Software-Defined Network (SDN) Data Plane Security: Issues, Solutions and Future Directions

TL;DR

This paper reviews security issues in SDN data planes, formalizes challenges, surveys existing solutions, and suggests future research directions to enhance SDN security.

Contribution

It formalizes SDN data plane security challenges, analyzes threats, reviews existing solutions, and proposes future research directions.

Findings

SDN data plane faces significant security vulnerabilities.

Existing solutions have limitations in addressing threats.

Future research is needed for robust SDN data plane security.

Abstract

Software-Defined Network (SDN) radically changes the network architecture by decoupling the network logic from the underlying forwarding devices. This architectural change rejuvenates the network-layer granting centralized management and re-programmability of the networks. From a security perspective, SDN separates security concerns into control and data plane, and this architectural recomposition brings up exciting opportunities and challenges. The overall perception is that SDN capabilities will ultimately result in improved security. However, in its raw form, SDN could potentially make networks more vulnerable to attacks and harder to protect. In this paper, we focus on identifying challenges faced in securing the data plane of SDN - one of the least explored but most critical components of this technology. We formalize this problem space, identify potential attack scenarios while highlighting possible vulnerabilities and establish a set of requirements and challenges to protect the data plane of SDNs. Moreover, we undertake a survey of existing solutions with respect to the identified threats, identifying their limitations and offer future research directions.