ENHANCING SECURITY IN SOFTWARE-DEFINED NETWORKING THROUGH ROUTING TECHNIQUES EXPLORATION
DOI:
https://doi.org/10.20998/2079-0023.2023.01.02Keywords:
SDN, CVSS, vulnerability, NFV, data plane, NVD, Software-Defined NetworkingAbstract
In today's world, network security is a key issue of information security. Virtual Networks have become an integral part of modern IT infrastructure, which presents us with challenges in the field of security. One solution to this problem is the use of software-defined networking (SDN), which provides a means to control and manage network traffic. However, as with any technology, SDN has its vulnerabilities that must be considered when deploying it. One of the tools that helps to take into account the vulnerabilities of network infrastructure is the Common Vulnerability Scoring System (CVSS) standard. It allows you to quantify the level of vulnerability of the infrastructure, which enables effective network protection. Analysis of the CVSS standard is an important stage in the development of a network security strategy. This paper analyzes the standards for building software-configured networks. It is noted that SDN is a modern approach to the design, construction, and operation of information communication networks. Using SDN makes it possible to directly program and dynamically manage the network, as well as to abstract the functionality of the infrastructure layer. However, the growing interest in SDN has revealed the shortcomings of their application in the fight against cybersecurity threats. The SDN architecture itself, external malicious attacks, and insufficient access control and encryption tools were found to be the main security challenges. The use of secure routing tools based on vulnerability metrics is proposed to increase the level of SDN data plane network security. According to the conducted analysis of SDN data plane vulnerabilities and the functionality of routing tools, the authors recommend using the CVSS standard to quantify the level of infrastructure vulnerability during the development and research of promising approaches to secure routing in the data plane of software-configured networks.
References
Sabella A., Irons-Mclean R., Yannuzzi M. Orchestrating and automating security for the internet of things: Delivering advanced security capabilities from edge to cloud for IoT. Cisco Press, 2018, 1008 p.
Kurose J. F., Ross K. Computer networking. 8th Edition. Pearson, 2020. 775 p.
The Alliance for Telecommunications Industry Solutions (ATIS). URL: http://www.atis.org/ (accessed 03.05.2023).
The Broadband Forum Member (BBF). URL: https://www.broadband-forum.org/ (accessed 03.05.2023).
The European Telecommunications Standards Institute (ETSI). URL: http://www.etsi.org/technologies-clusters/technologies/nfv (accessed 03.05.2023).
The Institute of Electrical and Electronics Engineers (IEEE). URL: https://sdn.ieee.org (accessed 03.05.2023).
The International Council on Large Electrical Systems (CIGRE). URL: http://www.cigre.org/ (accessed 03.05.2023).
The International Telecommunication Union Telecommunication Standardization Sector (ITU-T). URL: http://www.itu.int/en/ITU-T/sdn/Pages/default.aspx (accessed 03.05.2023).
The Internet Engineering Taskforce (IETF). URL: https://ietf.org.
The Internet Research Task Force (IRTF). URL: https://irtf.org/concluded/sdnrg (accessed 03.05.2023).
The Internet Society (ISOC). URL: https://www.internetsociety.org/ (accessed 03.05.2023).
The Metro Ethernet Forum (MEF). URL: https://mef.net/ (accessed 03.05.2023).
The Open Data Centre Alliance (ODCA). URL: https://opendatacenteralliance.org/ (accessed 03.05.2023).
OpenDaylight. URL: https://www.opendaylight.org/ (accessed 03.05.2023).
The Open Networking Foundation (ONF). URL: https://www.opennetworking.org/ (accessed 03.05.2023).
The Open Platform for NFV (OPNFV). URL: https://www.opnfv.org.
The Optical Internetworking Forum (OIF). URL: http://www.oiforum.com/ (accessed 03.05.2023).
Liu Y., Zhao B., Zhao P., Fan P., Liu H. A survey: Typical security issues of software-defined networking. China Communications. 2019, vol. 16(7), pp. 13–31.
Sagare A. A., Khondoker R. Security analysis of SDN routing applications. SDN and NFV Security. Lecture Notes in Networks and Systems. Springer, Cham, 2018, vol. 30, pp. 1–17.
Yeremenko O., Persikov M., Lemeshko V., Altaki B. Research and development of the secure routing flow-based model with load balancing. Problemy telekomunikatsii [Telecommunication Problems]. 2021, no. 2(29), pp. 3–14.
Yevdokymenko M., Shapovalova A., Shapoval M. Potokova model marshrutyzatsii iz vrakhuvanniam ryzykiv informatsiinoi bezpeky za dopomohoiu bazovykh metryk krytychnosti vrazlyvostei [Flow model of routing taking into account information security risks using basic vulnerability criticality metrics]. Problemy telekomunikatsii [Telecommunication Problems]. 2020, no. 1(26), pp. 48–62.
Yevdokymenko M., Yeremenko O., Shapovalova A., Shapoval M., Porokhniak V., Rogovaya N. Investigation of the Secure Paths Set Calculation Approach Based on Vulnerability Assessment. Workshop Proceedings of the MoMLeT+DS 2021: 3rd International Workshop on Modern Machine Learning Technologies and Data Science, June 5, 2021, Lviv-Shatsk, Ukraine, pp. 207–217.
Stallings W. Effective Cybersecurity: Understanding and using standards and best practices. Addison-Wesley, 2019. 800 p.
Common Vulnerability Scoring System v3.0: Examples, Forum of Incident Response and Security Teams. URL: https://www.first.org/cvss/examples (accessed 03.05.2023).
NIST National Vulnerability Database, URL: https://nvd.nist.gov (accessed 03.05.2023).
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
