Chinese Journal of Network and Information Security ›› 2018, Vol. 4 ›› Issue (11): 1-12.doi: 10.11959/j.issn.2096-109x.2018087
• Comprehensive Reviews • Next Articles
Zhongfu GUO1,Xingming ZHANG1,Bo ZHAO1,Sunan WANG2
Revised:
2018-09-10
Online:
2018-11-15
Published:
2019-01-03
Supported by:
CLC Number:
Zhongfu GUO, Xingming ZHANG, Bo ZHAO, Sunan WANG. Survey of software-defined networking data plane security[J]. Chinese Journal of Network and Information Security, 2018, 4(11): 1-12.
[1] | MEDVED J , VARGA R , TKACIK A ,et al. Opendaylight:towards a model-driven sdn controller architecture[C]// 2014 IEEE 15th International Symposium on. IEEE, 2014: 1-6. |
[2] | BERDE P , GEROLA M , HART J ,et al. ONOS:towards an open,distributed SDN OS[C]// The Third Workshop on Hot topics in Software Defined Networking. 2014: 1-6. |
[3] | TOOTOONCHIAN A , GANJALI Y . HYPERFLOW:a distributed control plane for openflow[C]// 2010 Internet Network Management Conference on Research on Enterprise Networking. 2010:3. |
[4] | Heller B. . Openflow switch specification,version 1.0.0[J]. Wire, 2009,12. |
[5] | FUNDATION O N . The benefits of multiple flow tables and ttps[R]. 2015. |
[6] | BOSSHART P , GIBB G , KIM H S ,et al. Forwarding metamorphosis:fast programmable match-action processing in hardware for SDN[C]// ACM sigcomm Computer Communication Review. 2013 99-110. |
[7] | ZAL M , KLEBAN J . Performance evaluation of OpenFlow devices[J]. 2014. |
[8] | BAKTIR A C , OZGOVDE A , ERSOY C . Implementing service-centric model with P4:a fully-programmable approach[C]// IEEE/IFIP Network Operations and Management Symposium. 2018: 1-6. |
[9] | SONG H , . Protocol-oblivious forwarding:unleash the power of SDN through a future-proof forwarding plane[C]// The Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. 2013: 127-132. |
[10] | BIANCHI G , BONOLA M , CAPONE A ,et al. OpenState:programming platform-independent stateful openflow applications inside the switch[J]. ACM sigcomm Computer Communication Review, 2014,44(2): 44-51. |
[11] | BIANCHI G , BONOLA M , PONTARELLI S ,et al. Open packet processor:a programmable architecture for wire speed platformindependent stateful in-network processing[R]. 2016. |
[12] | MOSHREF M , BHARGAVA A , GUPTA A ,et al. Flow-level state transition as a new switch primitive for SDN[C]// The third WorkShop on Hot Topics in Software Defined Networking. 2014: 61-66. |
[13] | ZHU S , BI J , SUN C ,et al. Sdpa:enhancing stateful forwarding for software-defined networking[C]// IEEE 23rd International Conference on Network Protocols(ICNP). 2015: 323-333. |
[14] | HU H , HAN W , AHN G J ,et al. FLOWGUARD:building robust firewalls for software-defined networks[C]// The Third Workshop on Hot Topics in Software Defined Networking. 2014: 97-102. |
[15] | CHANG Y , LIN T . Cloud-clustered firewall with distributed SDN devices[C]// IEEE Wireless Communications and Networking Conference(WCNC). 2018: 1-5. |
[16] | KIRAVUO T , SARELA M , MANNER J . A survey of Ethernet LAN security[J]. IEEE Communications Surveys & Tutorials, 2013,15(3): 1477-1491. |
[17] | AHLGREN B , DANNEWITZ C , IMBRENDA C ,et al. A survey of information-centric networking[J]. IEEE Communications Magazine, 2012,50(7). |
[18] | ZIER L , FISCHER W , BROCKNERS F . Ethernet-based public communication services:challenge and opportunity[J]. IEEE Communications Magazine, 2004,42(3): 88-95. |
[19] | OLIVIER F , CARLOS G , FLORENT N . New security architecture for IoT network[J]. Procedia Computer Science, 2015,52: 1028-1033. |
[20] | KHAN S , GANI A , WAHAB A W A ,et al. Software-defined network forensics:motivation,potential locations,requirements,and challenges[J]. IEEE Network, 2016,30(6): 6-13. |
[21] | CHOWDHARY A , PISHARODY S , HUANG D . SDN based scalable mtd solution in cloud network[C]// Proceedings of the 2016 ACM Workshop on Moving Target Defense. ACM, 2016: 27-36. |
[22] | YAN Q , YU F R , GONG Q ,et al. Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments:a survey,some research issues,and challenges[J]. IEEE Communications Surveys & Tutorials, 2016,18(1): 602-622. |
[23] | CAPONE A , CASCONE C , NGUYEN A Q T ,et al. Detour planning for fast and reliable failure recovery in SDN with OpenState[C]// 2015 11th International Conference on the Design of Reliable Communication Networks (DRCN), 2015: 25-32. |
[24] | KATTA N , HIRA M , KIM C ,et al. Hula:scalable load balancing using programmable data planes[C]// The Symposium on SDN Research. 2016:10. |
[25] | BIANCHI G , BONOLA M , CAPONE A ,et al. OpenState:programming platform-independent stateful openflow applications inside the switch[J]. ACM sigcomm Computer Communication Review, 2014,44(2): 44-51. |
[26] | ARASHLOO M T , KORAL Y , GREENBERG M ,et al. SNAP:stateful network-wide abstractions for packet processing[C]// The 2016 ACM SIGCOMM Conference. ACM, 2016: 29-43. |
[27] | ARASHLOO M T , KORAL Y , GREENBERG M ,et al. SNAP:stateful network-wide abstractions for packet processing[C]// The 2016 ACM SIGCOMM Conference. ACM, 2016: 29-43. |
[28] | DARGAHI T , CAPONI A , AMBROSIN M ,et al. A survey on the security of stateful SDN data planes[J]. IEEE Communications Surveys & Tutorials, 2017,19(3): 1701-1725. |
[29] | LEVIN D , WUNDSAM A , HELLER B ,et al. Logically centralized? state distribution trade-offs in software defined networks[C]// The First Workshop on Hot Topics in Software Defined Networks. 2012: 1-6. |
[30] | PERE?í , Ni P , KUZNIAr M , KOSTI? D . Rule-level data plane monitoring with monocle[C]// ACM sigcomm Computer Communication Review. 2015,45(4): 595-596. |
[31] | KU? , NIAR M , PERE?íNi P , KOSTI? D , . What you need to know about SDN flow tables[C]// International Conference on Passive and Active Network Measurement. 2015: 347-359. |
[32] | ZHANG Y , BEHESHTI N , TATIPAMULA M . On resilience of split-architecture networks[C]// Global Communications Conference,GLOBECOM. 2011: 1-6. |
[33] | ZHOU Y , CHEN K , ZHANG J ,et al. Exploiting the vulnerability of flow table overflow in software-defined network:attack model,evaluation,and defense[J]. Security and Communication Networks, 2018,2018. |
[34] | KLOTI R , KOTRONIS V , SMITH P . Openflow:a security analysis[C]// 2013 21st IEEE International Conference on Network Protocols (ICNP), 2013: 1-6. |
[35] | YOON C , LEE S , KANG H ,et al. Flow wars:systemizing the attack surface and defenses in software-defined networks[J]. IEEE/ACM Transactions on Networking, 2017,25(6): 3514-3530. |
[36] | SCOTT-HAYWARD S , NATARAJAN S , SEZER S . A survey of security in software defined networks[J]. IEEE Communications Surveys & Tutorials, 2016,18(1): 623-654. |
[37] | BENTON K , CAMP L J,SMALL,C . Openflow vulnerability assessment[C]// The Second ACM SIGCOMM Workshop on Hot topics in Software Defined Networking ACM, 2013: 151-152. |
[38] | LIN P C , LI P C , NGUYEN V L . Inferring OpenFlow rules by active probing in software-defined networks[C]// 2017 19th International Conference on Advanced Communication Technology (ICACT), 2017: 415-420. |
[39] | NIST:CVE-2014-9295 Detail[EB/OL]. , 2014. |
[40] | KLOTI R , KOTRONIS V , SMITH P . Openflow:a security analysis[C]// IEEE International Conference on In Network Protocols (ICNP), 2013: 1-6. |
[41] | KREUTZ D , RAMOS F , VERISSIMO P . Towards secure and dependable software-defined networks[C]// The Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. 2013: 55-60. |
[42] | MCKEOWN N , ANDERSON T , BALAKRISHNAN H ,et al. OpenFlow:enabling innovation in campus networks[J]. ACM SIGCOMM Computer Communication Review, 2008,38(2): 69-74. |
[43] | KIM T H J , BASESCU C , JIA L ,et al. Lightweight source authentication and path validation[C]// ACM sigcomm Computer Communication Review. 2014,44(4): 271-282. |
[44] | KIRKPATRICK K . Software-defined networking[J]. Communications of the ACM, 2013,56(9): 16-19. |
[45] | KLOTI R , KOTRONIS V , SMITH P . Openflow:a security analysis[C]// IEEE International Conference on Network Protocols(ICNP). 2013: 1-6. |
[46] | SHAGHAGHI A , KAAFAR M A , JHA S . Wedgetail:an intrusion prevention system for the data plane of software defined networks[C]// 2017 ACM on Asia Conference on Computer and Communications Security. 2017: 849-861. |
[47] | DHAWAN M , PODDAR R , MAHAJAN K ,et al. Sphinx:detecting security attacks in software-defined networks[C]// NDSS. 2015. |
[48] | KAZEMIAN P , CHAN M , ZENG H ,et al. Real time network policy checking using header space analysis[C]// NSDI. 2013: 99-111. |
[49] | KAZEMIAN P , VARGHESE G , MCKEOWN N . Header space analysis:static checking for networks[C]// NSDI. 2012: 113-126. |
[50] | KHURSHID A , ZHOU W , CAESAR M ,et al. Veriflow:Verifying network-wide invariants in real time[C]// The First Workshop on Hot Topics in Software Defined Networks. ACM, 2012: 49-54. |
[51] | MAI H , KHURSHID A , AGARWAl R ,et al. Debugging the data plane with anteater[C]// ACM SIGCOMM Computer Communication Review. 2011,41(4): 290-301. |
[52] | KIM T H J , BASESCU C , JIA L ,et al. Lightweight source authentication and path validation[C]// ACM SIGCOMM Computer Communication Review. ACM, 2014,44(4): 271-282. |
[53] | LIU X , LI A , YANG X ,et al. Passport:secure and adoptable source authentication[C]// NSDI. 2008,8: 365-378. |
[54] | NAOUS J , WALFISH M , NICOLOSI A ,et al. Verifying and enforcing network paths with icing[C]// The Seventh Conference on Emerging Networking Experiments and Technologies. 2011:30. |
[55] | SASAKI T , PAPPAS C , LEE T ,et al. SDNsec:Forwarding accountability for the SDN data plane[C]// 25th International Conference on Computer Communication and Networks (ICCCN). 2016: 1-10. |
[56] | ZHANG X , ZHOU Z , HSIAO H C ,et al. ShortMAC:efficient Data-Plane Fault Localization[C]// NDSS. 2012. |
[57] | AVRAMOPOULOS I , KOBAYASHI H , WANG R ,et al. Highly secure and efficient routing[C]// Twentythird Annual Joint Conference of the IEEE Computer and Communications Societies. IEEE, 2004,1. |
[58] | MAHAJAN R , RODRIG M , WETHERALL D ,et al. Sustaining cooperation in multi-hop wireless networks[C]// The 2nd Conference on Symposium on Networked Systems Design & Implementation-Volume 2. 2005: 231-244. |
[59] | AGARWAL K , ROZNER E , DIXON C ,et al. SDN traceroute:Tracing SDN forwarding without changing network behavior[C]// The third Workshop on Hot Topics in Software Defined Networking. ACM, 2014: 145-150. |
[60] | AWERBUCH B , CURTMOLA R , HOLMER D ,et al. ODSBR:an on-demand secure Byzantine resilient routing protocol for wireless ad hoc networks[J]. ACM Transactions on Information and System Security (TISSEC), 2008,10(4): 6-1. |
[61] | PADMANABHAN V N , SIMON D R . Secure traceroute to detect faulty or malicious routing[J]. ACM SIGCOMM Computer Communication Review, 2003,33(1): 77-82. |
[62] | LIU K , DENG J , VARSHNEY P K ,et al. An ackno-wledgmentbased approach for the detection of routing misbehavior in MANETs[J]. IEEE Transactions on Mobile Computing, 2007,6(5): 536-550. |
[63] | MARTI S , GIULI T J , LAI K ,et al. Mitigating routing misbehavior in mobile ad hoc networks[C]// The 6th Annual International Conference on Mobile Computing and Networking. 2000: 255-265. |
[64] | ZHANG X , JAIN A , PERRIG A . Packet-dropping adversary identification for data plane security[C]// 2008 ACM CoNEXT Conference. ACM, 2008:24. |
[65] | PELEKIS N , KOPANAKIS I , PANAGIOTAKIS C ,et al. Unsupervised trajectory sampling[J]. Machine Learning and Knowledge Discovery in Databases, 2010: 17-33. |
[66] | HANDIGOL N , HELLER B , JEYAKUMAR V ,et al. I know what your packet did last hop:using packet histories to troubleshoot networks[C]// NSDI. 2014,14: 71-85. |
[67] | KAZEMIAN P , CHANG M , ZENG H ,et al. Real time network policy checking using header space analysis[C]// The 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI 13). 2013: 99-111. |
[68] | KAZEMIAN P , VARGHESE G , MCKEOWN N . Header space analysis:Static checking for networks[C]// The 9th USENIX Symposium on Networked Systems Design and Implementation (NSDI 12). 2012: 113-126. |
[69] | KHURSHID A , ZOU X , ZHOU W ,et al. Veriflow:Verifying network-wide invariants in real time[C]// The 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI 13). 2013: 15-27. |
[70] | MAI H , KHURSHID A , AGARWAL R ,et al. Debugging the data plane with anteater[C]// ACM SIGCOMM Computer Communication Review. 2011: 290-301. |
[71] | THIMMARAJU K , SCHIFF L , SCHMID S . Outsmarting network security with SDN teleportation[C]// IEEE European Symposium on Security and Privacy (EuroS&P). 2017: 563-578. |
[72] | HONG S , XU L , WANG H ,et al. Poisoning network visibility in software-defined networks:new attacks and countermeasures[C]// NDSS. 2015: 8-11. |
[73] | XIA W , WEN Y , FOH C H ,et al. A survey on software-defined networking[J]. IEEE Communications Surveys & Tutorials, 2015,17(1): 27-51. |
[74] | JACOBSON V , SMETTERS D K , THORNTON J D ,et al. Networking named content[C]// The 5th International Conference on Emerging Networking Experiments and Technologies. 2009: 1-12. |
[75] | AHLGREN B , DANNEWITZ C , IMBRENDA C ,et al. A survey of information-centric networking[J]. IEEE Communications Magazine, 2012,50(7). |
[76] | ABDALLAH E G , HASSANEIN H S , ZULKERNINE M . A survey of security attacks in information-centric networking[J]. IEEE Communications Surveys & Tutorials, 2015,17(3): 1441-1454. |
[77] | COMPAGNO A , CONTI M , GASTI P ,et al. Poseidon:mitigating interest flooding DDoS attacks in named data networking[C]// 2013 IEEE 38th Conference on Local Computer Networks (LCN). 2013: 630-638. |
[1] | Xianyi CHEN, Jun GU, Kai YAN, Dong JIANG, Linfeng XU, Zhangjie FU. Double adversarial attack against license plate recognition system [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 16-27. |
[2] | Tianpeng YE, Xiang LIN, Jianhua LI, Xuankai ZHANG, Liwen XU. Personalized lightweight distributed network intrusion detection system in fog computing [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 28-37. |
[3] | Lijun ZU, Yalin CAO, Xiaohua MEN, Zhihui LYU, Jiawei YE, Hongyi LI, Liang ZHANG. Adaptive selection method of desensitization algorithm based on privacy risk assessment [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 49-59. |
[4] | Ruiqi XIA, Manman LI, Shaozhen CHEN. Identification on the structures of block ciphers using machine learning [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 79-89. |
[5] | Jingyi YUAN, Zichuan LI, Guojun PENG. EN-Bypass: a security assessment method on e-mail user interface notification [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 90-101. |
[6] | Feng YU, Qingxin LIN, Hui LIN, Xiaoding WANG. Privacy-enhanced federated learning scheme based on generative adversarial networks [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 113-122. |
[7] | Chuntao ZHU, Chengxi YIN, Bolin ZHANG, Qilin YIN, Wei LU. Forgery face detection method based on multi-domain temporal features mining [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 123-134. |
[8] | Xiaomeng LI, Daidou GUO, Xunfang ZHUO, Heng YAO, Chuan QIN. Carrier-independent screen-shooting resistant watermarking based on information overlay superimposition [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 135-149. |
[9] | Zhao CAI, Tao JING, Shuang REN. Survey on Ethereum phishing detection technology [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 21-32. |
[10] | Yan PAN, Wei LIN, Yuefei ZHU. Progressive active inference method of protocol state machine [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 81-93. |
[11] | Pan YANG, Fei KANG, Hui SHU, Yuyao HUANG, Xiaoshao LYU. Binary program taint analysis optimization method based on function summary [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 115-131. |
[12] | Tian XIAO, Zhihao JIANG, Peng TANG, Zheng HUANG, Jie GUO, Weidong QIU. High-performance directional fuzzing scheme based on deep reinforcement learning [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 132-142. |
[13] | Chenghao YUAN, Yong LI, Shuang REN. Dynamic multi-keyword searchable encryption scheme [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 143-153. |
[14] | Zezhou HOU, Jiongjiong REN, Shaozhen CHEN. Security evaluation for parameters of SIMON-like cipher based on neural network distinguisher [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 154-163. |
[15] | Xuejing GUO, Yixiang FANG, Yi ZHAO, Tianzhu ZHANG, Wenchao ZENG, Junxiang WANG. Traditional guidance mechanism based deep robust watermarking [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 175-183. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|