A Systematic Approach to Threat Modeling and Security Analysis for Software Defined Networking

Taehoon Eom, Jin Hong, Seongmo An, Jong Sou Park, Dong Seong Kim

Research output: Contribution to specialist publicationArticle

Abstract

Software Defined Networking (SDN) extends capabilities of existing networks by providing various functionalities, such as flexible networking controls. However, there are many security threat vectors in SDN, including existing and emerging ones arising from new functionalities, that may hinder the use of SDN. To tackle this problem, many countermeasures have been developed to mitigate various threats faced in SDN. However, their effectiveness must be analyzed and compared to fully understand how security posture of SDN changes when the countermeasure is adopted. Also, it becomes difficult to optimize the security of SDN without using a systematic approach to evaluate the security posture of SDN. In this paper, we propose a novel framework to systematically model and analyze the security posture of SDN. We develop a novel graphical security model formalism named Threat Vector Hierarchical Attack Representation Model (TV-HARM), which provides a systematic approach to evaluate threats, attacks and countermeasures for SDN. The TV-HARM captures different threats and their combinations, enabling security risk assessment of SDN. In addition, we define three new security metrics to represent security of SDN. Our experimental results showed that the proposed security assessment framework can capture and evaluate various security threats to SDN, demonstrating the applicability and feasibility of the proposed framework.
Original languageEnglish
Pages 137432-137445
Volume7
Specialist publicationIEEE Access
DOIs
Publication statusPublished - 9 Sep 2019

Fingerprint

Computer simulation
Software defined networking
Risk assessment

Cite this

Eom, Taehoon ; Hong, Jin ; An, Seongmo ; Park, Jong Sou ; Kim, Dong Seong. / A Systematic Approach to Threat Modeling and Security Analysis for Software Defined Networking. In: IEEE Access. 2019 ; Vol. 7. pp. 137432-137445.
@misc{0ac557ad87cd4f679f601e7b091a69f8,
title = "A Systematic Approach to Threat Modeling and Security Analysis for Software Defined Networking",
abstract = "Software Defined Networking (SDN) extends capabilities of existing networks by providing various functionalities, such as flexible networking controls. However, there are many security threat vectors in SDN, including existing and emerging ones arising from new functionalities, that may hinder the use of SDN. To tackle this problem, many countermeasures have been developed to mitigate various threats faced in SDN. However, their effectiveness must be analyzed and compared to fully understand how security posture of SDN changes when the countermeasure is adopted. Also, it becomes difficult to optimize the security of SDN without using a systematic approach to evaluate the security posture of SDN. In this paper, we propose a novel framework to systematically model and analyze the security posture of SDN. We develop a novel graphical security model formalism named Threat Vector Hierarchical Attack Representation Model (TV-HARM), which provides a systematic approach to evaluate threats, attacks and countermeasures for SDN. The TV-HARM captures different threats and their combinations, enabling security risk assessment of SDN. In addition, we define three new security metrics to represent security of SDN. Our experimental results showed that the proposed security assessment framework can capture and evaluate various security threats to SDN, demonstrating the applicability and feasibility of the proposed framework.",
author = "Taehoon Eom and Jin Hong and Seongmo An and Park, {Jong Sou} and Kim, {Dong Seong}",
year = "2019",
month = "9",
day = "9",
doi = "10.1109/ACCESS.2019.2940039",
language = "English",
volume = "7",
pages = "137432--137445",
journal = "IEEE Access",
issn = "2169-3536",
publisher = "IEEE, Institute of Electrical and Electronics Engineers",

}

A Systematic Approach to Threat Modeling and Security Analysis for Software Defined Networking. / Eom, Taehoon; Hong, Jin; An, Seongmo; Park, Jong Sou; Kim, Dong Seong.

In: IEEE Access, Vol. 7, 09.09.2019, p. 137432-137445.

Research output: Contribution to specialist publicationArticle

TY - GEN

T1 - A Systematic Approach to Threat Modeling and Security Analysis for Software Defined Networking

AU - Eom, Taehoon

AU - Hong, Jin

AU - An, Seongmo

AU - Park, Jong Sou

AU - Kim, Dong Seong

PY - 2019/9/9

Y1 - 2019/9/9

N2 - Software Defined Networking (SDN) extends capabilities of existing networks by providing various functionalities, such as flexible networking controls. However, there are many security threat vectors in SDN, including existing and emerging ones arising from new functionalities, that may hinder the use of SDN. To tackle this problem, many countermeasures have been developed to mitigate various threats faced in SDN. However, their effectiveness must be analyzed and compared to fully understand how security posture of SDN changes when the countermeasure is adopted. Also, it becomes difficult to optimize the security of SDN without using a systematic approach to evaluate the security posture of SDN. In this paper, we propose a novel framework to systematically model and analyze the security posture of SDN. We develop a novel graphical security model formalism named Threat Vector Hierarchical Attack Representation Model (TV-HARM), which provides a systematic approach to evaluate threats, attacks and countermeasures for SDN. The TV-HARM captures different threats and their combinations, enabling security risk assessment of SDN. In addition, we define three new security metrics to represent security of SDN. Our experimental results showed that the proposed security assessment framework can capture and evaluate various security threats to SDN, demonstrating the applicability and feasibility of the proposed framework.

AB - Software Defined Networking (SDN) extends capabilities of existing networks by providing various functionalities, such as flexible networking controls. However, there are many security threat vectors in SDN, including existing and emerging ones arising from new functionalities, that may hinder the use of SDN. To tackle this problem, many countermeasures have been developed to mitigate various threats faced in SDN. However, their effectiveness must be analyzed and compared to fully understand how security posture of SDN changes when the countermeasure is adopted. Also, it becomes difficult to optimize the security of SDN without using a systematic approach to evaluate the security posture of SDN. In this paper, we propose a novel framework to systematically model and analyze the security posture of SDN. We develop a novel graphical security model formalism named Threat Vector Hierarchical Attack Representation Model (TV-HARM), which provides a systematic approach to evaluate threats, attacks and countermeasures for SDN. The TV-HARM captures different threats and their combinations, enabling security risk assessment of SDN. In addition, we define three new security metrics to represent security of SDN. Our experimental results showed that the proposed security assessment framework can capture and evaluate various security threats to SDN, demonstrating the applicability and feasibility of the proposed framework.

UR - http://www.scopus.com/inward/record.url?scp=85077966755&partnerID=8YFLogxK

U2 - 10.1109/ACCESS.2019.2940039

DO - 10.1109/ACCESS.2019.2940039

M3 - Article

VL - 7

SP - 137432

EP - 137445

JO - IEEE Access

JF - IEEE Access

SN - 2169-3536

ER -