reliability and Security. 327-332.
C. Cachin and A. Samar. 2004. Secure distributed DNS. In International Conference on Dependable Systems and Networks, 2004. 423-432. DOI:https://doi.org/10.1109/DSN.2004.1311912
Martin Casado, Michael J. Freedman, Justin Pettit, Jianying Luo, Nick McKeown, and Scott Shenker. 2007. Ethane: Taking control of the enterprise. In ACM SIGCOM. ACM, 1-12.
Martin Casado, Tal Garfinkel, Aditya Akella, Michael J. Freedman, Dan Boneh, Nick McKeown, and Scott Shenker. 2006. SANE: A protection architecture for enterprise networks. In Proceedings of the 15th Conference on USENIX Security Symposium - Volume 15 (USENIX-SS'06). USENIX Association, Berkeley, CA, Article 10.
Po-Wen Chi, Chien-Ting Kuo, Jing-Wei Guo, and Chin-Laung Lei. 2015. How to detect a compromised SDN switch. In 1st IEEE Conference on Network Softwarization (NetSoft'15). IEEE, 1-6.
P. M. Mohan, T. Truong-Huu, and M. Gurusamy. 2018. Towards resilient in-band control path routing with malicious switch detection in SDN. In 10th International Conference on Communication Systems Networks (COMSNETS'18). 9-16. https://doi.org/10.1109/COMSNETS.2018.8328174
Yen-Chun Chiu and Po-Ching Lin. 2017. Rapid detection of disobedient forwarding on compromised OpenFlow switches. In International Conference on Computing, Networking and Communications (ICNC'17). IEEE, 672-677.
Cisco. 2014. Annual Security Report. Retrieved January 24, 2019 from https://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf.
Bob Cromwell. 2017. Massive Failures of Internet PKI. Retrieved January 24, 2019 from http://cromwell-intl.com/cybersecurity/pki-failures.html.
Marc C. Dacier, Hartmut König, Radoslaw Cwalinski, Frank Kargl, and Sven Dietrich. 2017. Security challenges and opportunities of software-defined networking. IEEE Security & Privacy 15, 2 (2017), 96-100.
Rogério Leão Santos De Oliveira, Christiane Marie Schweitzer, Ailton Akira Shinoda, and Ligia Rodrigues Prete. 2014. Using Mininet for emulation and prototyping software-defined networks. In 2014 IEEE Colombian Conference on Communications and Computing (COLCOM'14). IEEE, 1-6.
DigiCert Inc. 2017. Enabling Perfect Forward Secrecy. Retrieved January 24, 2019 from https://goo.gl/KhYtn8.
Yevgeniy Dodis, David Pointcheval, Sylvain Ruhault, Damien Vergniaud, and Daniel Wichs. 2013. Security analysis of pseudo-random number generators with input: /Dev/random is not robust. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS'13). ACM, New York, NY, 647-658. DOI:https://doi.org/ 10.1145/2508859.2516653
Chris Edwards. 2014. Researchers probe security through obscurity. Commun. ACM 57, 8 (2014), 11-13.
Manuel Egele, David Brumley, Yanick Fratantonio, and Christopher Kruegel. 2013. An empirical study of cryptographic misuse in Android applications. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS'13). ACM, New York, NY, 73-84. DOI:https://doi.org/10.1145/2508859.2516693
Shuqin Fan, Wenbo Wang, and Qingfeng Cheng. 2016. Attacking OpenSSL implementation of ECDSA with a few signatures. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS'16). ACM, 1505-1515.
Andrew D. Ferguson, Arjun Guha, Chen Liang, Rodrigo Fonseca, and Shriram Krishnamurthi. 2013. Participatory networking: An API for application control of SDNs. In Proceedings of the ACM SIGCOMM 2013 Conference on SIGCOMM (SIGCOMM'13). ACM, New York, NY, 327-338. DOI:https://doi.org/10.1145/2486001.2486003
Niels Ferguson, Bruce Schneier, and Tadayoshi Kohno. 2011. Cryptography Engineering: Design Principles and Practical Applications. John Wiley & Sons.
Ramon R. Fontes, Samira Afzal, Samuel H. B. Brito, Mateus A. S. Santos, and Christian Esteve Rothenberg. 2015. Mininet-WiFi: Emulating software-defined wireless networks. In 11th International Conference on Network and Service Management (CNSM'15). IEEE, 384-389.
Albert Greenberg, James R. Hamilton, Navendu Jain, Srikanth Kandula, Changhoon Kim, Parantap Lahiri, David A. Maltz, Parveen Patel, and Sudipta Sengupta. 2009. VL2: A scalable and flexible data center network. SIGCOMM Comput. Commun. Rev. 39, 4 (Aug. 2009), 51-62. DOI:https://doi.org/10.1145/1594977.1592576
Albert Greenberg, Parantap Lahiri, David A. Maltz, Parveen Patel, and Sudipta Sengupta. 2008. Towards a next generation data center architecture: Scalability and commoditization. In Proceedings of the ACM Workshop on Programmable Routers for Extensible Services of Tomorrow (PRESTO'08). ACM, New York, NY, 57-62.
Marcella Hastings, Joshua Fried, and Nadia Heninger. 2016. Weak keys remain widespread in network devices. In Proceedings of the 2016 ACM on Internet Measurement Conference. ACM, 49-63.
Nadia Heninger, Zakir Durumeric, Eric Wustrow, and J. Alex Halderman. 2012. Mining your Ps and Qs: Detection of widespread weak keys in network devices. In Proceedings of the 21st USENIX Conference on Security Symposium (Security'12). USENIX Association, Berkeley, CA, 35-35. http://dl.acm.org/citation.cfm?id=2362793.2362828.
Brad Hill. 2013. Failures of Trust in the Online PKI Marketplace Cannot be Fixed by “Raising the Bar” on Certificate Authority Security. Retrieved January 24, 2019 from http://csrc.nist.gov/groups/ST/ca-workshop-2013/cfp-submissions/hill_failures_to_trust.pdf.
Yu-Chi Ho, Qian-Chuan Zhao, and D. L. Pepyne. 2003. The no free lunch theorems: Complexity and security. IEEE Trans. Automat. Control 48, 5 (2003), 783-793. DOI:https://doi.org/10.1109/TAC.2003.811254
Jaap-Henk Hoepman and Bart Jacobs. 2007. Increased security through open source. Commun. ACM 50, 1 (Jan. 2007), 79-83. DOI:https://doi.org/10.1145/1188913.1188921
Hongxin Hu, Wonkyu Han, Gail-Joon Ahn, and Ziming Zhao. 2014. FLOWGUARD: Building robust firewalls for software-defined networks. In ACM SIGCOMM HotSDN. ACM, 97-102.
L. S. Huang, S. Adhikarla, D. Boneh, and C. Jackson. 2014. An experimental study of TLS forward secrecy deployments. IEEE Internet Computing 18, 6 (Nov. 2014), 43-51. DOI:https://doi.org/10.1109/MIC.2014.86
IEEE Spectrum. 2015. Special Report: 50 Years of Moore's Law. Retrieved January 24, 2019 from http://spectrum.ieee.org/static/special-report-50-years-of-moores-law.
Sushant Jain, Alok Kumar, Subhasree Mandal, Joon Ong, Leon Poutievski, Arjun Singh, Subbaiah Venkata, Jim Wanderer, Junlan Zhou, Min Zhu, Jon Zolla, Urs Hölzle, Stephen Stuart, and Amin Vahdat. 2013. B4: Experience with a globally-deployed software defined WAN. In ACM SIGCOMM. ACM, New York, NY, 3-14.
Andrzej Kamisiński and Carol Fung. 2015. FlowMon: Detecting malicious switches in software-defined networks. In SafeConfig. ACM, New York, NY, 39-45.
Naga Katta, Haoyu Zhang, Michael Freedman, and Jennifer Rexford. 2015. Ravana: Controller fault-tolerance in software-defined networking. In Proceedings of the 1st ACM SIGCOMM Symposium on Software Defined Networking Research (SOSR'15). ACM, 1-12.
Karamjeet Kaur, Japinder Singh, and Navtej Singh Ghumman. 2014. Mininet as software defined networking testing platform. In International Conference on Communication, Computing & Systems (ICCCS'14). 139-42.
Z. K. Khattak, M. Awais, and A. Iqbal. 2014. Performance evaluation of OpenDaylight SDN controller. In 20th IEEE ICPADS. IEEE, 671-676.
Soo Hyeon Kim, Daewan Han, and Dong Hoon Lee. 2013. Predictability of Android OpenSSL's pseudo random number generator. In Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS'13). ACM, New York, NY, 659-668. DOI:https://doi.org/10.1145/2508859.2516706
Timo Kiravuo, Mikko Sarela, and Jukka Manner. 2013. A survey of ethernet LAN security. IEEE Communications Surveys & Tutorials 15, 3 (2013), 1477-1491.
Gerwin Klein, Kevin Elphinstone, Gernot Heiser, June Andronick, David Cock, Philip Derrin, Dhammika Elkaduwe, Kai Engelhardt, Rafal Kolanski, Michael Norrish, Thomas Sewell, Harvey Tuch, and Simon Winwood. 2009. seL4: Formal verification of an OS kernel. In ACM SIGOPS SOSP. ACM, New York, NY, USA, 207-220.
Rowan Kloti, Vasileios Kotronis, and Paul Smith. 2013. OpenFlow: A security analysis. In 21st IEEE International Conference on Network Protocols (ICNP'13). IEEE, 1-6.
Teemu Koponen, Martin Casado, Natasha Gude, Jeremy Stribling, Leon Poutievski, Min Zhu, Rajiv Ramanathan, Yuichiro Iwata, Hiroaki Inoue, Takayuki Hama, and Scott Shenker. 2010. Onix: A distributed control platform for large-scale production networks. In OSDI. 351-364.
D. Kreutz, A. Bessani, E. Feitosa, and H. Cunha. 2014. Towards secure and dependable authentication and authorization infrastructures. In 2014 IEEE 20th Pacific Rim International Symposium on Dependable Computing. IEEE, 43-52.
Diego Kreutz, Oleksandr Malichevskyy, Eduardo Feitosa, Hugo Cunha, Rodrigo da Rosa Righi, and Douglas D. J. de Macedo. 2016. A cyber-resilient architecture for critical security services. Journal of Network and Computer Applications 63 (2016), 173-189. DOI:https://doi.org/10.1016/j.jnca.2015.09.014
D. Kreutz, F. M. V. Ramos, P. Esteves Verissimo, C. Esteve Rothenberg, S. Azodolmolky, and S. Uhlig. 2015. Software-defined networking: A comprehensive survey. Proc. IEEE 103, 1 (Jan. 2015), 14-76.
Diego Kreutz, Fernando M. V. Ramos, and Paulo Verissimo. 2013. Towards secure and dependable software-defined networks. In ACM SIGCOMM HotSDN. ACM, New York, NY, 55-60. DOI:https://doi.org/10.1145/2491185.2491199
D. Kreutz, J. Yu, P. Esteves-Verissimo, C. Magalhaes, and F. M. V. Ramos. 2017. The KISS principle in software-defined networking: An architecture for keeping it simple and secure. ArXiv e-prints (Nov. 2017). arxiv:cs.NI/1702.04294
D. Kreutz, J. Yu, P. Esteves-Verissimo, C. Magalhaes, and F. M. V. Ramos. 2018. The KISS principle in software-defined networking: A framework for secure communications. IEEE Security & Privacy 16, 5 (Sep. 2018), 60-70. https://doi.org/10.1109/MSP.2018.3761717
D. Kreutz, J. Yu, F. M. V. Ramos, and P. Esteves-Verissimo. 2017. ANCHOR: Logically-centralized security for software-defined networks. ArXiv e-prints (2017). arxiv:cs.NI/1711.03636
Bob Lantz, Brandon Heller, and Nick McKeown. 2010. A network in a laptop: Rapid prototyping for software-defined networks. In Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks. ACM, 19.
Seungsoo Lee, Changhoon Yoon, Chanhee Lee, Seungwon Shin, Vinod Yegneswaran, and Phillip Porras. 2017. DELTA: A security assessment framework for software-defined networks. In Proceedings of NDSS, Vol. 17. 1-15.
Wenjuan Li, Weizhi Meng, and Lam For Kwok. 2016. A survey on OpenFlow-based software defined networks: Security challenges and countermeasures. Journal of Network and Computer Applications 68 (2016), 126-139.
Shih-Chun Lin, Pu Wang, and Min Luo. 2016. Control traffic balancing in software defined networks. Computer Networks 106 (2016), 260-271.
Benjamin Livshits, Manu Sridharan, Yannis Smaragdakis, Ondřej Lhoták, J. Nelson Amaral, Bor-Yuh Evan Chang, Samuel Z. Guyer, Uday P. Khedker, Anders Møller, and Dimitrios Vardoulakis. 2015. In defense of soundiness: A manifesto. Commun. ACM 58, 2 (Jan. 2015), 44-46. DOI:https://doi.org/10.1145/2644805
D. Mahu, V. Dumitrel, and F. Pop. 2015. Secure entropy gatherer. In 2015 20th International Conference on Control Systems and Computer Science. 185-190. DOI:https://doi.org/10.1109/CSCS.2015.74
Konstantinos Manousakis and Georgios Ellinas. 2016. Attack-aware planning of transparent optical networks. Optical Switching and Networking 19 (2016), 97-109. DOI:https://doi.org/10.1016/j.osn.2015.03.005
G. Markowsky. 2013. Was the 2006 Debian SSL Debacle a system accident? In 2013 IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS'13), Vol. 2. IEEE, 624-629.
G. McGraw. 2004. Software security. IEEE Security Privacy 2, 2 (Mar 2004), 80-83.
MEF. 2017. MEF. Retrieved January 24, 2019 from https://www.mef.net/.
Simon Meier, Benedikt Schmidt, Cas Cremers, and David A. Basin. 2013. The TAMARIN prover for the symbolic analysis of security protocols. In CAV 2013, Saint Petersburg, Russia, July 13-19, 2013. 696-701.
Michael Mimoso. 2016. GPG PATCHES 18-YEAR-OLD LIBGCRYPT RNG BUG. Retrieved January 24, 2019 from https://goo.gl/569rgJ.
Namecheap.com. 2015. Cipher Suites Configuration (and forcing Perfect Forward Secrecy). Retrieved January 24, 2019 from https://goo.gl/TsvAKV.
David Naylor, Alessandro Finamore, Ilias Leontiadis, Yan Grunenberger, Marco Mellia, Maurizio Munafo, Konstantina Papagiannaki, Peter Steenkiste. 2014. The cost of the “S” in HTTPS. In Proceedings of the 10th ACM Conference on Emerging Networking Experiments and Technologies (CoNEXT'14). ACM, New York, NY, 7.
Roger M. Needham and Michael D. Schroeder. 1978. Using encryption for authentication in large networks of computers. Commun. ACM 21, 12 (Dec. 1978).
NIST. 2017. NIST Statistical Test Suite. Retrieved January 24, 2019 from http://csrc.nist.gov/groups/ST/toolkit/rng/documentation_software.html.
ONF. 2017. Open Networking Foundation. Retrieved January 24, 2019 from https://www.opennetworking.org/.
OpenDaylight Project. 2018. Security Considerations. Retrieved January 24, 2019 from https://goo.gl/CBDi9s.
OpenSSL.org. 2016. OpenSSL Security Advisory [10 Nov. 2016]. Retrieved January 24, 2019 from https://www.openssl.org/news/secadv/20161110.txt.
Dave Otway and Owen Rees. 1987. Efficient and timely mutual authentication. SIGOPS Oper. Syst. Rev. 21, 1 (Jan. 1987), 8-10.
Farzaneh Pakzad, Marius Portmann, Wee Lum Tan, and Jadwiga Indulska. 2016. Efficient topology discovery in OpenFlow-based software defined networks. Computer Communications 77 (2016), 52-61.
Adrian Perrig, Robert Szewczyk, J. D. Tygar, Victor Wen, and David E. Culler. 2002. SPINS: Security protocols for sensor networks. Wirel. Netw. 8, 5 (Sept. 2002), 521-534. DOI:https://doi.org/10.1023/A:1016598314198
Pica8 Inc.2018. Pica8. Retrieved January 24, 2019 from https://www.pica8.com/.
Pica8 Open Networking. 2018. PicOS Overview. Retrieved January 24, 2019 from https://goo.gl/Bvttv6.
Ponemon Institute Research. 2018. The Cost & Consequences of Security Complexity. Retrieved January 24, 2019 from https://goo.gl/R9i6Lx.
Philip Porras, Seungwon Shin, Vinod Yegneswaran, Martin Fong, Mabry Tyson, and Guofei Gu. 2012. A security enforcement kernel for OpenFlow networks. In HotSDN. ACM, 6. DOI:https://doi.org/10.1145/2342441.2342466
Phillip A. Porras, Steven Cheung, Martin W. Fong, Keith Skinner, and Vinod Yegneswaran. 2015. Securing the software defined network control layer. In NDSS. Internet Society, 1-15.
PwC, CSO magazine and CERT/CMU. 2014. US Cybercrime: Rising Risks, Reduced Readiness. Technical Report. PwC. 21 pages. Retrieved January 24, 2019 from http://www.pwc.com/us/en/increasing-it-effectiveness/publications/assets/2014-us-state-of-cybercrime.pdf.
Zafar Ayyub Qazi, Cheng-Chun Tu, Luis Chiang, Rui Miao, Vyas Sekar, and Minlan Yu. 2013. SIMPLE-fying mid-dlebox policy enforcement using SDN. In ACM SIGCOMM Computer Communication Review, Vol. 43. ACM, 27-38.
Abbas Razaghpanah, Arian Akhavan Niaki, Narseo Vallina-Rodriguez, Srikanth Sundaresan, Johanna Amann, and Phillipa Gill. 2017. Studying TLS usage in Android apps. In Proceedings of the 13th ACM Conference on Emerging Networking Experiments and Technologies (CoNEXT'17). ACM, New York, NY, 7.
Red Hat, Inc.2018. OpenShift SDN. Retrieved January 24, 2019 from https://docs.openshift.com/container-platform/3.7/architecture/networking/sdn.html.
Francisco Javier Ros and Pedro Miguel Ruiz. 2014. Five nines of southbound reliability in software-defined networks. In Proceedings of the 3rd Workshop on Hot Topics in Software Defined Networking. ACM, 31-36.
Ryu SDN Framework Community. 2018. Component-based software defined networking framework. Retrieved January 24, 2019 from https://osrg.github.io/ryu/.
Dominik Samociuk. 2015. Secure communication between OpenFlow switches and controllers. AFIN 2015 (2015), 39.
Bruce Schneier. 2012. Lousy Random Numbers Cause Insecure Public Keys. Retrieved January 24, 2019 from https://www.schneier.com/blog/archives/2012/02/lousy_random_nu.html.
Bruce Schneier. 2015. Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. W. W. Norton & Company.
S. Scott-Hayward, S. Natarajan, and S. Sezer. 2016. A survey of security in software defined networks. IEEE Communications Surveys Tutorials 18, 1 (Firstquarter 2016), 623-654. DOI:https://doi.org/10.1109/COMST.2015.2453114
Sandra Scott-Hayward, Sriram Natarajan, and Sakir Sezer. 2016. A survey of security in software defined networks. IEEE Communications Surveys & Tutorials 18, 1 (2016), 623-654.
Stefano Secci, Kamel Attou, Dung Chi Phung, Sandra Scott-Hayward, Dylan Smyth, Suchitra Vemuri, and You Wang. 2017. ONOS Security and Performance Analysis: Report No. 1. Retrieved January 24, 2019 from https://goo.gl/QhWpNr.
Y. Sheffer, R. Holz, and P. Saint-Andre. 2015. Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). RFC 7525. Retrieved January 24, 2019 from https://tools.ietf.org/html/rfc7525.
Seugwon Shin, Phillip Porras, Vinod Yegneswaran, Martin Fong, Guofei Gu, and Mabry Tyson. 2013. FRESCO: Modular composable security services for software-defined networks. In Internet Society NDSS. Internet Society, 1-16.
Seungwon Shin, Yongjoo Song, Taekyung Lee, Sangho Lee, Jaewoong Chung, Phillip Porras, Vinod Yegneswaran, Jisung Noh, and Brent Byunghoon Kang. 2014. Rosemary: A robust, secure, and high-performance network operating system. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (CCS'14). ACM, New York, NY, 78-89. https://doi.org/10.1145/2660267.2660353
Lenin Singaravelu, Calton Pu, Hermann Härtig, and Christian Helmuth. 2006. Reducing TCB complexity for security-sensitive applications: Three case studies. SIGOPS Oper. Syst. Rev. 40, 4 (April 2006), 161-174. DOI:https://doi.org/ 10.1145/1218063.1217951
Drew Springall, Zakir Durumeric, and J. Alex Halderman. 2016. Measuring the security harm of TLS crypto shortcuts. In IMC. ACM, New York, NY, USA, 33-47. DOI:https://doi.org/10.1145/2987443.2987480
Philip B. Stark. 2017. Don't Bet on your Random Number Generator. Retrieved January 24, 2019 from https://github.com/pbstark/pseudorandom/blob/master/prngLux17.ipynb.
Udo Steinberg and Bernhard Kauer. 2010. NOVA: A microhypervisor-based secure virtualization architecture. In Proceedings of the 5th European Conference on Computer Systems (EuroSys'10). ACM, New York, NY, 209-222. DOI:https://doi.org/10.1145/1755913.1755935
The OpenStack project. 2018. OpenStack. Retrieved January 24, 2019 from https://www.openstack.org/.
Apostol Vassilev and Timothy A. Hall. 2014. The importance of entropy to information security. Computer 47, 2 (2014), 78-81. DOI:https://doi.org/10.1109/MC.2014.47
Verizon. 2015. Data Breach Investigations Report. Retrieved January 24, 2019 from http://www.verizonenterprise.com/DBIR/2015/.
VMware, Inc. 2018. NSX Data Center. Retrieved January 24, 2019 from https://www.vmware.com/products/nsx.html.
T. Wan, A. Abdou, and P. C. van Oorschot. 2017. A framework and comparative analysis of control plane security of SDN and conventional networks. ArXiv e-prints (March 2017). arxiv:cs.NI/1703.06992
Shie-Yuan Wang. 2014. Comparison of SDN OpenFlow network simulator and emulators: EstiNet vs. Mininet. In IEEE Symposium on Computers and Communication (ISCC'14). IEEE, 1-6.
Dan Williams and Ricardo Koller. 2016. Unikernel monitors: Extending minimalism outside of the box. In 8th USENIX Workshop on Hot Topics in Cloud Computing (HotCloud'16). USENIX Association, 71-76.
Jiaqi Yan and Dong Jin. 2015. VT-Mininet: Virtual-time-enabled Mininet for scalable and accurate software-defined network emulation. In Proceedings of the 1st ACM SIGCOMM Symposium on Software Defined Networking Research. ACM, 27.
Frances F. Yao and YiqunLisa Yin. 2005. Design and analysis of password-based key derivation functions. In Topics in Cryptology (CT-RSA'05), Alfred Menezes (Ed.). Lecture Notes in Computer Science, Vol. 3376. Springer, Berlin, 245-261. DOI:https://doi.org/10.1007/978-3-540-30574-3_17
Yuval Yarom and Naomi Benger. 2014. Recovering OpenSSL ECDSA nonces using the FLUSH+RELOAD cache side-channel attack. IACR Cryptology ePrint Archive 2014 (2014), 140.
Changhoon Yoon, Seungsoo Lee, Heedo Kang, Taejune Park, Seungwon Shin, Vinod Yegneswaran, Phillip Porras, and Guofei Gu. 2017. Flow wars: Systemizing the attack surface and defenses in software-defined networks. IEEE/ACM Transactions on Networking 25, 6 (2017), 3514-3530.
Jiangshan Yu, Mark Ryan, and Cas Cremers. 2017. DECIM: Detecting Endpoint Compromise in Messaging. Cryptology ePrint Archive, Report 2015/486. http://eprint.iacr.org/2015/486.
Jiangshan Yu, Mark Ryan, and Cas Cremers. 2017. DECIM: Detecting endpoint compromise in messaging. IEEE Trans. Information Forensics and Security 13, 1 (Jan. 2018), 106-118. https://doi.org/10.1109/TIFS.2017.2738609
Jiangshan Yu and Mark Dermot Ryan. 2015. Device attacker models: Fact and fiction. In Security Protocols XXIII - 23rd International Workshop, Cambridge, UK, March 31 - April 2, 2015, Revised Selected Papers. 158-167.
Kim Zetter. 2015. Researchers Solve Juniper Backdoor Mystery; Signs Point to NSA. Retrieved January 24, 2019 from https://www.wired.com/2015/12/researchers-solve-the-juniper-mystery-and-they-say-its-partially-the-nsasfault/.
Y. Zhao, L. Iannone, and M. Riguidel. 2015. On the performance of SDN controllers: A reality check. In 2015 IEEE Conference on Network Function Virtualization and Software Defined Network (NFV-SDN'15). 79-85. DOI:https://doi. org/10.1109/NFV-SDN.2015.7387410
Lidong Zhou, Fred B. Schneider, and Robbert Van Renesse. 2002. COCA: A secure distributed online certification authority. ACM Trans. Comput. Syst. 20, 4 (Nov. 2002), 329-368. DOI:https://doi.org/10.1145/571637.571638
Y. Zhou and X. Jiang. 2012. Dissecting Android malware: Characterization and evolution. In 2012 IEEE Symposium on Security and Privacy. IEEE, 95-109. DOI:https://doi.org/10.1109/SP.2012.16