Hardening Software Defined Networks
Abstract
Software Defined Networking (SDN) presents an extremely rare point of inflection which offers the potential to leverage the economics of SDN to harden the network as a whole. Utilizing this inflection point requires security technologies that have two characteristics. First, security technologies must be incentive-aligned for initial adoption. Securing SDN requires designing technologies that provide immediate returns for the early adopters. Compare with BGPSEC, which helps only peers and not the investing organization. We have a demonstration providing risk-aware routing given the previous RIB. Second, the technologies must function without complete adoption. And of course, third, these must be resilient against attack. Compare with egress filtering, which works with ISP adoption. We offer a proof of concept showing herd immunity to classes of DoS attacks with partial adoption by second-tier ISP s. Failing to secure next-generation networks risks increasingly vulnerable cyber=physical systems, including homes and even individual persons as the internet of things is diffused to households and surgeries. We focused on six use cases: data centers, then large ISPs, an IXP case, two cyber-physical cases, and the case of the next generation battlefield. The two cyber-physical cases were international airports and industrial control systems.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jul 01, 2014
- Accession Number
- ADA607173
Entities
People
- Ander Odlyzko
- Carl Timothy Kelley
- Chris Hall
- Chris Small
- Jean Camp
- Ross Anderson
- Zhi-lang Zhang
Organizations
- Indiana University