Risk-driven security metrics development for software-defined networking

Reijo M. Savola; Pekka Savolainen

doi:10.1145/3241403.3241461

Risk-driven security metrics development for software-defined networking

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

Abstract

Introduction of SDN (Software-Defined Networking) into the network management turns the formerly quite rigid networks to programmatically reconfigurable, dynamic and high-performing entities, which are managed remotely. At the same time, introduction of the new interfaces evidently widens the attack surface, and new kind of attack vectors are introduced threatening the QoS even critically. Thus, there is need for a security architecture, drawing from the SDN management and monitoring capabilities, and eventually covering the threats posed by the SDN evolution. For efficient security-architecture implementation, we analyze the security risks of SDN and based on that propose heuristic security objectives. Further, we decompose the objectives for effective security control implementation and security metrics definition to support informed security decision-making and continuous security improvement.

Original language	English
Title of host publication	ECSA '18
Subtitle of host publication	Proceedings of the 12th European Conference on Software Architecture
Publisher	Association for Computing Machinery ACM
ISBN (Electronic)	978-1-4503-6483-6
DOIs	https://doi.org/10.1145/3241403.3241461
Publication status	Published - 24 Sep 2018
MoE publication type	Not Eligible
Event	12th European Conference on Software Architecture, ECSA 2018 - Madrid, Spain Duration: 24 Sep 2018 → 28 Sep 2018 Conference number: 12

Conference

Conference	12th European Conference on Software Architecture, ECSA 2018
Abbreviated title	ECSA 2018
Country/Territory	Spain
City	Madrid
Period	24/09/18 → 28/09/18

Keywords

Risk analysis
Security metrics
Software-Defined Networking

Access to Document

10.1145/3241403.3241461

Cite this

@inproceedings{d66541bbcdd64ee69a3dfbf943dd56f4,

title = "Risk-driven security metrics development for software-defined networking",

abstract = "Introduction of SDN (Software-Defined Networking) into the network management turns the formerly quite rigid networks to programmatically reconfigurable, dynamic and high-performing entities, which are managed remotely. At the same time, introduction of the new interfaces evidently widens the attack surface, and new kind of attack vectors are introduced threatening the QoS even critically. Thus, there is need for a security architecture, drawing from the SDN management and monitoring capabilities, and eventually covering the threats posed by the SDN evolution. For efficient security-architecture implementation, we analyze the security risks of SDN and based on that propose heuristic security objectives. Further, we decompose the objectives for effective security control implementation and security metrics definition to support informed security decision-making and continuous security improvement.",

keywords = "Risk analysis, Security metrics, Software-Defined Networking",

author = "Savola, {Reijo M.} and Pekka Savolainen",

note = "Funding Information: This work has been supported by the SENDATE-PLANETS CelticPlus project, funded by Business Finland and VTT Technical Research Centre of Finland. Publisher Copyright: {\textcopyright} 2018 Association for Computing Machinery. Copyright: Copyright 2018 Elsevier B.V., All rights reserved.; 12th European Conference on Software Architecture, ECSA 2018, ECSA 2018 ; Conference date: 24-09-2018 Through 28-09-2018",

year = "2018",

month = sep,

day = "24",

doi = "10.1145/3241403.3241461",

language = "English",

booktitle = "ECSA '18",

publisher = "Association for Computing Machinery ACM",

address = "United States",

}

Risk-driven security metrics development for software-defined networking. / Savola, Reijo M.; Savolainen, Pekka.

ECSA '18: Proceedings of the 12th European Conference on Software Architecture. Association for Computing Machinery ACM, 2018. a56.

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

TY - GEN

T1 - Risk-driven security metrics development for software-defined networking

AU - Savola, Reijo M.

AU - Savolainen, Pekka

N1 - Conference code: 12

PY - 2018/9/24

Y1 - 2018/9/24

N2 - Introduction of SDN (Software-Defined Networking) into the network management turns the formerly quite rigid networks to programmatically reconfigurable, dynamic and high-performing entities, which are managed remotely. At the same time, introduction of the new interfaces evidently widens the attack surface, and new kind of attack vectors are introduced threatening the QoS even critically. Thus, there is need for a security architecture, drawing from the SDN management and monitoring capabilities, and eventually covering the threats posed by the SDN evolution. For efficient security-architecture implementation, we analyze the security risks of SDN and based on that propose heuristic security objectives. Further, we decompose the objectives for effective security control implementation and security metrics definition to support informed security decision-making and continuous security improvement.

AB - Introduction of SDN (Software-Defined Networking) into the network management turns the formerly quite rigid networks to programmatically reconfigurable, dynamic and high-performing entities, which are managed remotely. At the same time, introduction of the new interfaces evidently widens the attack surface, and new kind of attack vectors are introduced threatening the QoS even critically. Thus, there is need for a security architecture, drawing from the SDN management and monitoring capabilities, and eventually covering the threats posed by the SDN evolution. For efficient security-architecture implementation, we analyze the security risks of SDN and based on that propose heuristic security objectives. Further, we decompose the objectives for effective security control implementation and security metrics definition to support informed security decision-making and continuous security improvement.

KW - Risk analysis

KW - Security metrics

KW - Software-Defined Networking

UR - http://www.scopus.com/inward/record.url?scp=85055716769&partnerID=8YFLogxK

U2 - 10.1145/3241403.3241461

DO - 10.1145/3241403.3241461

M3 - Conference article in proceedings

AN - SCOPUS:85055716769

BT - ECSA '18

PB - Association for Computing Machinery ACM

T2 - 12th European Conference on Software Architecture, ECSA 2018

Y2 - 24 September 2018 through 28 September 2018

ER -

Risk-driven security metrics development for software-defined networking

Abstract

Conference

Keywords

Access to Document

Other files and links

Fingerprint

SENDATE-PLANETS: Secure Networking for a Data Center Cloud in Europe

Cite this

Risk-driven security metrics development for software-defined networking

Abstract

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Projects

SENDATE-PLANETS: Secure Networking for a Data Center Cloud in Europe

Cite this