Security modeling and analysis of a SDN based web service

Taehoon Eom, Jin B. Hong, Jong Sou Park, Dong Seong Kim

Research output: Chapter in Book/Conference paperConference paper

Abstract

The introduction of a Software-Defined Network (SDN) provides a better functionality and usability over the traditionally static networks. The SDN separates controllers and networking peripherals onto the Control and Data Planes respectively. However, this separation creates new vulnerabilities between the planes. To address this problem, we propose to model and analyze the security of the SDN. Further, we propose a network reconfiguration technique to assess its effectiveness of minimizing the system risk. Our simulation results show that computing the optimal reconfiguration has an exponential time complexity, and there is also a trade-off between the system risk and the server delay.

Original languageEnglish
Title of host publicationAlgorithms and Architectures for Parallel Processing - ICA3PP International Workshops and Symposiums, Proceedings
EditorsG.M. Perez, A. Zomaya, K. Li, G. Wang
Place of PublicationGermany
PublisherSpringer-Verlag London Ltd.
Pages746-756
Number of pages11
Volume9532
ISBN (Print)9783319271606
DOIs
Publication statusPublished - 1 Jan 2015
Externally publishedYes
Event15th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2015 - Zhangjiajie, China
Duration: 18 Nov 201520 Nov 2015

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9532
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference15th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2015
CountryChina
CityZhangjiajie
Period18/11/1520/11/15

Fingerprint

Web services
Web Services
Software
Modeling
Reconfiguration
Servers
Controllers
Exponential time
Vulnerability
Networking
Usability
Time Complexity
Server
Trade-offs
Controller
Computing
Simulation
Model

Cite this

Eom, T., Hong, J. B., Park, J. S., & Kim, D. S. (2015). Security modeling and analysis of a SDN based web service. In G. M. Perez, A. Zomaya, K. Li, & G. Wang (Eds.), Algorithms and Architectures for Parallel Processing - ICA3PP International Workshops and Symposiums, Proceedings (Vol. 9532, pp. 746-756). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9532). Germany: Springer-Verlag London Ltd.. https://doi.org/10.1007/978-3-319-27161-3_68
Eom, Taehoon ; Hong, Jin B. ; Park, Jong Sou ; Kim, Dong Seong. / Security modeling and analysis of a SDN based web service. Algorithms and Architectures for Parallel Processing - ICA3PP International Workshops and Symposiums, Proceedings. editor / G.M. Perez ; A. Zomaya ; K. Li ; G. Wang. Vol. 9532 Germany : Springer-Verlag London Ltd., 2015. pp. 746-756 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{275e2270f5e84321bd086c9c3a56dbaa,
title = "Security modeling and analysis of a SDN based web service",
abstract = "The introduction of a Software-Defined Network (SDN) provides a better functionality and usability over the traditionally static networks. The SDN separates controllers and networking peripherals onto the Control and Data Planes respectively. However, this separation creates new vulnerabilities between the planes. To address this problem, we propose to model and analyze the security of the SDN. Further, we propose a network reconfiguration technique to assess its effectiveness of minimizing the system risk. Our simulation results show that computing the optimal reconfiguration has an exponential time complexity, and there is also a trade-off between the system risk and the server delay.",
keywords = "Attack Graphs, Attack modeling, Security analysis, Security models, Software defined networks",
author = "Taehoon Eom and Hong, {Jin B.} and Park, {Jong Sou} and Kim, {Dong Seong}",
year = "2015",
month = "1",
day = "1",
doi = "10.1007/978-3-319-27161-3_68",
language = "English",
isbn = "9783319271606",
volume = "9532",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer-Verlag London Ltd.",
pages = "746--756",
editor = "G.M. Perez and A. Zomaya and K. Li and Wang, {G. }",
booktitle = "Algorithms and Architectures for Parallel Processing - ICA3PP International Workshops and Symposiums, Proceedings",
address = "Germany",

}

Eom, T, Hong, JB, Park, JS & Kim, DS 2015, Security modeling and analysis of a SDN based web service. in GM Perez, A Zomaya, K Li & G Wang (eds), Algorithms and Architectures for Parallel Processing - ICA3PP International Workshops and Symposiums, Proceedings. vol. 9532, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9532, Springer-Verlag London Ltd., Germany, pp. 746-756, 15th International Conference on Algorithms and Architectures for Parallel Processing, ICA3PP 2015, Zhangjiajie, China, 18/11/15. https://doi.org/10.1007/978-3-319-27161-3_68

Security modeling and analysis of a SDN based web service. / Eom, Taehoon; Hong, Jin B.; Park, Jong Sou; Kim, Dong Seong.

Algorithms and Architectures for Parallel Processing - ICA3PP International Workshops and Symposiums, Proceedings. ed. / G.M. Perez; A. Zomaya; K. Li; G. Wang. Vol. 9532 Germany : Springer-Verlag London Ltd., 2015. p. 746-756 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9532).

Research output: Chapter in Book/Conference paperConference paper

TY - GEN

T1 - Security modeling and analysis of a SDN based web service

AU - Eom, Taehoon

AU - Hong, Jin B.

AU - Park, Jong Sou

AU - Kim, Dong Seong

PY - 2015/1/1

Y1 - 2015/1/1

N2 - The introduction of a Software-Defined Network (SDN) provides a better functionality and usability over the traditionally static networks. The SDN separates controllers and networking peripherals onto the Control and Data Planes respectively. However, this separation creates new vulnerabilities between the planes. To address this problem, we propose to model and analyze the security of the SDN. Further, we propose a network reconfiguration technique to assess its effectiveness of minimizing the system risk. Our simulation results show that computing the optimal reconfiguration has an exponential time complexity, and there is also a trade-off between the system risk and the server delay.

AB - The introduction of a Software-Defined Network (SDN) provides a better functionality and usability over the traditionally static networks. The SDN separates controllers and networking peripherals onto the Control and Data Planes respectively. However, this separation creates new vulnerabilities between the planes. To address this problem, we propose to model and analyze the security of the SDN. Further, we propose a network reconfiguration technique to assess its effectiveness of minimizing the system risk. Our simulation results show that computing the optimal reconfiguration has an exponential time complexity, and there is also a trade-off between the system risk and the server delay.

KW - Attack Graphs

KW - Attack modeling

KW - Security analysis

KW - Security models

KW - Software defined networks

UR - http://www.scopus.com/inward/record.url?scp=84951967055&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-27161-3_68

DO - 10.1007/978-3-319-27161-3_68

M3 - Conference paper

SN - 9783319271606

VL - 9532

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 746

EP - 756

BT - Algorithms and Architectures for Parallel Processing - ICA3PP International Workshops and Symposiums, Proceedings

A2 - Perez, G.M.

A2 - Zomaya, A.

A2 - Li, K.

A2 - Wang, G.

PB - Springer-Verlag London Ltd.

CY - Germany

ER -

Eom T, Hong JB, Park JS, Kim DS. Security modeling and analysis of a SDN based web service. In Perez GM, Zomaya A, Li K, Wang G, editors, Algorithms and Architectures for Parallel Processing - ICA3PP International Workshops and Symposiums, Proceedings. Vol. 9532. Germany: Springer-Verlag London Ltd. 2015. p. 746-756. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-27161-3_68