Recent advances in software defined networking (SDN) provide an opportunity to create flexible and secure next-generation networks. Many companies have expressed the interest in SDN utilization. Much has been said about the ability of SDN to solve persistent network security problems. By contrast, our current knowledge on SDN vulnerabilities, threats, and attacks is very limited.
This study seeks to fill the knowledge gap through development of a novel taxonomic model of SDN threats. To better characterize the SDN threats, I classify them using the following three dimensions: the source triggering a vulnerability, the SDN component where the vulnerability arises, and the threat event by which a SDN attack is carried out. The model accounts for many-to-many relationships between the threat sources and threat events as well as threat events and vulnerability sources. From these relationships, various paths attackers could pursue to exploit SDN networks may be derived. Some of the paths are merely conceptual and are unlikely to materialize into actual attacks whereas some paths may represent real-life attack scenarios posing realistic dangers. I demonstrate the applications of the abstract taxonomic model by constructing concrete SDN attack examples to achieve unauthorized access, unauthorized disclosure of information, unauthorized modification, misuse, and disruption of service.
By exposing potential attack paths on SDN, the proposed taxonomic model will help companies to better understand SDN threat scenarios and to narrow down a set of threats most relevant for their environments. Based on the analysis of the attacks, I also provide a set of security recommendations to help security practitioners to choose the appropriate controls and countermeasures to combat the attacks.