Skip to main content
SpringerLink
Log in

Software-Defined Network (SDN) Data Plane Security: Issues, Solutions, and Future Directions

  • Chapter
  • First Online:
Handbook of Computer Networks and Cyber Security

Abstract

Software-defined network (SDN) radically changes the network architecture by decoupling the network logic from the underlying forwarding devices. This architectural change rejuvenates the network-layer granting centralized management and reprogrammability of the networks. From a security perspective, SDN separates security concerns into control and data plane, and this architectural recomposition brings up exciting opportunities and challenges. The overall perception is that SDN capabilities will ultimately result in improved security. However, in its raw form, SDN could potentially make networks more vulnerable to attacks and harder to protect. In this paper, we provide a comprehensive review of SDN security domain while focusing on its data plane, which is one of the least explored but most critical aspects in securing this technology. We review the most recent enhancements in SDNs, identify the main vulnerabilities of SDNs, and provide a novel attack taxonomy for SDNs. Thereafter, we provide a comprehensive analysis of challenges involved in protecting SDN data plane and control plane and provide an in-depth look into available solutions with respect to the identified threats and identify their limitations. To highlight the importance of securing the SDN platform, we also review the numerous security services built on top of this technology. We conclude the paper by offering future research directions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 299.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    A Packet_In message is sent by forwarding devices to the controller when a packet does not match any of its flow rules.

  2. 2.

    A Flow-mod message allows the controller to modify the state of an OpenFlow switch.

  3. 3.

    The aphorism “security through obscurity” suggests that hiding information provides some level of security.

  4. 4.

    A link layer protocol used by network devices for advertising their identity, capabilities to neighbors on a LAN segment.

  5. 5.

    SPOF is a part of a system that upon failure will prevent an entire system from functioning.

References

  1. Abaid, Z., Rezvani, M., & Jha, S. (2014). MalwareMonitor: An SDN-based framework for securing large networks. In Proceedings of the 2014 CoNEXT on Student Workshop (pp. 40–42). New York, NY: ACM.

    Google Scholar 

  2. Abdou, A., Van Oorschot, P. C., & Wan, T. (2018). Comparative analysis of control plane security of SDN and conventional networks. IEEE Communications Surveys & Tutorials, 20(4), 3542–3559.

    Article  Google Scholar 

  3. Agarwal, K., Rozner, E., Dixon, C., & Carter, J. (2014). SDN traceroute: Tracing SDN forwarding without changing network behavior. In Proceedings of the Third Workshop on Hot Topics in Software Defined Networking (pp. 145–150). New York, NY: ACM.

    Google Scholar 

  4. Ahmad, I., Namal, S., Ylianttila, M., & Gurtov, A. (2015). Security in software defined networks: A survey. IEEE Communications Surveys & Tutorials, 17(4), 2317–2346.

    Article  Google Scholar 

  5. Akhunzada, A., Gani, A., Anuar, N. B., Abdelaziz, A., Khan, M. K., Hayat, A., & Khan, S. U. (2016). Secure and dependable software defined networks. Journal of Network and Computer Applications, 61, 199–221.

    Article  Google Scholar 

  6. Al-Shaer, E., & Al-Haj, S. (2010). FlowChecker: Configuration analysis and verification of federated OpenFlow infrastructures. In Proceedings of the 3rd ACM Workshop on Assurable and Usable Security Configuration (pp. 37–44). New York, NY: ACM.

    Chapter  Google Scholar 

  7. Ali, S. T., Sivaraman, V., Radford, A., & Jha, S. (2015). A survey of securing networks using software defined networking. IEEE Transactions on Reliability, 64(3), 1086–1097.

    Article  Google Scholar 

  8. Alsmadi, I., & Xu, D. (2015). Security of software defined networks: A survey. Computers & Security, 53, 79–108.

    Article  Google Scholar 

  9. Anwer, M. B., Benson, T., Feamster, N., Levin, D., & Rexford, J. (2013). A slick control plane for network middleboxes. In Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking (pp. 147–148). New York, NY: ACM.

    Chapter  Google Scholar 

  10. Arashloo, M. T., Koral, Y., Greenberg, M., Rexford, J., & Walker, D. (2016). SNAP: Stateful network-wide abstractions for packet processing. In Proceedings of the 2016 Conference on ACM SIGCOMM 2016 Conference (pp. 29–43). ACM, 2016.

    Google Scholar 

  11. Assolini, F. (2012). The tale of one thousand and one DSL modems. Kaspersky Lab.

    Google Scholar 

  12. Avramopoulos, I., Kobayashi, H., Wang, R., & Krishnamurthy, A. (2004). Highly secure and efficient routing. In INFOCOM 2004. Twenty-Third Annual Joint Conference of the IEEE Computer and Communications Societies (Vol. 1). Piscataway, NJ: IEEE.

    Google Scholar 

  13. Awerbuch, B., Curtmola, R., Holmer, D., Nita-Rotaru, C., & Rubens, H. (2008). ODSBR: An on-demand secure byzantine resilient routing protocol for wireless ad hoc networks. ACM Transactions on Information and System Security (TISSEC), 10(4), 6.

    Article  Google Scholar 

  14. Benton, K., Camp, L. J., & Small, C. (2013). OpenFlow vulnerability assessment. In Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking (pp. 151–152). New York, NY: ACM.

    Chapter  Google Scholar 

  15. Berde, P., Gerola, M., Hart, J., Higuchi, Y., Kobayashi, M., Koide, T., et al. (2014). ONOS: Towards an open, distributed SDN OS. In Proceedings of the Third Workshop on Hot Topics in Software Defined Networking (pp. 1–6). New York, NY: ACM.

    Google Scholar 

  16. Bianchi, G., Bonola, M., Capone, A., & Cascone, C. (2014). OpenState: Programming platform-independent stateful OpenFlow applications inside the switch. ACM SIGCOMM Computer Communication Review, 44(2), 44–51.

    Article  Google Scholar 

  17. Big Switch Networks, Project Floodlight. Retrieved July 1, 2018 from http://www.projectfloodlight.org

  18. Bishop, M. A. (2002). The art and science of computer security. Reading, MA: Addison-Wesley Longman Publishing.

    Google Scholar 

  19. Bosshart, P., Gibb, G., Kim, H.-S., Varghese, G., McKeown, N., Izzard, M., et al. (2013). Forwarding metamorphosis: Fast programmable match-action processing in hardware for SDN. In ACM SIGCOMM Computer Communication Review (Vol. 43, pp. 99–110). New York, NY: ACM.

    Article  Google Scholar 

  20. Braga, R., de Souza Mota, E., & Passito, A. (2010). Lightweight DDOS flooding attack detection using NOX/OpenFlow. In 2010 IEEE 35th Conference on Local Computer Networks (LCN) (pp. 408–415). Piscataway, NJ: IEEE.

    Google Scholar 

  21. Brooks, M., & Yang, B. (2015). A man-in-the-middle attack against OpenDaylight SDN controller. In Proceedings of the 4th Annual ACM Conference on Research in Information Technology (pp. 45–49). New York, NY: ACM.

    Chapter  Google Scholar 

  22. Bu, K., Wen, X., Yang, B., Chen, Y., Li, L. E., & Chen, X. (2016). Is every flow on the right track? Inspect SDN forwarding with RuleScope. In IEEE INFOCOM 2016-The 35th Annual IEEE International Conference on Computer Communications (pp. 1–9). Piscataway, NJ: IEEE.

    Google Scholar 

  23. Bull, P., Austin, R., Popov, E., Sharma, M., & Watson, R. (2016). Flow based security for IoT devices using an SDN gateway. In 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud) (pp. 157–163). Piscataway, NJ: IEEE.

    Chapter  Google Scholar 

  24. Buyya, R., Calheiros, R. N., Son, J., Dastjerdi, A. V., & Yoon, Y. (2014). Software-defined cloud computing: Architectural elements and open challenges. In 2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI) (pp. 1–12). Piscataway, NJ: IEEE.

    Google Scholar 

  25. Buyya, R., Srirama, S. N., Casale, G., Calheiros, R., Simmhan, Y., Varghese, B., et al. (2017). A manifesto for future generation cloud computing: Research directions for the next decade. ACM Computing Surveys, 51(5), 105.

    Google Scholar 

  26. Chakrabarty, S., Engels, D. W., & Thathapudi, S. (2015). Black SDN for the internet of things. In 2015 IEEE 12th International Conference on Mobile Ad Hoc and Sensor Systems (MASS) (pp. 190–198). Piscataway, NJ: IEEE.

    Chapter  Google Scholar 

  27. Chakravarty, S., Naik, V., Acharya, H. B., & Tanwar, C. S. (2015). Towards practical infrastructure for decoy routing (positional paper). In Proceedings of the Workshop on Security of Emerging Networking Technologies (SENT) Held in Conjunction with 22nd Network and Distributed System Security (NDSS) Symposium. Internet Society.

    Google Scholar 

  28. Chasaki, D., & Wolf, T. (2012). Attacks and defenses in the data plane of networks. IEEE Transactions on Dependable and Secure Computing, 9(6), 798–810.

    Article  Google Scholar 

  29. Chinese hackers who breached Google gained access to sensitive data, U.S. officials say. Retrieved August 5, 2018 from https://goo.gl/QrP2iV, 2013.

  30. Chung, C.-J., Khatkar, P., Xing, T., Lee, J., & Huang, D. (2013). Nice: Network intrusion detection and countermeasure selection in virtual network systems. IEEE Transactions on Dependable and Secure Computing, 10(4), 198–211.

    Article  Google Scholar 

  31. Dangovas, V., & Kuliesius, F. (2014). SDN-driven authentication and access control system. In The International Conference on Digital Information, Networking, and Wireless Communications (DINWC2014) (pp. 20–23). The Society of Digital Information and Wireless Communication.

    Google Scholar 

  32. Dargahi, T., Caponi, A., Ambrosin, M., Bianchi, G., & Conti, M. (2017). A survey on the security of stateful SDN data planes. IEEE Communications Surveys & Tutorials, 19(3), 1701–1725.

    Article  Google Scholar 

  33. Desmedt, Y., & Shaghaghi, A. (2016). Function-based access control (FBAC): From access control matrix to access control tensor. In Proceedings of the 8th ACM CCS International Workshop on Managing Insider Security Threats. New York, NY: ACM.

    Google Scholar 

  34. Dhawan, M., Poddar, R., Mahajan, K., & Mann, V. (2015). SPHINX: Detecting security attacks in software-defined networks. In NDSS (pp. 8–11).

    Google Scholar 

  35. Di Maio, A., Palattella, M., Soua, R., Lamorte, L., Vilajosana, X., Alonso-Zarate, J., et al. (2016). Enabling SDN in VANETs: What is the impact on security? Sensors, 16(12), 2077.

    Article  Google Scholar 

  36. Dong, X., Lin, H., Tan, R., Iyer, R. K., & Kalbarczyk, Z. (2015). Software-defined networking for smart grid resilience: Opportunities and challenges. In Proceedings of the 1st ACM Workshop on Cyber-Physical System Security, CPSS ’15 (pp. 61–68). New York, NY: ACM.

    Google Scholar 

  37. Erickson, D. (2013). The beacon openflow controller. In Proceedings of the second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking (pp. 13–18). New York, NY: ACM.

    Chapter  Google Scholar 

  38. Feldmann, A., Heyder, P., Kreutzer, M., Schmid, S., Seifert, J. P., Shulman, H., et al. (2016). NETCO: Reliable routing with unreliable routers. In 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshop (pp. 128–135). Piscataway, NJ: IEEE.

    Chapter  Google Scholar 

  39. Feng, T., Bi, J., Yao, G., & Xiao, P. (2012). InSAVO: Intra-AS IP source address validation solution with OpenRouter. In Proceedings of INFOCOM.

    Google Scholar 

  40. Ferguson, A. D., Guha, A., Liang, C., Fonseca, R., & Krishnamurthi, S. (2013). Participatory networking: An API for application control of SDNS. In ACM SIGCOMM Computer Communication Review (Vol. 43, pp. 327–338). New York, NY: ACM.

    Google Scholar 

  41. Flauzac, O., Gonzalez, C., Hachani, A., & Nolot, F. (2015). SDN based architecture for IoT and improvement of the security. In 2015 IEEE 29th International Conference on Advanced Information Networking and Applications Workshops (WAINA) (pp. 688–693). Piscataway, NJ: IEEE.

    Chapter  Google Scholar 

  42. Fonseca, P., Bennesby, R., Mota, E., & Passito, A. (2012). A replication component for resilient openflow-based networking. In 2012 IEEE Network Operations and Management Symposium (NOMS) (pp. 933–939). Piscataway, NJ: IEEE.

    Chapter  Google Scholar 

  43. Foster, N., Harrison, R., Freedman, M. J., Monsanto, C., Rexford, J., Story, A., & Walker, D. (2011). Frenetic: A network programming language. ACM SIGPLAN Notices, 46(9), 279–291.

    Article  MATH  Google Scholar 

  44. Gember, A., Dragga, C., & Akella, A. (2012). ECOS: Leveraging software-defined networks to support mobile application offloading. In 2012 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS) (pp. 199–210). Piscataway, NJ: IEEE.

    Google Scholar 

  45. Gharakheili, H. H., Exton, L., Sivaraman, V., Matthews, J., & Russell, C. (2015). Third-party customization of residential internet sharing using SDN. In Telecommunication Networks and Applications Conference (ITNAC), 2015 International (pp. 214–219). Piscataway, NJ: IEEE.

    Chapter  Google Scholar 

  46. Giotis, K., Argyropoulos, C., Androulidakis, G., Kalogeras, D., & Maglaris, V. (2014). Combining openflow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments. Computer Networks, 62, 122–136.

    Article  Google Scholar 

  47. Goransson, P., Black, C., & Culver, T. (2016). Software defined networks: A comprehensive approach. Los Altos, CA: Morgan Kaufmann.

    Google Scholar 

  48. Handigol, N., Heller, B., Jeyakumar, V., Mazières, D., & McKeown, N. (2014). I know what your packet did last hop: Using packet histories to troubleshoot networks. In 11th USENIX Symposium on Networked Systems Design and Implementation (NSDI 14) (pp. 71–85).

    Google Scholar 

  49. Heller, B. (2009). Openflow switch specification, version 1.0.0. Open Networking Foundation.

    Google Scholar 

  50. Hong, S., Xu, L., Wang, H., & Gu, G. (2015). Poisoning network visibility in software-defined networks: New attacks and countermeasures. In NDSS (Vol. 15, pp. 8–11).

    Google Scholar 

  51. Hsu, H.-W., Huang, K.-L., Kao, Y.-C., Tsai, S.-C., & Lin, Y.-B. (2017). Deploying WLAN service with openflow technology. International Journal of Network Management, 27(3), e1970

    Article  Google Scholar 

  52. Hu, H., Ahn, G. J., Han, W., & Zhao, Z. (2014). Towards a reliable SDN firewall. Presented as part of the Open Networking Summit 2014 (ONS)

    Google Scholar 

  53. Hu, H., Han, W., Ahn, G.-J., & Zhao, Z. (2014). FLOWGUARD: Building robust firewalls for software-defined networks. In Proceedings of the Third Workshop on Hot Topics in Software Defined Networking (pp. 97–102). New York, NY: ACM.

    Google Scholar 

  54. Jafarian, J. H., Al-Shaer, E., & Duan, Q. (2012). Openflow random host mutation: Transparent moving target defense using software defined networking. In Proceedings of the First Workshop on Hot Topics in Software Defined Networks (pp. 127–132). New York, NY: ACM.

    Chapter  Google Scholar 

  55. Jo, H., Nam, J., & Shin, S. (2018). NOSArmor: Building a secure network operating system. Security and Communication Networks, 2018, 9178425.

    Article  Google Scholar 

  56. Kalkan, K., & Zeadally, S. (2017). Securing internet of things (IoT) with software defined networking (SDN). IEEE Communications Magazine, (99), 1–7.

    Google Scholar 

  57. Karakus, M., & Durresi, A. (2017). Quality of service (QOS) in software defined networking (SDN): A survey. Journal of Network and Computer Applications, 80, 200–218.

    Article  Google Scholar 

  58. Katta, N., Hira, M., Kim, C., Sivaraman, A., & Rexford, J. (2016). Hula: Scalable load balancing using programmable data planes. In Proceedings of the Symposium on SDN Research (p. 10). New York, NY: ACM.

    Google Scholar 

  59. Kazemian, P., Chang, M., Zeng, H., Varghese, G., McKeown, N., & Whyte, S. (2013). Real time network policy checking using header space analysis. Presented as part of the 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI) (pp. 99–111).

    Google Scholar 

  60. Kazemian, P., Varghese, G., & McKeown, N. (2012). Header space analysis: Static checking for networks. Presented as Part of the 9th USENIX Symposium on Networked Systems Design and Implementation (NSDI 12) (pp. 113–126).

    Google Scholar 

  61. Khurshid, A., Zou, X., Zhou, W., Caesar, M., & Godfrey, P. B. (2013). VeriFlow: Verifying network-wide invariants in real time. In Proceedings of the First Workshop on Hot Topics in Software Defined Networks (pp. 49–54). New York, NY: ACM.

    Google Scholar 

  62. Khurshid, A., Zou, X., Zhou, W., Caesar, M., & Godfrey, P. B. (2013). VeriFlow: Verifying network-wide invariants in real time. Presented as Part of the 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI 13) (pp. 15–27).

    Google Scholar 

  63. Kirkpatrick, K. (2013). Software-defined networking. Communications of the ACM, 56(9), 16–19.

    Article  Google Scholar 

  64. Kloti, R., Kotronis, V., & Smith, P. (2013). Openflow: A security analysis. In 2013 21st IEEE International Conference on Network Protocols (ICNP) (pp. 1–6). Piscataway, NJ: IEEE.

    Google Scholar 

  65. Koponen, T., Casado, M., Gude, N., Stribling, J., Poutievski, L., Zhu, M., et al. (2010). Onix: A distributed control platform for large-scale production networks. In OSDI (Vol. 10, pp. 1–6).

    Google Scholar 

  66. Kotani, D., & Okabe, Y. (2014). A packet-in message filtering mechanism for protection of control plane in openflow networks. In Proceedings of the Tenth ACM/IEEE Symposium on Architectures for Networking and Communications Systems (pp. 29–40). New York, NY: ACM.

    Google Scholar 

  67. Kreutz, D., Ramos, F., & Verissimo, P. (2013). Towards secure and dependable software-defined networks. In Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking (pp. 55–60). New York, NY: ACM.

    Chapter  Google Scholar 

  68. Kreutz, D., Ramos, F. M., Verissimo, P., Rothenberg, C. E., Azodolmolky, S., & Uhlig, S. (2015). Software-defined networking: A comprehensive survey. Proceedings of the IEEE, 103(1), 14–76.

    Article  Google Scholar 

  69. Krösche, R., Thimmaraju, K., Schiff, L., & Schmid, S. (2018). I did it my way! A covert timing channel in software-defined networks.

    Google Scholar 

  70. Lee, S., Wong, T., & Kim, H. S. (2006). Secure split assignment trajectory sampling: A malicious router detection system. In International Conference on Dependable Systems and Networks, DSN (pp. 333–342). Piscataway, NJ: IEEE.

    Google Scholar 

  71. Li, Q., Zou, X., Huang, Q., Zheng, J., & Lee, P. P. (2018). Dynamic packet forwarding verification in SDN. IEEE Transactions on Dependable and Secure Computing.

    Google Scholar 

  72. Lin, P.-C., Li, P.-C., & Nguyen, V. L. (2017). Inferring openflow rules by active probing in software-defined networks. In 2017 19th International Conference on Advanced Communication Technology (ICACT) (pp. 415–420). Piscataway, NJ: IEEE.

    Chapter  Google Scholar 

  73. Lindner, F. (2009). Cisco IOS router exploitation. Black Hat USA.

    Google Scholar 

  74. Liu, K., Deng, J., Varshney, P. K., & Balakrishnan, K. (2007). An acknowledgment-based approach for the detection of routing misbehavior in MANETs. IEEE Transactions on Mobile Computing, 6(5), 536–550.

    Article  Google Scholar 

  75. Liu, X., Li, A., Yang, X., & Wetherall, D. (2008). Passport: Secure and adoptable source authentication. In NSDI (Vol. 8, pp. 365–378).

    Google Scholar 

  76. Liu, X., Xue, H., Feng, X., & Dai, Y. (2011). Design of the multi-level security network switch system which restricts covert channel. In 2011 IEEE 3rd International Conference on Communication Software and Networks (ICCSN) (pp. 233–237). Piscataway, NJ: IEEE.

    Chapter  Google Scholar 

  77. Mahajan, R., Rodrig, M., Wetherall, D., & Zahorjan, J. (2005). Sustaining cooperation in multi-hop wireless networks. In Proceedings of the 2nd Conference on Symposium on Networked Systems Design & Implementation (Vol. 2, pp. 231–244). Berkeley, CA: USENIX Association.

    Google Scholar 

  78. Marti, S., Giuli, T. J., Lai, K., & Baker, M. (2000). Mitigating routing misbehavior in mobile ad hoc networks. In Proceedings of the 6th Annual International Conference on Mobile Computing and Networking (pp. 255–265). New York, NY: ACM.

    Google Scholar 

  79. Matias, J., Tornero, B., Mendiola, A., Jacob, E., & Toledo, N. (2012). Implementing layer 2 network virtualization using openflow: Challenges and solutions. In 2012 European Workshop on Software Defined Networking (EWSDN) (pp. 30–35). Piscataway, NJ: IEEE.

    Chapter  Google Scholar 

  80. McBride, M., Cohn, M., Deshpande, S., Kaushik, M., Mathews, M., & Nathan, S. (2013). SDN security considerations in the data center. Open Networking Foundation-ONF SOLUTION BRIEF.

    Google Scholar 

  81. McKeown, N. (2009). Software-defined networking. INFOCOM Keynote Talk, 17(2), 30–32.

    Google Scholar 

  82. McKeown, N., Anderson, T., Balakrishnan, H., Parulkar, G., Peterson, L., Rexford, J., et al. (2008). Openflow: Enabling innovation in campus networks. ACM SIGCOMM Computer Communication Review, 38(2), 69–74.

    Article  Google Scholar 

  83. Medved, J., Varga, R., Tkacik, A., & Gray, K. (2014). OpenDaylight: Towards a model-driven SDN controller architecture. In 2014 IEEE 15th International Symposium on World of Wireless, Mobile and Multimedia Networks (WoWMoM) (pp. 1–6). Piscataway, NJ: IEEE.

    Google Scholar 

  84. Mehdi, S. A., Khalid, J., & Khayam, S. A. (2011). Revisiting traffic anomaly detection using software defined networking. In International Workshop on Recent Advances in Intrusion Detection (pp. 161–180). Berlin: Springer.

    Chapter  Google Scholar 

  85. Meloni, S., Gómez-Gardenes, J., Latora, V., & Moreno, Y. (2008). Scaling breakdown in flow fluctuations on complex networks. Physical Review Letters, 100(20), 208701

    Article  Google Scholar 

  86. Mendonca, M., Seetharaman, S., & Obraczka, K. (2012). A flexible in-network IP anonymization service. In 2012 IEEE International Conference on Communications (ICC) (pp. 6651–6656). Piscataway, NJ: IEEE.

    Chapter  Google Scholar 

  87. Monsanto, C., Foster, N., Harrison, R., & Walker, D. (2012). A compiler and run-time system for network programming languages. In ACM SIGPLAN Notices (Vol. 47, pp. 217–230). New York, NY: ACM.

    Google Scholar 

  88. Monsanto, C., Reich, J., Foster, N., Rexford, J., & Walker, D. (2013). Composing software defined networks. In 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI 13) (Vol. 13, pp. 1–13).

    Google Scholar 

  89. Moshref, M., Bhargava, A., Gupta, A., Yu, M., & Govindan, R. (2014). Flow-level state transition as a new switch primitive for SDN. In Proceedings of the Third Workshop on Hot Topics in Software Defined Networking (pp. 61–66). New York, NY: ACM.

    Google Scholar 

  90. Nadeau, T. D., & Gray, K. (2013). SDN: Software defined networks: An authoritative review of network programmability technologies. Sebastopol, CA: O’Reilly Media.

    Google Scholar 

  91. Naous, J., Walfish, M., Nicolosi, A., Mazières, D., Miller, M., & Seehra, A. (2011). Verifying and enforcing network paths with ICING. In Proceedings of the Seventh Conference on Emerging Networking Experiments and Technologies (p. 30). New York, NY: ACM.

    Google Scholar 

  92. Ng, E., Cai, Z., & Cox, A. (2010). Maestro: A system for scalable OpenFlow control. Rice University, Houston, TX, TSEN Maestro-Techn. Rep, TR10-08.

    Google Scholar 

  93. Nguyen, T.-H., & Yoo, M. (2017). Analysis of link discovery service attacks in SDN controller. In 2017 International Conference on Information Networking (ICOIN) (pp. 259–261). Piscataway, NJ: IEEE.

    Chapter  Google Scholar 

  94. Nippon Telegraph and Telephone Corporation, RYU network operating system. Retrieved June 1, 2018 from http://osrg.github.com/ryu

  95. NIST: CVE-2014-9295 detail. Retrieved August 1, 2018 from https://nvd.nist.gov/vuln/detail/CVE-2014-9295, 2014.

  96. Nobakht, M., Sivaraman, V., & Boreli, R. (2016). A host-based intrusion detection and mitigation framework for smart home IoT using OpenFlow. In 2016 11th International Conference on Availability, Reliability and Security (ARES) (pp. 147–156). Piscataway, NJ: IEEE.

    Chapter  Google Scholar 

  97. NSA Preps America for Future battle, Spiegel. Retrieved September 1, 2018 from https://goo.gl/PXMXeG, 2015.

  98. OConnor, T. J., Enck, W., Petullo, W. M., & Verma, A. (2018). PivotWall: SDN-based information flow control. In SIGCOMM Symposium on Software Defined Networking Research (SOSR). New York, NY: ACM.

    Google Scholar 

  99. Open Networking Foundation. The benefits of multiple flow tables and TTPs. Technical report, ONF Technical Report, 2015 [visited on 2018-07-01].

    Google Scholar 

  100. OpenFlow Switch Specification 1.5. 1(Protocol version 0x06), 2014.

    Google Scholar 

  101. OpenStack and network virtualization. Retrieved August 1, 2018 from http://blogs.vmware.com/vmware/2013/04/openstack-and-network-virtualization.html, 2013.

  102. Open vSwitch. Retrieved August 5, 2018 from https://www.openvswitch.org/

  103. Padmanabhan, V. N., & Simon, D. R. (2003). Secure traceroute to detect faulty or malicious routing. ACM SIGCOMM Computer Communication Review, 33(1), 77–82.

    Article  Google Scholar 

  104. Pelekis, N., Kopanakis, I., Panagiotakis, C., & Theodoridis, Y. (2010). Unsupervised trajectory sampling. In Machine learning and knowledge discovery in databases (pp. 17–33). Berlin: Springer.

    Chapter  Google Scholar 

  105. Perešíni, P., Kuźniar, M., & Kostić, D. (2015). Monocle: Dynamic, fine-grained data plane monitoring. In Proceedings of the 11th ACM Conference on Emerging Networking Experiments and Technologies (p. 32). New York, NY: ACM.

    Google Scholar 

  106. Pfaff, B., & Davie, B. (2013). The Open vSwitch database management protocol. Internet Engineering Task Force, RFC 7047 (Informational). http://vswitch.org

  107. Phemius, K., Bouet, M., & Leguay, J. (2014). Disco: Distributed multi-domain SDN controllers. In 2014 IEEE Network Operations and Management Symposium (NOMS) (pp. 1–4). Piscataway, NJ: IEEE.

    Google Scholar 

  108. Photos of an NSA upgrade factory show Cisco router getting implant. Retrieved September 1, 2018 from https://goo.gl/KNH6gD, 2014.

  109. PicOS: One-of-a-Kind Open NOS. Retrieved September 1, 2018 from https://www.pica8.com/product/#sdn-edition

  110. Porras, P., Shin, S., Yegneswaran, V., Fong, M., Tyson, M., & Gu, G. (2012). A security enforcement kernel for OpenFlow networks. In Proceedings of the First Workshop on Hot Topics in Software Defined Networks (pp. 121–126). New York, NY: ACM.

    Chapter  Google Scholar 

  111. Porras, P. A., Cheung, S., Fong, M. W., Skinner, K., & Yegneswaran, V. (2015). Securing the software defined network control layer. In NDSS.

    Google Scholar 

  112. Qazi, Z. A., Tu, C.-C., Chiang, L., Miao, R., Sekar, V., & Yu, M. (2013). SIMPLE-fying middlebox policy enforcement using SDN. In ACM SIGCOMM Computer Communication Review (Vol. 43, pp. 27–38). New York, NY: ACM.

    Google Scholar 

  113. Salman, O., Abdallah, S., Elhajj, I. H., Chehab, A., & Kayssi, A. (2016). Identity-based authentication scheme for the internet of things. In 2016 IEEE Symposium on Computers and Communication (ISCC) (pp. 1109–1111). Piscataway, NJ: IEEE.

    Chapter  Google Scholar 

  114. Sándor, H., Genge, B., & Sebestyén-Pál, G. (2015). Resilience in the internet of things: The software defined networking approach. In 2015 IEEE International Conference on Intelligent Computer Communication and Processing (ICCP) (pp. 545–552). Piscataway, NJ: IEEE.

    Chapter  Google Scholar 

  115. Sasaki, T., Pappas, C., Lee, T., Hoefler, T., & Perrig, A. (2016). SDNsec: Forwarding accountability for the SDN data plane. In 2016 25th International Conference on Computer Communication and Networks (ICCCN) (pp. 1–10). Piscataway, NJ: IEEE.

    Google Scholar 

  116. Schehlmann, L., & Baier, H. (2013). COFFEE: A concept based on OpenFlow to filter and erase events of botnet activity at high-speed nodes. In GI-Jahrestagung (pp. 2225–2239).

    Google Scholar 

  117. Scott-Hayward, S. (2015). Design and deployment of secure, robust, and resilient SDN controllers. In 2015 1st IEEE Conference on Network Softwarization (NetSoft) (pp. 1–5). Piscataway, NJ: IEEE.

    Google Scholar 

  118. Scott-Hayward, S., Kane, C., & Sezer, S. (2014). OperationCheckpoint: SDN application control. In 2014 IEEE 22nd International Conference on Network Protocols (ICNP) (pp. 618–623). Piscataway, NJ: IEEE.

    Chapter  Google Scholar 

  119. Scott-Hayward, S., Natarajan, S., & Sezer, S. (2015). A survey of security in software defined networks. IEEE Communications Surveys & Tutorials, 18(1), 623–654.

    Article  Google Scholar 

  120. Scott-Hayward, S., Natarajan, S., & Sezer, S. (2016). A survey of security in software defined networks. IEEE Communications Surveys & Tutorials, 18(1), 623–654.

    Article  Google Scholar 

  121. Sezer, S., Scott-Hayward, S., Chouhan, P. K., Fraser, B., Lake, D., Finnegan, J., et al. (2013). Are we ready for SDN? Implementation challenges for software-defined networks. IEEE Communications Magazine, 51(7), 36–43

    Article  Google Scholar 

  122. Shaghaghi, A., Kaafar, M. A., & Jha, S. (2017). WedgeTail: An intrusion prevention system for the data plane of software defined networks. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security (ASIA CCS’17) (pp. 849–861). New York, NY: ACM.

    Google Scholar 

  123. Shaghaghi, A., Kaafar, M. A., Scott-Hayward, S., Kanhere, S. S., Jha, S. (2016). Towards policy enforcement point of (PEPS). In IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN) (pp. 50–55). Piscataway, NJ: IEEE.

    Chapter  Google Scholar 

  124. Shaghaghi, A., Kanhere, S. S., Kaafar, M. A., Bertino, E., & Jha, S. (2018). Gargoyle: A network-based insider attack resilient framework for organizations. In 2018 IEEE 43rd Conference on Local Computer Networks (LCN). Piscataway, NJ: IEEE.

    Google Scholar 

  125. Shaghaghi, A., Kanhere, S. S., Kaafar, M. A., & Jha, S. (2018). Gwardar: Towards protecting a software-defined network from malicious network operating systems. In 2018 IEEE 17th International Symposium on Network Computing and Applications (NCA) (pp. 1–5). Piscataway, NJ: IEEE.

    Google Scholar 

  126. Shang, A., Liao, J.,& Du, L. Pica8 Xorplus. http://sourceforge.net/projects/xorplus. [Online, visited on 2018-06-01].

  127. Shin, S., & Gu, G. (2012). CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?). In 2012 20th IEEE International Conference on Network Protocols (ICNP) (pp. 1–6). Piscataway, NJ: IEEE.

    Google Scholar 

  128. Shin, S., & Gu, G. (2013). Attacking software-defined networks: A first feasibility study. In Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking (pp. 165–166). New York, NY: ACM.

    Chapter  Google Scholar 

  129. Shin, S., Song, Y., Lee, T., Lee, S., Chung, J., Porras, P., et al. (2014). Rosemary: A robust, secure, and high-performance network operating system. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (pp. 78–89). New York, NY: ACM.

    Google Scholar 

  130. Shin, S., Yegneswaran, V., Porras, P., & Gu, G. (2013). Avant-guard: Scalable and vigilant switch flow management in software-defined networks. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (pp. 413–424). New York, NY: ACM.

    Google Scholar 

  131. Shin, S. W., Porras, P., Yegneswara, V., Fong, M., Gu, G., & Tyson, M. (2013). FRESCO: Modular composable security services for software-defined networks. In 20th Annual Network & Distributed System Security Symposium (NDSS).

    Google Scholar 

  132. Shirali-Shahreza, S., & Ganjali, Y. (2013). FleXam: Flexible sampling extension for monitoring and security applications in OpenFlow. In Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking (pp. 167–168). New York, NY: ACM.

    Chapter  Google Scholar 

  133. Singla, A., & Rijsman, B. (2013). Contrail architecture. Juniper Networks, 1–44.

    Google Scholar 

  134. Skowyra, R., Bahargam, S., & Bestavros, A. (2013). Software-defined IDS for securing embedded mobile devices. In 2013 IEEE High Performance Extreme Computing Conference (HPEC) (pp. 1–7). Piscataway, NJ: IEEE.

    Google Scholar 

  135. Smith, M., Dvorkin, M., Laribi, Y., Pandey, V., Garg, P., & Weidenbacher, N. (2014). OpFlex control protocol. IETF.

    Google Scholar 

  136. Snort—network intrusion detection & prevention system. Retrieved September 1, 2018 from https://snort.org, 2018.

  137. Snowden: The NSA planted backdoors in Cisco products, InfoWorld. Retrieved August 1, 2018 from http://infoworld.com/article/2608141/internet-privacy/snowden--the-nsa-planted-backdoors-in-cisco-products.html, 2014.

  138. Sonchack, J., Dubey, A., Aviv, A. J., Smith, J. M., & Keller, E. (2016). Timing-based reconnaissance and defense in software-defined networks. In Proceedings of the 32nd Annual Conference on Computer Security Applications (pp. 89–100). New York, NY: ACM.

    Google Scholar 

  139. Song, H. (2013). Protocol-oblivious forwarding: Unleash the power of SDN through a future-proof forwarding plane. In Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking (pp. 127–132). New York, NY: ACM.

    Chapter  Google Scholar 

  140. Suresh, L., Schulz-Zander, J., Merz, R., Feldmann, A., & Vazao, T. (2012). Towards programmable enterprise WLANS with Odin. In Proceedings of the First Workshop on Hot Topics in Software Defined Networks (pp. 115–120). New York, NY: ACM.

    Chapter  Google Scholar 

  141. SYNful Knock—a Cisco router implant—Part I. https://fireeye.com/blog/threat-research/2015/09/synful_knock-acis.html, 2015.

  142. Tantar, E., Palattella, M. R., Avanesov, T., Kantor, M., & Engel, T. (2014). Cognition: A tool for reinforcing security in software defined networks. In EVOLVE-A Bridge Between Probability, Set Oriented Numerics, and Evolutionary Computation V (pp. 61–78). Berlin: Springer

    MATH  Google Scholar 

  143. Thimmaraju, K., Schiff, L., & Schmid, S. (2017). Outsmarting network security with SDN teleportation. In 2017 IEEE European Symposium on Security and Privacy (EuroS&P) (pp. 563–578). Piscataway, NJ: IEEE.

    Chapter  Google Scholar 

  144. Tootoonchian, A., & Ganjali, Y. (2010). HyperFlow: A distributed control plane for OpenFlow. In Proceedings of the 2010 Internet Network Management Conference on Research on Enterprise Networking (p. 3).

    Google Scholar 

  145. Tootoonchian, A., Gorbunov, S., Ganjali, Y., Casado, M., & Sherwood, R. (2012). On controller performance in software-defined networks. Hot-ICE, 12, 1–6.

    Google Scholar 

  146. Trevisan, M., Drago, I., Mellia, M., Song, H. H., & Baldi, M. (2017). Awesome: Big data for automatic web service management in SDN. IEEE Transactions on Network and Service Management, 15(1), 13–26.

    Article  Google Scholar 

  147. Tsou, T., Yin, H., Xie, H., & Lopez, D. (2012). Use cases for alto with software defined networks.

    Google Scholar 

  148. Vault 7: CIA hacking tools revealed. Retrieved August 1, 2018 from https://wikileaks.org/ciav7p1, 2017.

  149. VMware’s network virtualization poses huge threat to data center switch fabric vendors. Retrieved August 5, 2018 from https://goo.gl/T2qDkL, 2013.

  150. Voellmy, A., & Hudak, P. (2011). Nettle: Taking the sting out of programming network routers. In International Symposium on Practical Aspects of Declarative Languages (pp. 235–249). Berlin: Springer.

    Chapter  Google Scholar 

  151. Voellmy, A., Kim, H., & Feamster, N. (2012). Procera: A language for high-level reactive network control. In Proceedings of the First Workshop on Hot Topics in Software Defined Networks (pp. 43–48). New York, NY: ACM.

    Chapter  Google Scholar 

  152. Voellmy, A., & Wang, J. (2012). Scalable software defined network controllers. ACM SIGCOMM Computer Communication Review, 42(4), 289–290.

    Article  Google Scholar 

  153. Wang, Y., Zhang, Y., Singh, V. K., Lumezanu, C., & Jiang, G. (2013). NetFuse: Short-circuiting traffic surges in the cloud. In 2013 IEEE International Conference on Communications (ICC) (pp. 3514–3518). Piscataway, NJ: IEEE.

    Chapter  Google Scholar 

  154. Wen, X., Chen, Y., Hu, C., Shi, C., & Wang, Y. (2013). Towards a secure controller platform for OpenFlow applications. In Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking (pp. 171–172). New York, NY: ACM.

    Chapter  Google Scholar 

  155. Xing, T., Huang, D., Xu, L., Chung, C. J., & Khatkar, P. (2013). SnortFlow: A OpenFlow-based intrusion prevention system in cloud environment. In Research and Educational Experiment Workshop (GREE), 2013 Second GENI (pp. 89–92). Piscataway, NJ: IEEE.

    Chapter  Google Scholar 

  156. Xing, T., Xiong, Z., Huang, D., & Medhi, D. (2014). SDNIPS: Enabling software-defined networking based intrusion prevention system in clouds. In 2014 10th International Conference on Network and Service Management (CNSM) (pp. 308–311). Piscataway, NJ: IEEE.

    Google Scholar 

  157. Xu, T., Gao, D., Dong, P., Zhang, H., Foh, C. H., & Chao, H. C. (2017). Defending against new-flow attack in SDN-based internet of things. IEEE Access, 5, 3431–3443

    Article  Google Scholar 

  158. Yao, G., Bi, J., Feng, T., Xiao, P., & Zhou, D. (2014). Performing software defined route-based IP spoofing filtering with SEFA. In 2014 23rd International Conference on Computer Communication and Networks (ICCCN) (pp. 1–8). Piscataway, NJ: IEEE.

    Google Scholar 

  159. Yao, G., Bi, J., & Guo, L. (2013). On the cascading failures of multi-controllers in software defined networks. In 2013 21st IEEE International Conference on Network Protocols (ICNP) (pp. 1–2). Piscataway, NJ: IEEE.

    Google Scholar 

  160. Yao, G., Bi, J., & Xiao, P. (2011). Source address validation solution with OpenFlow/NOX architecture. In 2011 19th IEEE International Conference on Network Protocols (ICNP) (pp. 7–12). Piscataway, NJ: IEEE.

    Chapter  Google Scholar 

  161. Yiakoumis, Y., Schulz-Zander, J., & Zhu, J. (2011). Pantou: OpenFlow 1.0 for OpenWRT. http://www.openflow.org/wk/index.php/Open_Flow1.0_forOpenWRT

  162. Yin, H., Xie, H., Tsou, T., Lopez, D., Aranda, P., & Sidi, R. (2012). SDNi: A message exchange protocol for software defined networks (SDNS) across multiple domains. IETF Draft, Work in Progress.

    Google Scholar 

  163. Yoon, C., Lee, S., Kang, H., Park, T., Shin, S., Yegneswaran, V., et al. (2017). Flow wars: Systemizing the attack surface and defenses in software-defined networks. IEEE/ACM Transactions on Networking, 25(6), 3514–3530.

    Article  Google Scholar 

  164. Yoon, C., Park, T., Lee, S., Kang, H., Shin, S., & Zhang, Z. (2015). Enabling security functions with SDN: A feasibility study. Computer Networks, 85, 19–35.

    Article  Google Scholar 

  165. YuHunag, C., MinChi, T., YaoTing, C., YuChieh, C., & YanRen, C. (2010). A novel design for future on-demand service and security. In 2010 12th IEEE International Conference on Communication Technology (ICCT) (pp. 385–388). Piscataway, NJ: IEEE.

    Chapter  Google Scholar 

  166. Zaalouk, A., Khondoker, R., Marx, R., & Bayarou, K. M. (2014). OrchSec: An orchestrator-based architecture for enhancing network-security using network monitoring and SDN control functions. In 2014 IEEE International Conference on Network Operations and Management Symposium (NOMS) (pp. 1–9). Piscataway, NJ: IEEE.

    Google Scholar 

  167. Zerkane, S., Espes, D., Le Parc, P., & Cuppens, F. (2016). Software defined networking reactive stateful firewall. In IFIP International Information Security and Privacy Conference (pp. 119–132). Berlin: Springer.

    Google Scholar 

  168. Zerkane, S., Espes, D., Le Parc, P., & Cuppens, F. (2016). Vulnerability analysis of software defined networking. In International Symposium on Foundations and Practice of Security (pp. 97–116). Berlin: Springer.

    Google Scholar 

  169. Zhang, P., Li, H., Hu, C., Hu, L., & Xiong, L. (2016). Stick to the script: Monitoring the policy compliance of SDN data plane. In 2016 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS) (pp. 81–86). Piscataway, NJ: IEEE.

    Chapter  Google Scholar 

  170. Zhang, P., Li, H., Hu, C., Hu, L., Xiong, L., Wang, R., et al. (2016). Mind the gap: Monitoring the control-data plane consistency in software defined networks. In Proceedings of the 12th International on Conference on Emerging Networking Experiments and Technologies (pp. 19–33). New York, NY: ACM.

    Chapter  Google Scholar 

  171. Zhang, P., Xu, S., Yang, Z., Li, H., Li, Q., Wang, H., et al. (2018). FOCES: Detecting forwarding anomalies in software defined networks. In 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS) (pp. 830–840). Piscataway, NJ: IEEE.

    Chapter  Google Scholar 

  172. Zhang, P., Zhang, C., & Hu, C. (2017). Fast testing network data plane with RuleChecker. In 2017 IEEE 25th International Conference on Network Protocols (ICNP) (pp. 1–10). Piscataway, NJ: IEEE.

    Google Scholar 

  173. Zhang, X., Jain, A., & Perrig, A. (2008). Packet-dropping adversary identification for data plane security. In Proceedings of the 2008 ACM CoNEXT Conference (p. 24). New York, NY: ACM.

    Google Scholar 

  174. Zhang, Z.-K., Cho, M. C. Y., Wang, C.-W., Hsu, C.-W., Chen, C.-K., & Shieh, S. (2014). IoT security: Ongoing challenges and research opportunities. In 2014 IEEE 7th International Conference on Service-Oriented Computing and Applications (SOCA) (pp. 230–234). Piscataway, NJ: IEEE.

    Chapter  Google Scholar 

  175. Zhou, Y., Chen, K., Zhang, J., Leng, J., & Tang, Y. (2018). Exploiting the vulnerability of flow table overflow in software-defined network: Attack model, evaluation, and defense. Security and Communication Networks, 2018, 4760632.

    Google Scholar 

  176. Zhu, S., Bi, J., Sun, C., Wu, C., & Hu, H. (2015). SDPA: Enhancing stateful forwarding for software-defined networking. In 2015 IEEE 23rd International Conference on Network Protocols (ICNP) (pp. 323–333). Piscataway, NJ: IEEE.

    Chapter  Google Scholar 

Download references

Acknowledgements

We acknowledge the useful comments offered by Sandra Scott-Hayward (Queen’s University Belfast, UK) for improving this paper. Arash Shaghaghi acknowledges the Cloud Computing and Distributed Systems Laboratory for hosting his visit at the University of Melbourne, Australia.

Author information

Authors and Affiliations

  1. The University of New South Wales (UNSW Sydney), Sydney, NSW, Australia

    Arash Shaghaghi

  2. The University of Melbourne, Parkville, VIC, Australia

    Arash Shaghaghi & Rajkumar Buyya

  3. CSIRO Data61, Canberra, ACT, Australia

    Mohamed Ali Kaafar

  4. Macquarie University, Sydney, NSW, Australia

    Mohamed Ali Kaafar

  5. The University of New South Wales (UNSW Sydney), Sydney, NSW, Australia

    Sanjay Jha

Authors
  1. Arash Shaghaghi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohamed Ali Kaafar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rajkumar Buyya
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sanjay Jha
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Arash Shaghaghi .

Editor information

Editors and Affiliations

  1. Department of Computer Engineering, National Institute of Technology Kurukshetra, Kurukshetra, India

    Brij B. Gupta

  2. Department of Computer Science, University of Murcia, Catedrático de Universidad, Murcia, Spain

    Gregorio Martinez Perez

  3. Department of Electrical Engineering and Computer Science, University of Cincinnati, Cincinnati, USA

    Dharma P. Agrawal

  4. LoginRadius Inc., Vancouver, BC, Canada

    Deepak Gupta

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Shaghaghi, A., Kaafar, M.A., Buyya, R., Jha, S. (2020). Software-Defined Network (SDN) Data Plane Security: Issues, Solutions, and Future Directions. In: Gupta, B., Perez, G., Agrawal, D., Gupta, D. (eds) Handbook of Computer Networks and Cyber Security. Springer, Cham. https://doi.org/10.1007/978-3-030-22277-2_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-22277-2_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-22276-5

  • Online ISBN: 978-3-030-22277-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation