A Survey of SDN Security Research

Software defined networking (SDN) has established a new method for creating and administering networks, but has also changed the attack surface that is presented by networks. SDN provides several features that allow for easy mitigation of certain types of attacks, such as DoS, and allows for mitigation of other attacks with more work. However, SDN also introduces new vulnerabilities that are not present in traditional networks, such as a communication bottleneck between the control-plane and the data-plane. Many new technologies and techniques have been proposed to solve SDN security vulnerabilities and some additional work can be applied address them as well. Current research in SDN follows several identifiable trends that are related to the state of deployment of SDN technologies. As OpenFlow is the most popular implementation of SDN and is currently used in production settings, much research has been performed to utilize and improve the protocol. However, there is another research trend that has produced work that is applicable to SDN in general, including architectures that provide more flexibility than OpenFlow. Future research is likely to follow these trends by improving the OpenFlow protocol and proposing more general alternatives, and this research will include the further development of tools for the testing of network designs and the research of optimizations for OpenFlow when it is used in production environments. In this paper, I present a survey of current research on SDN security and other work in the field of SDNs that is applicable to security and a prediction of the directions of future research in SDN security.