Accession Number:

ADA607173

Title:

Hardening Software Defined Networks

Descriptive Note:

Final technical rept. Dec 2012-Jan 2014

Corporate Author:

INDIANA UNIV AT BLOOMINGTON

Report Date:

2014-07-01

Pagination or Media Count:

65.0

Abstract:

Software Defined Networking SDN presents an extremely rare point of inflection which offers the potential to leverage the economics of SDN to harden the network as a whole. Utilizing this inflection point requires security technologies that have two characteristics. First, security technologies must be incentive-aligned for initial adoption. Securing SDN requires designing technologies that provide immediate returns for the early adopters. Compare with BGPSEC, which helps only peers and not the investing organization. We have a demonstration providing risk-aware routing given the previous RIB. Second, the technologies must function without complete adoption. And of course, third, these must be resilient against attack. Compare with egress filtering, which works with ISP adoption. We offer a proof of concept showing herd immunity to classes of DoS attacks with partial adoption by second-tier ISP s. Failing to secure next-generation networks risks increasingly vulnerable cyberphysical systems, including homes and even individual persons as the internet of things is diffused to households and surgeries. We focused on six use cases data centers, then large ISPs, an IXP case, two cyber-physical cases, and the case of the next generation battlefield. The two cyber-physical cases were international airports and industrial control systems.

Subject Categories:

  • Computer Programming and Software

Distribution Statement:

APPROVED FOR PUBLIC RELEASE