Skip to main content
SpringerLink
Log in
Book cover

Secure Cloud Computing pp 77–93Cite as

Cloud Computing Security: What Changes with Software-Defined Networking?

  • Chapter
  • First Online:

Abstract

Broadly construed, Software-Defined Networking (SDN) refers to the use of a standards-based open architecture and its supporting open source and open interfaces technologies to enable the deployment, management, and operation of networks. While traditional network management relies on vendor-specific hardware, protocols, and software, SDN systems are architected to have well-defined control and data planes offering flexible management interfaces. The enhanced control enabled by SDN opens opportunities for better cloud security engineering. At the same time, new vulnerabilities are potentially exposed as new technologies are introduced. This chapter discusses how SDN impacts cloud security, and potential risks that need to be addressed when SDN is deployed within and across clouds.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   119.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD   109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Apache CloudStack Project. http://www.cloudstack.org. Cited 14 June 2013.

  2. Bernstein D and Vij D (2010) Intercloud Security Considerations. In 2010 IEEE Second International Conference on Cloud Computing Technology and Science (CloudCom). 537–44. IEEE, Indianapolis, USA. doi:10.1109/CloudCom.2010.82.

    Chapter  Google Scholar 

  3. Bernstein D, Ludvigson E, Sankar K, Diamond S, and Morrow M (2009) Blueprint for the Intercloud - Protocols and Formats for Cloud Computing Interoperability. In Fourth International Conference on Internet and Web Applications and Services 2009 (ICIW ’09). 328–36. Venice/Mestre. doi:10.1109/iciw.2009.55.

    Google Scholar 

  4. Case JD, Fedor M, Schoffstall ML, and Davin J (1990) A Simple Network Management Protocol (SNMP). IETF RFC 1157, 1–36.

    Google Scholar 

  5. Google - IPv6 statistics. http://www.google.com/intl/en/ipv6/statistics.html. Cited 14 June 2013.

  6. Greene K (2009) TR10: Software-Defined Networking. Technology Review (MIT). http://www2.technologyreview.com/article/412194/tr10-software-defined-networking/. Accessed 14 June 2013.

  7. Gude N, Koponen T, Pettit J, Pfaff B, Casado M, McKeown N et al. (2008) NOX: towards an operating system for networks. ACM SIGCOMM Computer Communication Review 38, 105–10. doi:10.1145/1384609.1384625.

    Google Scholar 

  8. Handigol N, Heller B, Jeyakumar V, Maziéres D, and McKeown N (2012) Where is the debugger for my software-defined network? In Proceedings of the first workshop on Hot topics in software defined networks. Vol. pp. 55–60, ACM, Helsinki.

    Google Scholar 

  9. Hölzle U (2012) OpenFlow@Google. Open Networking Summit 2012. http://www.youtube.com/watch?v=VLHJUfgxEO4. Accessed 14 June 2013.

  10. Internet Engineering Task Force. http://www.ietf.org. Cited 14 June 2013.

  11. Internet2 (2012) Internet2 Innovation Platform FAQ. Internet2. http://www.internet2.edu/pubs/Internet2-Innovation-Platform-FAQ.pdf. Accessed 14 June 2013.

  12. Interworking Task Group of IEEE 802.1 (2011) IEEE Standard for Local and metropolitan area networks–Media Access Control (MAC) Bridges and Virtual Bridged Local Area Networks. IEEE Std 802.1Q-2011 (Revision of IEEE Std 802.1Q-2005) 1–1364. doi:10.1109/ieeestd.2011.6009146.

    Google Scholar 

  13. Keahey K, Tsugawa M, Matsunaga A, and Fortes JAB (2009) Sky Computing. In IEEE Internet Computing. Vol. 13, pp. 43–51.

    Google Scholar 

  14. McKeown N (2008) Why can’t I innovate in my wiring closet? The Stanford Clean Slate Program. http://www.openflow.org/documents/OpenFlow.ppt. Accessed 14 June 2013.

  15. McKeown N, Anderson T, Balakrishnan H, Parulkar G, Peterson L, Rexford J et al. (2008) OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Computer Communication Review 38, 69–74. doi:10.1145/1355734.1355746.

    Google Scholar 

  16. Mehdi SA, Khalid J, and Khayam SA (2011) Revisiting traffic anomaly detection using software defined networking. In Proceedings of the 14th international conference on Recent Advances in Intrusion Detection (RAID’11). 161–80. Springer-Verlag, Menlo Park, CA. doi:10.1007/978-3-642-23644-0_9.

    Chapter  Google Scholar 

  17. Nadeau T and Pan P (2011) Software Driven Networks Problem Statement. IETF Internet-Draft (work-in-progress) draft-nadeau-sdnproblem-statement-01.

    Google Scholar 

  18. Nascimento MR, Rothenberg CE, Salvador MR, Corrêa CNA, Lucena SCd, and Magalhães MF (2011) Virtual routers as a service: the RouteFlow approach leveraging software-defined networks. In Proceedings of the 6th International Conference on Future Internet Technologies. 34–7. ACM, New York, NY, Seoul, Republic of Korea. doi:10.1145/2002396.2002405.

    Google Scholar 

  19. Nayak AK, Reimers A, Feamster N, and Clark R (2009) Resonance: dynamic access control for enterprise networks. In Proceedings of the 1st ACM workshop on Research on enterprise networking. 11–8. ACM, doi:10.1145/1592681.1592684.

    Google Scholar 

  20. NOX OpenFlow Controller. http://www.noxrepo.org. Cited 14 June 2013.

  21. OpenFlow. http://www.openflow.org. Cited 14 June 2013.

  22. OpenFlowSec. http://www.openflowsec.org. Cited 14 June 2013.

  23. Open Networking Foundation. http://www.opennetworking.org. Cited 14 June 2013.

  24. Open Networking Summit. http://www.opennetsummit.org. Cited 14 June 2013.

  25. Piper S (2013) In Big Data Security for Dummies. John Wiley & Sons, Inc.

    Google Scholar 

  26. Porras P, Shin S, Yegneswaran V, Fong M, Tyson M, and Gu G (2012) A security enforcement kernel for OpenFlow networks. In Proceedings of the first workshop on Hot topics in software defined networks. 121–6. ACM, New York, NY, Helsinki, Finland. doi:10.1145/2342441.2342466.

    Chapter  Google Scholar 

  27. Reitblatt M, Foster N, Rexford J, and Walker D (2011) Consistent updates for software-defined networks: Change you can believe in! In Proceedings of the 10th ACM Workshop on Hot Topics in Networks. ACM, Cambridge. doi:10.1145/2070562.2070569.

    Google Scholar 

  28. Rothenberg CE, Nascimento MR, Salvador MR, Corrêa CNA, Lucena SCd, and Raszuk R (2012) Revisiting routing control platforms with the eyes and muscles of software-defined networking. In Proceedings of the first workshop on Hot topics in software defined networks. 13–8. ACM, Helsinki, Finland. doi:10.1145/2342441.2342445.

    Google Scholar 

  29. Sherwood R, Gibb G, Yap K-K, Appenzeller G, Casado M, McKeown N et al. (2009) FlowVisor: A Network Virtualization Layer. OpenFlow Switch Consortium, Tech. Rep. OPENFLOW-TR-2009-1.

    Google Scholar 

  30. Sherwood R, Gibb G, Yap K-K, Appenzeller G, Casado M, McKeown N et al. (2010) Can the Production Network Be the Testbed? In 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI). 365–78. USENIX Association, Vancouver, BC, Canada.

    Google Scholar 

  31. Shin S and Gu G (2012) CloudWatcher: Network security monitoring using OpenFlow in dynamic cloud networks (or: How to provide security monitoring as a service in clouds?). In 2012 20th IEEE International Conference on Network Protocols (ICNP). 1–6. Austin, TX. doi:10.1109/icnp.2012.6459946.

    Chapter  Google Scholar 

  32. Skowyra R, Lapets A, Bestavros A, and Kfoury A (2013) Verifiably-Safe Software-Defined Networks for CPS. In Proceedings of the 2nd ACM International Conference on High Confidence Networked Systems (HiCoNS 2013), Philedelphia, PA, USA. ACM, Philadelphia.

    Google Scholar 

  33. Stabler G, Rosen A, Goasguen S, and Wang K-C (2012) Elastic IP and security groups implementation using OpenFlow. In Proceedings of the 6th international workshop on Virtualization Technologies in Distributed Computing Date. ACM, Delft, The Netherlands. doi:10.1145/2287056.2287069.

    Google Scholar 

  34. Waite A (2010) InfoSec Triads: Security/Functionality/Ease-of-use. http://blog.infosanity.co.uk/2010/06/12/infosec-triads-securityfunctionalityease-of-use/. Accessed 14 June 2013.

  35. Yap K-K, Yiakoumis Y, Kobayashi M, Katti S, Parulkar G, and McKeown N (2011) Separating authentication, access and accounting: A case study with OpenWiFi. Technical report, OpenFlow 2011-1.

    Google Scholar 

Download references

Acknowledgements

This work is supported in part by National Science Foundation (NSF) grants No. 0910812, 1139707, 1240171 and the AT&T Foundation. Any opinions, findings and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the NSF, and AT&T Foundation.

Author information

Authors and Affiliations

  1. Advanced Computing and Information Systems Laboratory, Department of Electrical and Computer Engineering, University of Florida, Gainesville, FL, 32611-6200, USA

    Maurício Tsugawa, Andréa Matsunaga & José A. B. Fortes

Authors
  1. Maurício Tsugawa
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andréa Matsunaga
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. José A. B. Fortes
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Maurício Tsugawa .

Editor information

Editors and Affiliations

  1. Center for Secure Information Systems, George Mason University, Fairfax, Virginia, USA

    Sushil Jajodia

  2. Center for Secure Information Systems, George Mason University, Fairfax, Virginia, USA

    Krishna Kant

  3. University of Milan, Crema, Italy

    Pierangela Samarati

  4. Computer Security Division, National Institute of Standards and Technology (NIST), Gaithersburg, Maryland, USA

    Anoop Singhal

  5. The MITRE Corporation, McLean, Virginia, USA

    Vipin Swarup

  6. Computing and Information Science Division, Information Sciences Directorate, Triangle Park, North Carolina, USA

    Cliff Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer Science+Business Media New York

About this chapter

Cite this chapter

Tsugawa, M., Matsunaga, A., Fortes, J.A.B. (2014). Cloud Computing Security: What Changes with Software-Defined Networking?. In: Jajodia, S., Kant, K., Samarati, P., Singhal, A., Swarup, V., Wang, C. (eds) Secure Cloud Computing. Springer, New York, NY. https://doi.org/10.1007/978-1-4614-9278-8_4

Download citation

  • DOI: https://doi.org/10.1007/978-1-4614-9278-8_4

  • Published:

  • Publisher Name: Springer, New York, NY

  • Print ISBN: 978-1-4614-9277-1

  • Online ISBN: 978-1-4614-9278-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation