The breadth of security problems in

The breadth of security problems in SDN raises concerns and poses the question whether
any countermeasures are available at present. As evidenced in the preceding chapter, it is
mandatory to extend the generic OpenFlow network to guarantee sufficient reliability. In
the wake of the rising popularity of SDN and a recent shift of focus to security, researchers
have started to propose a multitude of single solutions to secure and even enhance sections of
the software-defined network. Nevertheless, a ubiquitous and dynamic security architecture
design for SDN is an eventual necessity to satisfy industry needs and gain acceptance. Two
noteworthy abstract architecture proposals and requirement definitions have been published
so far. Kreutz et al., 2013 [8] developed a threat vector concept and argue for a ”secure
and dependable” general SDN design to cover the ascertained threat vectors. As of April
2015, during the writing of this thesis, an ONF committee has audited the OpenFlow Switch
Specification Ver. 1.3.4. and published their own secure design and requirements, which are
likely to be incorporated into the future standard. [99] In context of the set of problems iden
tified in Chapter 3, the thesis examines the two approaches and complements the concepts
with individual and suitable solutions. The feasibility and robustness are inspected and the
remaining open STRIDE threats are highlighted. Additionally, a selection of noteworthy
concepts, which do not match any of the previous aspects, showcases security opportunities.
For any of the principles new vulnerabilities or insufficient requirements are demonstrated.
It should be noted that potential implications on overall network performance and latency
are not taken into consideration, as the scope of the thesis does not exceed the security and
reliability aspect. The research and design solutions investigated in this chapter build the
foundation of the secure SDN blueprint of Chapter 5.