TY - JOUR
T1 - Application threats to exploit northbound interface vulnerabilities in Software Defined Networks
AU - Rauf, Bilal
AU - Abbas, Haider
AU - Usman, Muhammad
AU - Zia, Tanveer A.
AU - Iqbal, Waseem
AU - Abbas, Yawar
AU - Afzal, Hammad
N1 - Publisher Copyright:
© 2021 ACM.
PY - 2021/7
Y1 - 2021/7
N2 - Software Defined Networking (SDN) is an evolving technology that decouples the control functionality from the underlying hardware managed by the control plane. The application plane supports programmers to develop numerous applications (such as networking, management, security, etc.) that can even be executed from remote locations. Northbound interface (NBI) bridges the control and application planes to execute the third-party applications business logic. Due to the software bugs in applications and existing vulnerabilities such as illegal function calling, resource exhaustion, lack of trust, and so on, NBIs are susceptible to different attacks. Based on the extensive literature review, we have identified that the researchers and academia have mainly focused on the security of the control plane, data plane, and southbound interface (SBI). NBI, in comparison, has received far less attention. In this article, the security of the least explored, but a critical component of the SDN architecture, i.e., NBI, is analyzed. The article provides a brief overview of SDN, followed by a detailed discussion on the categories of NBI, vulnerabilities of NBI, and threats posed by malicious applications to NBI. Efforts of the researchers to counter malicious applications and NBI issues are then discussed in detail. The standardization efforts for the single acceptable NBI and security requirements of SDN by Open Networking Foundation (ONF) are also presented. The article concludes with the future research directions for the security of a single acceptable NBI.
AB - Software Defined Networking (SDN) is an evolving technology that decouples the control functionality from the underlying hardware managed by the control plane. The application plane supports programmers to develop numerous applications (such as networking, management, security, etc.) that can even be executed from remote locations. Northbound interface (NBI) bridges the control and application planes to execute the third-party applications business logic. Due to the software bugs in applications and existing vulnerabilities such as illegal function calling, resource exhaustion, lack of trust, and so on, NBIs are susceptible to different attacks. Based on the extensive literature review, we have identified that the researchers and academia have mainly focused on the security of the control plane, data plane, and southbound interface (SBI). NBI, in comparison, has received far less attention. In this article, the security of the least explored, but a critical component of the SDN architecture, i.e., NBI, is analyzed. The article provides a brief overview of SDN, followed by a detailed discussion on the categories of NBI, vulnerabilities of NBI, and threats posed by malicious applications to NBI. Efforts of the researchers to counter malicious applications and NBI issues are then discussed in detail. The standardization efforts for the single acceptable NBI and security requirements of SDN by Open Networking Foundation (ONF) are also presented. The article concludes with the future research directions for the security of a single acceptable NBI.
KW - Application plane
KW - application threats
KW - malicious applications
KW - northbound interface
KW - northbound interface vulnerabilities
KW - SDN
KW - SDN security
UR - http://www.scopus.com/inward/record.url?scp=85111965552&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85111965552&partnerID=8YFLogxK
U2 - 10.1145/3453648
DO - 10.1145/3453648
M3 - Review article
AN - SCOPUS:85111965552
SN - 0360-0300
VL - 54
SP - 1
EP - 36
JO - ACM Computing Surveys
JF - ACM Computing Surveys
IS - 6
M1 - 121
ER -