ANCHOR: logically-centralized security for Software-Defined Networks

  title={ANCHOR: logically-centralized security for Software-Defined Networks},
  author={D. Kreutz and Jiangshan Yu and Fernando M. V. Ramos and P. Ver{\'i}ssimo},
  journal={ACM Trans. Priv. Secur.},
While the centralization of SDN brought advantages such as a faster pace of innovation, it also disrupted some of the natural defenses of traditional architectures against different threats. The literature on SDN has mostly been concerned with the functional side, despite some specific works concerning non-functional properties like 'security' or 'dependability'. Though addressing the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to efficiency and effectiveness problems… Expand
SDN-Based Secure Architecture for IoT
Internet of things (IoT) means connecting things through the internet. The growing market for IoT also attracts malicious individuals trying to gain access to the marketplace. Security issues areExpand
An Effective Multifactor Authentication Mechanism Based on Combiners of Hash Function over Internet of Things
The proposed CMA solution mitigates the authentication vulnerabilities of IoT and defends against several types of attacks, and achieves multi-property robustness and preserves the collision-resistance, the pseudo-randomness, the message authentication code, and the one-wayness. Expand
Lightweight Digital Certificate Management and Efficacious Symmetric Cryptographic Mechanism over Industrial Internet of Things
The certificate authority, a trusted entity, issues digital certificates which contain identity credentials to help Industrial Internet of Things (IIoT) devices to represent their authenticity in aExpand
SDN-Enabled Cyber-Physical Security in Networked Microgrids
Extensive tests show that SDASD can detect and mitigate malicious attacks online and serve as a powerful safeguard for monitoring and protecting future NMs. Expand
Sistema para Autenticação entre Clientes, Técnicos e ISPs
Resumo. O processo de suporte dos Internet Service Providers (ISPs) regionais ainda costuma utilizar protocolos frágeis de autenticação, como as carteirinhas fı́sicas (ou virtuais) baseadas em dadosExpand
Introdução à Verificação Automática de Protocolos de Segurança com Scyther
Os protocolos de segurança representam o alicerce das comunicações realizadas na Internet. Um dos principais desafios no projeto desses protocolos é garantir a sua própria segurança. Para superarExpand


The KISS principle in Software-Defined Networking: An architecture for Keeping It Simple and Secure
This paper investigates the impact of essential security primitives on control plane performance and proposes a lightweight security architecture specifically tailored to SDN, which is less complex, prone to be more robust, with a code footprint one order of magnitude smaller, and outperforming reference alternatives such as OpenSSL. Expand
Securing software defined networks: taxonomy, requirements, and open issues
The state-of-the-art security solutions proposed to secure SDNs are discussed, with a thematic taxonomy based on SDN layers/interfaces, security measures, simulation environments, and security objectives. Expand
Towards secure and dependable software-defined networks
This paper describes several threat vectors that may enable the exploit of SDN vulnerabilities and sketches the design of a secure and dependable SDN control platform as a materialization of the concept here advocated. Expand
Securing the Software Defined Network Control Layer
This work proposes the design of security extensions at the control layer to provide the security management and arbitration of conflicting flow rules that arise when multiple applications are deployed within the same network. Expand
Comparative Analysis of Control Plane Security of SDN and Conventional Networks
The concrete security analysis suggests that a distributed SDN architecture that supports fault tolerance and consistency checks is important for SDN control plane security, and provides a framework for comparative analysis which focuses on essential network properties required by typical production networks. Expand
Security in Software Defined Networks: A Survey
This paper analyzes security threats to application, control, and data planes of SDN and describes the security platforms that secure each of the planes followed by various security approaches for network-wide security in SDN. Expand
FRESCO: Modular Composable Security Services for Software-Defined Networks
This paper introduces FRESCO, an OpenFlow security application development framework designed to facilitate the rapid design, and modular composition of OF-enabled detection and mitigation modules, and demonstrates the utility of FRESCO through the implementation of several well-known security defenses as Open Flow security services. Expand
A survey on OpenFlow-based Software Defined Networks: Security challenges and countermeasures
This survey aims to give particular attention to OpenFlow-based SDN and present an up-to-date view to existing security challenges and countermeasures in the literature and attempts to simulate more research attention to these issues in future OpenFlow and SDN development. Expand
OpenFlow: A security analysis
This work performs a security analysis of OpenFlow using STRIDE and attack tree modeling methods, and proposes appropriate counter-measures that can potentially mitigate the security issues associated with OpenFlow networks. Expand
Security analysis of OpenDaylight, ONOS, Rosemary and Ryu SDN controllers
A snapshot of current development in security aspect of SDN controllers is provided such that it may help SDN controller developers to identify the issues and rectify the same in future releases. Expand