![Page 1: SDN Security: A Survey · Scott-Hayward, S., O’Callaghan, G. and Sezer, S. “SDN Security: A Survey” IEEE SDN4FNS, November 2013 • Moving Target Defense • Exploiting the](https://reader033.vdocuments.net/reader033/viewer/2022042021/5e78c5fc8f441b0c0d44be77/html5/thumbnails/1.jpg)
SDN Security: A Survey
Dr. Sandra Scott-Hayward
SDN4FNS - November 2013
![Page 2: SDN Security: A Survey · Scott-Hayward, S., O’Callaghan, G. and Sezer, S. “SDN Security: A Survey” IEEE SDN4FNS, November 2013 • Moving Target Defense • Exploiting the](https://reader033.vdocuments.net/reader033/viewer/2022042021/5e78c5fc8f441b0c0d44be77/html5/thumbnails/2.jpg)
• Research at CSIT
• Security in SDN
• Security Analyses
• Security Enhancement using SDN
• Security Challenges with SDN
• Open Areas for Research
Presentation Outline
![Page 3: SDN Security: A Survey · Scott-Hayward, S., O’Callaghan, G. and Sezer, S. “SDN Security: A Survey” IEEE SDN4FNS, November 2013 • Moving Target Defense • Exploiting the](https://reader033.vdocuments.net/reader033/viewer/2022042021/5e78c5fc8f441b0c0d44be77/html5/thumbnails/3.jpg)
4 Queen’s University Belfast Research Groups - Digital Communications - High Frequency Electronics - Speech, Imaging and Vision Systems - Secure Digital Systems
ECIT Institute (Est.2003)
Research Excellence & Innovation
180 people
![Page 4: SDN Security: A Survey · Scott-Hayward, S., O’Callaghan, G. and Sezer, S. “SDN Security: A Survey” IEEE SDN4FNS, November 2013 • Moving Target Defense • Exploiting the](https://reader033.vdocuments.net/reader033/viewer/2022042021/5e78c5fc8f441b0c0d44be77/html5/thumbnails/4.jpg)
NETWORK SECURITY OPEN INNOVATION
TIERED MEMBERSHIP
KNOWLEDGE TRANSFER
VENTURE CREATION
CSIT (Est.2009)
DATA SECURITY
CYBER PHYSICAL SYSTEMS
MOBILE SECURITY
A GLOBAL
INNOVATION HUB FOR
CYBER SECURITY
![Page 5: SDN Security: A Survey · Scott-Hayward, S., O’Callaghan, G. and Sezer, S. “SDN Security: A Survey” IEEE SDN4FNS, November 2013 • Moving Target Defense • Exploiting the](https://reader033.vdocuments.net/reader033/viewer/2022042021/5e78c5fc8f441b0c0d44be77/html5/thumbnails/5.jpg)
Est.2009, Based in The ECIT Institute
Initial funding over £30M
80 People
• Researchers
• Engineers
• Business Development
Largest UK University lab for cyber security
technology research
GCHQ Academic Centre of Excellence
Industry Informed
• Open Innovation Model
Strong international links
• ETRI, CyLab, GTRI, SRI International
• Cyber Security Technology Summit
Centre for Secure Information
Technologies (CSIT)
![Page 6: SDN Security: A Survey · Scott-Hayward, S., O’Callaghan, G. and Sezer, S. “SDN Security: A Survey” IEEE SDN4FNS, November 2013 • Moving Target Defense • Exploiting the](https://reader033.vdocuments.net/reader033/viewer/2022042021/5e78c5fc8f441b0c0d44be77/html5/thumbnails/6.jpg)
Network Security Systems
Network Security
• IDS / IPS, DDoS mitigation
Cloud Security
• SDN, Virtualisation
SCADA & Smart Grid Security
• DDoS mitigation
Mobile Malware Analysis
• Reverse engineering
• Signature extraction
Prof. Sakir Sezer – Research Director
![Page 7: SDN Security: A Survey · Scott-Hayward, S., O’Callaghan, G. and Sezer, S. “SDN Security: A Survey” IEEE SDN4FNS, November 2013 • Moving Target Defense • Exploiting the](https://reader033.vdocuments.net/reader033/viewer/2022042021/5e78c5fc8f441b0c0d44be77/html5/thumbnails/7.jpg)
SDN Architecture
Sezer, S., et al. “Are We Ready for SDN? Implementation Challenges for Software-Defined Networks” IEEE Communications Magazine, July 2013
![Page 8: SDN Security: A Survey · Scott-Hayward, S., O’Callaghan, G. and Sezer, S. “SDN Security: A Survey” IEEE SDN4FNS, November 2013 • Moving Target Defense • Exploiting the](https://reader033.vdocuments.net/reader033/viewer/2022042021/5e78c5fc8f441b0c0d44be77/html5/thumbnails/8.jpg)
SDN Architecture
![Page 9: SDN Security: A Survey · Scott-Hayward, S., O’Callaghan, G. and Sezer, S. “SDN Security: A Survey” IEEE SDN4FNS, November 2013 • Moving Target Defense • Exploiting the](https://reader033.vdocuments.net/reader033/viewer/2022042021/5e78c5fc8f441b0c0d44be77/html5/thumbnails/9.jpg)
SANE Architecture
SANE = Secure Architecture for the Networked Enterprise
2006 – M. Casado et al.
• Logically Centralized Server
• Trusted Domain
Controller (DC)
• Providing routing and
access control decisions
• Access Control Policies
• Authentication of Hosts and
Policy Enforcement
• Principle of least privilege and
least knowledge
Casado, M. et al. “SANE: A Protection Architecture for Enterprise Networks” USENIX Security Symposium, 2006
![Page 10: SDN Security: A Survey · Scott-Hayward, S., O’Callaghan, G. and Sezer, S. “SDN Security: A Survey” IEEE SDN4FNS, November 2013 • Moving Target Defense • Exploiting the](https://reader033.vdocuments.net/reader033/viewer/2022042021/5e78c5fc8f441b0c0d44be77/html5/thumbnails/10.jpg)
Categorization of SDN Security
Issues
![Page 11: SDN Security: A Survey · Scott-Hayward, S., O’Callaghan, G. and Sezer, S. “SDN Security: A Survey” IEEE SDN4FNS, November 2013 • Moving Target Defense • Exploiting the](https://reader033.vdocuments.net/reader033/viewer/2022042021/5e78c5fc8f441b0c0d44be77/html5/thumbnails/11.jpg)
Categorization of SDN Security
Research
Scott-Hayward, S., O’Callaghan, G. and Sezer, S. “SDN Security: A Survey” IEEE SDN4FNS, November 2013
![Page 12: SDN Security: A Survey · Scott-Hayward, S., O’Callaghan, G. and Sezer, S. “SDN Security: A Survey” IEEE SDN4FNS, November 2013 • Moving Target Defense • Exploiting the](https://reader033.vdocuments.net/reader033/viewer/2022042021/5e78c5fc8f441b0c0d44be77/html5/thumbnails/12.jpg)
• Moving Target Defense
• Exploiting the dynamic and adaptive capabilities of SDN
• Trust (Application-Enabled SDN)
• Application-Control Interface and Control-Data
Interface
• Securing the Network Map
Open Research Areas
![Page 13: SDN Security: A Survey · Scott-Hayward, S., O’Callaghan, G. and Sezer, S. “SDN Security: A Survey” IEEE SDN4FNS, November 2013 • Moving Target Defense • Exploiting the](https://reader033.vdocuments.net/reader033/viewer/2022042021/5e78c5fc8f441b0c0d44be77/html5/thumbnails/13.jpg)
Thank you!
Questions?
![Page 14: SDN Security: A Survey · Scott-Hayward, S., O’Callaghan, G. and Sezer, S. “SDN Security: A Survey” IEEE SDN4FNS, November 2013 • Moving Target Defense • Exploiting the](https://reader033.vdocuments.net/reader033/viewer/2022042021/5e78c5fc8f441b0c0d44be77/html5/thumbnails/14.jpg)
CSIT: A Global Cyber Innovation Hub
Thought leader in Secure Information Technology Research
Network of Commercial & Research partnerships
Portfolio of successful Technology Transfer