{"title":"将中间件集成到软件定义网络的方法的安全性分析","authors":"Tobias Eggert, R. Khondoker","doi":"10.1109/CEEICT.2016.7873055","DOIUrl":null,"url":null,"abstract":"Software-defined Networking (SDN) is a novel approach to manage enterprise and data center networks easily. Integration of middleboxes, which provides Network Functions (NF)s that are crucial for network security, performance and reliability, raises new challenges, for example, traversing middle-boxes in a given order makes routing more complex. Rerouted traffic flows require that the state of middleboxes that is no longer part of the route is transferred to middleboxes which becomes part of the route. Software-defined Middlebox PoLicy Enforcement (SIMPLE) and OpenNF are two approaches to integrate middleboxes in SDNs which address these challenges. Since they are responsible to enforce middlebox policies, possible design flaws in their architecture could lead to severe vulnerabilities and put security of the network at stake. Therefore, security analysis of SIMPLE and OpenNF was conducted using Microsoft's threat modeling approach called STRIDE, whose results show the threats on these approaches.","PeriodicalId":240329,"journal":{"name":"2016 3rd International Conference on Electrical Engineering and Information Communication Technology (ICEEICT)","volume":"18 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Security analysis of approaches to integrate middleboxes into software defined networks\",\"authors\":\"Tobias Eggert, R. Khondoker\",\"doi\":\"10.1109/CEEICT.2016.7873055\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Software-defined Networking (SDN) is a novel approach to manage enterprise and data center networks easily. Integration of middleboxes, which provides Network Functions (NF)s that are crucial for network security, performance and reliability, raises new challenges, for example, traversing middle-boxes in a given order makes routing more complex. Rerouted traffic flows require that the state of middleboxes that is no longer part of the route is transferred to middleboxes which becomes part of the route. Software-defined Middlebox PoLicy Enforcement (SIMPLE) and OpenNF are two approaches to integrate middleboxes in SDNs which address these challenges. Since they are responsible to enforce middlebox policies, possible design flaws in their architecture could lead to severe vulnerabilities and put security of the network at stake. Therefore, security analysis of SIMPLE and OpenNF was conducted using Microsoft's threat modeling approach called STRIDE, whose results show the threats on these approaches.\",\"PeriodicalId\":240329,\"journal\":{\"name\":\"2016 3rd International Conference on Electrical Engineering and Information Communication Technology (ICEEICT)\",\"volume\":\"18 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 3rd International Conference on Electrical Engineering and Information Communication Technology (ICEEICT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CEEICT.2016.7873055\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 3rd International Conference on Electrical Engineering and Information Communication Technology (ICEEICT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CEEICT.2016.7873055","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Security analysis of approaches to integrate middleboxes into software defined networks
Software-defined Networking (SDN) is a novel approach to manage enterprise and data center networks easily. Integration of middleboxes, which provides Network Functions (NF)s that are crucial for network security, performance and reliability, raises new challenges, for example, traversing middle-boxes in a given order makes routing more complex. Rerouted traffic flows require that the state of middleboxes that is no longer part of the route is transferred to middleboxes which becomes part of the route. Software-defined Middlebox PoLicy Enforcement (SIMPLE) and OpenNF are two approaches to integrate middleboxes in SDNs which address these challenges. Since they are responsible to enforce middlebox policies, possible design flaws in their architecture could lead to severe vulnerabilities and put security of the network at stake. Therefore, security analysis of SIMPLE and OpenNF was conducted using Microsoft's threat modeling approach called STRIDE, whose results show the threats on these approaches.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
