sdn security: a survey - semantic scholar · presentation outline . 4 queen’s university belfast...
TRANSCRIPT
SDN Security: A Survey
Dr. Sandra Scott-Hayward
SDN4FNS - November 2013
• Research at CSIT
• Security in SDN
• Security Analyses
• Security Enhancement using SDN
• Security Challenges with SDN
• Open Areas for Research
Presentation Outline
4 Queen’s University Belfast Research Groups - Digital Communications - High Frequency Electronics - Speech, Imaging and Vision Systems - Secure Digital Systems
ECIT Institute (Est.2003)
Research Excellence & Innovation
180 people
NETWORK SECURITY OPEN INNOVATION
TIERED MEMBERSHIP
KNOWLEDGE TRANSFER
VENTURE CREATION
CSIT (Est.2009)
DATA SECURITY
CYBER PHYSICAL SYSTEMS
MOBILE SECURITY
A GLOBAL
INNOVATION HUB FOR
CYBER SECURITY
Est.2009, Based in The ECIT Institute
Initial funding over £30M
80 People
• Researchers
• Engineers
• Business Development
Largest UK University lab for cyber security
technology research
GCHQ Academic Centre of Excellence
Industry Informed
• Open Innovation Model
Strong international links
• ETRI, CyLab, GTRI, SRI International
• Cyber Security Technology Summit
Centre for Secure Information
Technologies (CSIT)
Network Security Systems
Network Security
• IDS / IPS, DDoS mitigation
Cloud Security
• SDN, Virtualisation
SCADA & Smart Grid Security
• DDoS mitigation
Mobile Malware Analysis
• Reverse engineering
• Signature extraction
Prof. Sakir Sezer – Research Director
SDN Architecture
Sezer, S., et al. “Are We Ready for SDN? Implementation Challenges for Software-Defined Networks” IEEE Communications Magazine, July 2013
SDN Architecture
SANE Architecture
SANE = Secure Architecture for the Networked Enterprise
2006 – M. Casado et al.
• Logically Centralized Server
• Trusted Domain
Controller (DC)
• Providing routing and
access control decisions
• Access Control Policies
• Authentication of Hosts and
Policy Enforcement
• Principle of least privilege and
least knowledge
Casado, M. et al. “SANE: A Protection Architecture for Enterprise Networks” USENIX Security Symposium, 2006
Categorization of SDN Security
Issues
Categorization of SDN Security
Research
Scott-Hayward, S., O’Callaghan, G. and Sezer, S. “SDN Security: A Survey” IEEE SDN4FNS, November 2013
• Moving Target Defense
• Exploiting the dynamic and adaptive capabilities of SDN
• Trust (Application-Enabled SDN)
• Application-Control Interface and Control-Data
Interface
• Securing the Network Map
Open Research Areas
Thank you!
Questions?
CSIT: A Global Cyber Innovation Hub
Thought leader in Secure Information Technology Research
Network of Commercial & Research partnerships
Portfolio of successful Technology Transfer