Network security analyzing and modeling based on Petri net and Attack tree for SDN

Abstract

Due to the widespread research on Software Defined Networks (SDNs), its security has received much attention recently. But most of those attempts consider SDN security from the OpenFlow perspective. To the best of our knowledge, none so far has paid attention to the security analysis and modeling of Forwarding and Control planes Separation Network Structure (FCSNS) in SDN. Therefore, this paper provides a different approach to network security based on Petri net and Attack tree models. Our objective is to analyze the FCSNS security via the combination of model and state. This method represents the network structure and state transferring by way of Petri net. In addition, it introduces the security analysis method of STRIDE to build up the Attack tree model. Finally, we analyze FCSNS via the combination of Petri net and Attack tree model and present the results. Our results are very promising in using such models to achieve such security objectives.