A Security Evaluation Framework for Software-Defined Network Architectures in Data Center Environments

Igor Ivkić; Igor Ivkić; Dominik Thiede; Nicholas Race; Matthew Broadbent; Antonios Gouglidis

doi:10.5220/0011988300003488

A Security Evaluation Framework for Software-Defined Network Architectures in Data Center Environments

Igor Ivkić, Igor Ivkić, Dominik Thiede, Nicholas Race, Matthew Broadbent, Antonios Gouglidis

2023

Abstract

Data Center (DC) network requirements. Virtualisation is one of the key drivers of that transformation and enables a massive deployment of computing resources, which exhausts server capacity limits. Furthermore, the increased network endpoints need to be handled dynamically and centrally to facilitate cloud computing functionalities. Traditional DCs barely satisfy those demands because of their inherent limitations based on the network topology. Software-Defined Networks (SDN) promise to meet the increasing network requirements for cloud applications by decoupling control functionalities from data forwarding. Although SDN solutions add more flexibility to DC networks, they also pose new vulnerabilities with a high impact due to the centralised architecture. In this paper we propose an evaluation framework for assessing the security level of SDN architectures in four different stages. Furthermore, we show in an experimental study, how the framework can be used for mapping SDN threats with associated vulnerabilities and necessary mitigations in conjunction with risk and impact classification. The proposed framework helps administrators to evaluate the network security level, to apply countermeasures for identified SDN threats, and to meet the networks security requirements.

Download

Paper Citation

in Harvard Style

Ivkić I., Thiede D., Race N., Broadbent M. and Gouglidis A. (2023). A Security Evaluation Framework for Software-Defined Network Architectures in Data Center Environments. In Proceedings of the 13th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER, ISBN 978-989-758-650-7, SciTePress, pages 277-288. DOI: 10.5220/0011988300003488

in Bibtex Style

@conference{closer23,
author={Igor Ivkić and Dominik Thiede and Nicholas Race and Matthew Broadbent and Antonios Gouglidis},
title={A Security Evaluation Framework for Software-Defined Network Architectures in Data Center Environments},
booktitle={Proceedings of the 13th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,},
year={2023},
pages={277-288},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011988300003488},
isbn={978-989-758-650-7},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 13th International Conference on Cloud Computing and Services Science - Volume 1: CLOSER,
TI - A Security Evaluation Framework for Software-Defined Network Architectures in Data Center Environments
SN - 978-989-758-650-7
AU - Ivkić I.
AU - Thiede D.
AU - Race N.
AU - Broadbent M.
AU - Gouglidis A.
PY - 2023
SP - 277
EP - 288
DO - 10.5220/0011988300003488
PB - SciTePress