A Systematic Approach to Threat Modeling and Security Analysis for Software Defined Networking
Software Defined Networking (SDN) extends capabilities of existing networks by providing various functionalities, such as flexible networking controls. However, there are many security threat vectors in SDN, including existing and emerging ones arising from new functionalities, that may hinder the u...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2019-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/8827471/ |
| id |
doaj-5978dd81439640538a2eabdc37869c70 |
|---|---|
| record_format |
Article |
| spelling |
doaj-5978dd81439640538a2eabdc37869c702021-03-29T23:13:18ZengIEEEIEEE Access2169-35362019-01-01713743213744510.1109/ACCESS.2019.29400398827471A Systematic Approach to Threat Modeling and Security Analysis for Software Defined NetworkingTaehoon Eom0https://orcid.org/0000-0001-5409-1567Jin B. Hong1https://orcid.org/0000-0003-1359-3813Seongmo An2Jong Sou Park3Dong Seong Kim4Department of Computer Engineering, Korea Aerospace University, Goyang, South KoreaDepartment of Computer Science and Software Engineering, The University of Western Australia, Perth, WA, AustraliaDepartment of Computer Engineering, Korea Aerospace University, Goyang, South KoreaDepartment of Computer Engineering, Korea Aerospace University, Goyang, South KoreaSchool of Information Technology and Electrical Engineering, The University of Queensland, Brisbane, QLD, AustraliaSoftware Defined Networking (SDN) extends capabilities of existing networks by providing various functionalities, such as flexible networking controls. However, there are many security threat vectors in SDN, including existing and emerging ones arising from new functionalities, that may hinder the use of SDN. To tackle this problem, many countermeasures have been developed to mitigate various threats faced in SDN. However, their effectiveness must be analyzed and compared to fully understand how security posture of SDN changes when the countermeasure is adopted. Also, it becomes difficult to optimize the security of SDN without using a systematic approach to evaluate the security posture of SDN. In this paper, we propose a novel framework to systematically model and analyze the security posture of SDN. We develop a novel graphical security model formalism named Threat Vector Hierarchical Attack Representation Model (TV-HARM), which provides a systematic approach to evaluate threats, attacks and countermeasures for SDN. The TV-HARM captures different threats and their combinations, enabling security risk assessment of SDN. In addition, we define three new security metrics to represent security of SDN. Our experimental results showed that the proposed security assessment framework can capture and evaluate various security threats to SDN, demonstrating the applicability and feasibility of the proposed framework.https://ieeexplore.ieee.org/document/8827471/Attack graphsgraphical security modelssecurity analysissoftware defined networking |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Taehoon Eom Jin B. Hong Seongmo An Jong Sou Park Dong Seong Kim |
| spellingShingle |
Taehoon Eom Jin B. Hong Seongmo An Jong Sou Park Dong Seong Kim A Systematic Approach to Threat Modeling and Security Analysis for Software Defined Networking IEEE Access Attack graphs graphical security models security analysis software defined networking |
| author_facet |
Taehoon Eom Jin B. Hong Seongmo An Jong Sou Park Dong Seong Kim |
| author_sort |
Taehoon Eom |
| title |
A Systematic Approach to Threat Modeling and Security Analysis for Software Defined Networking |
| title_short |
A Systematic Approach to Threat Modeling and Security Analysis for Software Defined Networking |
| title_full |
A Systematic Approach to Threat Modeling and Security Analysis for Software Defined Networking |
| title_fullStr |
A Systematic Approach to Threat Modeling and Security Analysis for Software Defined Networking |
| title_full_unstemmed |
A Systematic Approach to Threat Modeling and Security Analysis for Software Defined Networking |
| title_sort |
systematic approach to threat modeling and security analysis for software defined networking |
| publisher |
IEEE |
| series |
IEEE Access |
| issn |
2169-3536 |
| publishDate |
2019-01-01 |
| description |
Software Defined Networking (SDN) extends capabilities of existing networks by providing various functionalities, such as flexible networking controls. However, there are many security threat vectors in SDN, including existing and emerging ones arising from new functionalities, that may hinder the use of SDN. To tackle this problem, many countermeasures have been developed to mitigate various threats faced in SDN. However, their effectiveness must be analyzed and compared to fully understand how security posture of SDN changes when the countermeasure is adopted. Also, it becomes difficult to optimize the security of SDN without using a systematic approach to evaluate the security posture of SDN. In this paper, we propose a novel framework to systematically model and analyze the security posture of SDN. We develop a novel graphical security model formalism named Threat Vector Hierarchical Attack Representation Model (TV-HARM), which provides a systematic approach to evaluate threats, attacks and countermeasures for SDN. The TV-HARM captures different threats and their combinations, enabling security risk assessment of SDN. In addition, we define three new security metrics to represent security of SDN. Our experimental results showed that the proposed security assessment framework can capture and evaluate various security threats to SDN, demonstrating the applicability and feasibility of the proposed framework. |
| topic |
Attack graphs graphical security models security analysis software defined networking |
| url |
https://ieeexplore.ieee.org/document/8827471/ |
| work_keys_str_mv |
AT taehooneom asystematicapproachtothreatmodelingandsecurityanalysisforsoftwaredefinednetworking AT jinbhong asystematicapproachtothreatmodelingandsecurityanalysisforsoftwaredefinednetworking AT seongmoan asystematicapproachtothreatmodelingandsecurityanalysisforsoftwaredefinednetworking AT jongsoupark asystematicapproachtothreatmodelingandsecurityanalysisforsoftwaredefinednetworking AT dongseongkim asystematicapproachtothreatmodelingandsecurityanalysisforsoftwaredefinednetworking AT taehooneom systematicapproachtothreatmodelingandsecurityanalysisforsoftwaredefinednetworking AT jinbhong systematicapproachtothreatmodelingandsecurityanalysisforsoftwaredefinednetworking AT seongmoan systematicapproachtothreatmodelingandsecurityanalysisforsoftwaredefinednetworking AT jongsoupark systematicapproachtothreatmodelingandsecurityanalysisforsoftwaredefinednetworking AT dongseongkim systematicapproachtothreatmodelingandsecurityanalysisforsoftwaredefinednetworking |
| _version_ |
1724189867090378752 |