{"title":"祝福还是诅咒?回顾软件定义网络的安全方面","authors":"Lisa Schehlmann, Sebastian Abt, Harald Baier","doi":"10.1109/CNSM.2014.7014199","DOIUrl":null,"url":null,"abstract":"Software-Defined Networking (SDN) is an emerging technology, physically separating data and control planes of network devices. From a security point of view SDN has two sides. First, it enables network security functions by design, because traffic flows can be redirected or filtered based on packet content or application layer state - functionality, which to date requires additional network security devices like fire-walls, intrusion detection systems or spam filters in conventional networks. On the other hand, due to physical separation of planes, SDN possibly offers additional attack vectors compared to traditional network architectures, which may severely impact overall network availability as well as confidentiality, authenticity, integrity and consistency of network traffic and control data. In this paper, we discuss and balance security provided by SDN with security threats of SDN also in respect of traditional networks. We develop an evaluation methodology for both sides and show that from a security point of view SDN is a blessing for today's and future network design and operation.","PeriodicalId":268334,"journal":{"name":"10th International Conference on Network and Service Management (CNSM) and Workshop","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"65","resultStr":"{\"title\":\"Blessing or curse? Revisiting security aspects of Software-Defined Networking\",\"authors\":\"Lisa Schehlmann, Sebastian Abt, Harald Baier\",\"doi\":\"10.1109/CNSM.2014.7014199\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Software-Defined Networking (SDN) is an emerging technology, physically separating data and control planes of network devices. From a security point of view SDN has two sides. First, it enables network security functions by design, because traffic flows can be redirected or filtered based on packet content or application layer state - functionality, which to date requires additional network security devices like fire-walls, intrusion detection systems or spam filters in conventional networks. On the other hand, due to physical separation of planes, SDN possibly offers additional attack vectors compared to traditional network architectures, which may severely impact overall network availability as well as confidentiality, authenticity, integrity and consistency of network traffic and control data. In this paper, we discuss and balance security provided by SDN with security threats of SDN also in respect of traditional networks. We develop an evaluation methodology for both sides and show that from a security point of view SDN is a blessing for today's and future network design and operation.\",\"PeriodicalId\":268334,\"journal\":{\"name\":\"10th International Conference on Network and Service Management (CNSM) and Workshop\",\"volume\":\"29 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"65\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"10th International Conference on Network and Service Management (CNSM) and Workshop\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CNSM.2014.7014199\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"10th International Conference on Network and Service Management (CNSM) and Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CNSM.2014.7014199","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Blessing or curse? Revisiting security aspects of Software-Defined Networking
Software-Defined Networking (SDN) is an emerging technology, physically separating data and control planes of network devices. From a security point of view SDN has two sides. First, it enables network security functions by design, because traffic flows can be redirected or filtered based on packet content or application layer state - functionality, which to date requires additional network security devices like fire-walls, intrusion detection systems or spam filters in conventional networks. On the other hand, due to physical separation of planes, SDN possibly offers additional attack vectors compared to traditional network architectures, which may severely impact overall network availability as well as confidentiality, authenticity, integrity and consistency of network traffic and control data. In this paper, we discuss and balance security provided by SDN with security threats of SDN also in respect of traditional networks. We develop an evaluation methodology for both sides and show that from a security point of view SDN is a blessing for today's and future network design and operation.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
