Security analysis of approaches to integrate middleboxes into software defined networks

2016 3rd International Conference on Electrical Engineering and Information Communication Technology (ICEEICT) Pub Date : 2016-09-01 DOI:10.1109/CEEICT.2016.7873055

Tobias Eggert, R. Khondoker

{"title":"Security analysis of approaches to integrate middleboxes into software defined networks","authors":"Tobias Eggert, R. Khondoker","doi":"10.1109/CEEICT.2016.7873055","DOIUrl":null,"url":null,"abstract":"Software-defined Networking (SDN) is a novel approach to manage enterprise and data center networks easily. Integration of middleboxes, which provides Network Functions (NF)s that are crucial for network security, performance and reliability, raises new challenges, for example, traversing middle-boxes in a given order makes routing more complex. Rerouted traffic flows require that the state of middleboxes that is no longer part of the route is transferred to middleboxes which becomes part of the route. Software-defined Middlebox PoLicy Enforcement (SIMPLE) and OpenNF are two approaches to integrate middleboxes in SDNs which address these challenges. Since they are responsible to enforce middlebox policies, possible design flaws in their architecture could lead to severe vulnerabilities and put security of the network at stake. Therefore, security analysis of SIMPLE and OpenNF was conducted using Microsoft's threat modeling approach called STRIDE, whose results show the threats on these approaches.","PeriodicalId":240329,"journal":{"name":"2016 3rd International Conference on Electrical Engineering and Information Communication Technology (ICEEICT)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 3rd International Conference on Electrical Engineering and Information Communication Technology (ICEEICT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CEEICT.2016.7873055","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Software-defined Networking (SDN) is a novel approach to manage enterprise and data center networks easily. Integration of middleboxes, which provides Network Functions (NF)s that are crucial for network security, performance and reliability, raises new challenges, for example, traversing middle-boxes in a given order makes routing more complex. Rerouted traffic flows require that the state of middleboxes that is no longer part of the route is transferred to middleboxes which becomes part of the route. Software-defined Middlebox PoLicy Enforcement (SIMPLE) and OpenNF are two approaches to integrate middleboxes in SDNs which address these challenges. Since they are responsible to enforce middlebox policies, possible design flaws in their architecture could lead to severe vulnerabilities and put security of the network at stake. Therefore, security analysis of SIMPLE and OpenNF was conducted using Microsoft's threat modeling approach called STRIDE, whose results show the threats on these approaches.

查看原文本刊更多论文

将中间件集成到软件定义网络的方法的安全性分析

软件定义网络(SDN)是一种方便管理企业和数据中心网络的新方法。中间件的集成提供了对网络安全、性能和可靠性至关重要的网络功能(NF)，但也带来了新的挑战，例如，按照给定的顺序遍历中间件会使路由变得更加复杂。重新路由的流量流要求不再属于路由一部分的中间箱的状态被转移到成为路由一部分的中间箱。软件定义的中间件策略实施(SIMPLE)和OpenNF是在sdn中集成中间件的两种方法，可以解决这些挑战。由于它们负责执行中间盒策略，因此其体系结构中可能存在的设计缺陷可能导致严重的漏洞，并危及网络的安全。因此，我们使用微软的威胁建模方法STRIDE对SIMPLE和OpenNF进行了安全分析，其结果显示了这些方法所面临的威胁。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2016 3rd International Conference on Electrical Engineering and Information Communication Technology (ICEEICT)

自引率

0.00%

发文量