Figure 2 - uploaded by Wanderson Paim de Jesus
Content may be subject to copyright.
Source publication
Cloud infrastructures are composed fundamentally of computing, storage, and networking resources. In regards to network, Software-Defined Networking (SDN) has become one of the most important architectures for the management of networks that require frequent re-policing or re-configurations. Consid-ering the already known security issues of Cloud C...
Contexts in source publication
Context 1
... [26], network related issues are not shown explicitly under a network class, but from our analysis, 18% are related to networking, being the other issues, in general, related to access policies, computing infrastructure, and data. Figure 2 depicts the distribution of cloud security issues perceived from the overall sum of all issues stated in the referenced literature. ...
Context 2
... analyzing the literature, we found that cloud comput- ing security issues are much more related to other resources than to network, as illustrated in Figure 2. Most of them (28%) fit into the Security Standards category, which deals with regulatory authorities and governing bodies that define cloud security policies. ...
Similar publications
The integration of cloud computing and Internet of Things (IoT) is quickly becoming the key enabler for the digital transformation of the healthcare industry by offering comprehensive improvements in patient engagements, productivity and risk mitigation. This paradigm shift, while bringing numerous benefits and new opportunities to healthcare organ...
Performing a smart usage of collection of services, applications and infrastructure composed of pool of computer resources, Cloud Computing has become promising hosting platform. Cloud architectures have cost-efficient and flexible backbones that support resource transmission, storage and computing of the applications. All these infrastructures are...
Future IoT services execution may benefit from combining resources at cloud and at the edge. To that end, new architectures should be proposed to handle IoT services in a coordinated way at either the edge of the network, the cloud, or both. Reacting to that need, the Fog-to-Cloud concept has been recently proposed. A key aspect in the F2C design r...
Cloud computing provides the capability to use computing and storage resources on a rented basis and reduce the investments in an organization's computing infrastructure. With all its benefits, cloud computing also brings with it concerns about the security and privacy of information extant on the cloud as a result of its size, structure, and geogr...
Cloud Computing allows firms to outsource their entire information technology (IT) process, allowing them to concentrate more on their core business to enhance their productivity and innovation in offering services to customers. It allows businesses to cut down heavy cost incurred over IT infrastructure without losing focus on customer needs. Howev...
Citations
... Looking at the evolution of SDN for management and scalability problems, the SDN contribution for computation security in cloud [6], as well as considering the data processing requirements with low latency of transmission and the IoT networks security needs [7], this paper proposes a security distributed measure to mitigate attacks on IoT instances that aims to utilize the SDN network infrastructure to provide low latency for the decision making in case of security events. This paper is divided as follows: the section II brings works related to security in IoT networks that associates SDN and IDS/IPS paradigms. ...
... The control plane scalability [20], the management and maintenance overhead [12], and the scientific big-data architecture and explosive data growth demand a reconfigurable and reprogrammable infrastructure and a layout to address the latency in a modern data center [17], [18]. In a large enterprise, flexibility is the key to address issues, e.g., workload management, planning, and storage management [23]. In an SDDC, factors contributing to delays are as follows. ...
... SDS offers both scale-up and scale-out [37] operations with better performance, improved management, and economical priced hardware. In a large enterprise, flexibility is the key to address issues, e.g., workload management, planning, and storage management [23]. SDS centralizes, automates, and transforms the multivendor storages into a single and manageable platform, while providing maximum performance with off-the-shelf resources; it provides a reliable software and a scalable hardware. ...
... On the other side, SDN simplifies the security configurations of network elements [133]. Through SDN abstraction, administrators express their security policies in high level and simplified languages that abstract the complexity of the network. ...
Software Defined Networking (SDN) is an emerging paradigm that promises to resolve the limitations of the conventional network architecture.SDN and cyber security have a reciprocal relationship. In this thesis, we study and explore two aspects of this relationship. On the one hand, we study security for SDN by performing a vulnerability analysis of SDN. Such security analysis is a crucial process in identifying SDN security flaws and in measuring their impacts. It is necessary for improving SDN security and for understanding its weaknesses.On the other hand, we explore SDN for security. Such an aspect of the relationship between SDN and security focusses on the advantages that SDN brings into security.The thesis designs and implements an SDN stateful firewall that transforms the Finite State Machine of network protocols to an SDN Equivalent State Machine. Besides, the thesis evaluates SDN stateful firewall and NetFilter regarding their performance and their resistance to Syn Flooding attacks.Furthermore, the thesis uses SDN orchestration for policy enforcement. It proposes a firewall policy framework to express, assess, negotiate and deploy firewall policies in the context of SDN as a Service in the cloud.
... The issues between access control and high level policies in switch and firewall are tackled in [32]. Security enforcement kernel FORT-NOX designed for role based authentication, conflict detection and resolution and rule based authorization covered in [33]. An interesting feature of [33] is OpenFlow switches are prevented from packet header modification to bypass firewall. ...
... Security enforcement kernel FORT-NOX designed for role based authentication, conflict detection and resolution and rule based authorization covered in [33]. An interesting feature of [33] is OpenFlow switches are prevented from packet header modification to bypass firewall. Enforcement of security policy support QoS, network monitoring in real-time environment and problem detection [34]- [35]. ...
... www.ijacsa.thesai.org Research work in [16]- [17], [33], [41] provide countermeasures to security issues with control layer. They have more impact on security with automatic user authentication [16], virtual IP allocated to host [17], monitoring with varied granularity [18], avoidance of conflicts in rules [33], and with detection and tracking capabilities [37]. ...
Abstract: Inception of flow tables as data plane abstraction, and forwarding rules that are managed by centralized controllers in emerging Software Defined Networks (SDN) has stemmed significant progress in OpenFlow based architectures. SDN is particularly fueled by data center networking and cloud computing. OpenFlow coupled with cloud solutions provide dynamic networking capabilities. With the benefits obtained from network services, security enforcement become more important and need powerful techniques for its implementation. Extensive researches in cloud security bring forward numerous methods of leveraging the SDN architecture with efficient security enforcement. The future of SDN and mobile networks is also enlightened if security models are satisfactory to cover dynamic and flexible requirements of evolving networks. This paper presents a survey of the state of the art research on security techniques in OpenFlow based cloud environments. Security is one of the main aspect of any network. A fair study and evaluation of these methods are carried out in the paper along with the security considerations in SDN and its enforcement. The security issues and recommendations for 5g network are covered briefly. This work provides an understanding of the problem, its current solution space, and anticipated future research directions.
... SDN opens new business opportunities, however it massively raises new security problems. In [12] the authors identified several Cloud Networking Issues like: Proper installation of network firewalls (*), Network security configurations, Internet protocol vulnerabilities, Internet Dependence)=(*)Quality of service, Quality of service, Multitenancy in which pro and cons are considered in using SDN. Only in two cases (see issues with *) the SDN technology offers useful answers. ...
Cloud federation enables cloud providers to collaborate in order to create a large pool of virtual resources at multiple network locations. Different types of federated cloud architectures have been proposed and implemented up to now. In this context, an effective, agile and secure federation of cloud networking resources is a key aspect for the deployment of federated applications. This paper presents the preliminary security requirements analyzed in the H2020 BEACON Project that aims at researching techniques to federate cloud network resources and defining an integrated cloud management layer that enables an efficient and secure deployment of federated cloud applications. The paper analyses both how to protect the cloud networking infrastructure, and how cloud users can customize the network security for their distributed applications.
Software-defined network is an emerging technology in the IT industry. Cloud computing provides the services to the users based on the requirements. Service-level agreement is signed between user and cloud provider. SLA compliance is an important feature in cloud environment. Trust-based SLA is considered for the system. Monitoring of activities is carried out using SDN controller. SDN controller gathers the information completely about cloud provider and cloud user. The main idea of this paper is to monitor and notify any unusual activities such as attacks and hence, trust-based SLA framework is proposed. The framework strongly monitors the malicious users by SDN controller through OpenFlow switches. If the user is found to be unreliable, resources allocated will be released and reallocated to another user. Hence, security monitoring is carried out using SDN controller.
Recently with the emergence of Software Defined Networking (SDN), cloud environments have gone through modifications as traditional data centers adopt SDN as a network management solution. As cloud networking platform provides great power to configure networks in cloud, there is also a downside that intruders and hackers may control the network functionality which may lead to more damage than in legacy networks. Even though cloud networking providers implement the most of the security standards, data storage and important files on external service providers may lead to risk. The ease in procuring and accessing cloud services can also give users the ability to scan, identify and exploit loopholes and vulnerabilities within a system. For instance, in a multi-tenant cloud architecture where multiple users are hosted on the same server, a hacker might try to break into the data of other users hosted and stored on the same server. However, such exploits and loopholes are not likely to surface and the likelihood of a compromise is not great. Understanding traffic flows will extract issues out and methods can be suggested dealing with it. Security concerns here are highly expanded attack that includes the control and data plane. Security challenges are unique to clouds that differ from SDN. In this paper, SDN cloud applications are compared and analysis of three applications such as Meridian, CloudNaaS and HPE Virtual Cloud Network are performed. Main factor for choosing the three applications are their market share and wide deployment. The architecture of these applications are explained and security analysis is done using a threat analysis tool called STRIDE. We suggest some mitigation techniques for the well known threats like spoofing , tampering of data, repudiation and also check if the application has in-built countermeasures against these threats.
Cloud computing is proven service delivery model over the internet. Network play's an important role during this service provisioning but Cloud network have major security issue during service delivery. Network security and reliability achieve together is much more difficult task. Now a day cloud traditional network is replaced by the programmable and unified software defined network which have separate control plane and data plane for managing network traffic. SDN have capability to reduce cost of networking device using network virtualization which have facilitate to hardware and software virtualization using NFV(Network Function Virtualization). SDN and NFV integration in cloud computing give power of virtualization and improve network security and service. So in this paper we can describe SDN and NFV and how both are integrate in Open stack cloud to minimize network attack surface, improve network service and provide some salient advantage of SDN.
Nowadays, the term software-defined networking (SDN) becomes very popular. It is an approach that decouples the “control plane” and the “data plane” in switches to allow more programmable control of network traffic flows. Currently, several efforts are under way to thoroughly study and deploy SDN, as well as create standards that regulate the use of SDN. Since SDN is considered relatively a new discipline, a very little empirical literature has been aggregated in this field. The objective of this study is to aggregate and synthesize the empirical evidence from literature of SDN security to report the trends, patterns, and current status of the field. A systematic literature review (SLR) has been conducted to synthesize the empirical work in SDN.
Software-Defined Networking (SDN) is an emerging paradigm, which breaks the vertical integration in traditional networks to provide the flexibility to program the network through (logical) centralized network control. SDN has the capability to adapt its network parameters on the fly based on its operating environment. The decoupled structure of SDN serves as a solution for managing the network with more flexibility and ease. In SDN, the centralized cost effective architecture provides network visibility which helps to achieve efficient resource utilization and high performance. Due to the increasingly pervasive existence of smart programmable devices in the network, SDN provides security, energy efficiency and network virtualization for enhancing the overall network performance. We present various security threats that are resolved by SDN and new threats that arise as a result of SDN implementation. The recent security attacks and countermeasures in SDN are also summarized in the form of tables. We also provide a survey on the different strategies that are implemented to achieve energy efficiency and network security through SDN implementation. In an effort to anticipate the future evolution of this new paradigm, we discuss the main ongoing research efforts, challenges and research trends in this area. With this paper, readers can have a more thorough understanding of SDN architecture, different security attacks and countermeasures, and energy efficiency.
