Software-Defined Networking: An Evolving Network Architecture—Programmability and Security Perspective
Table 2
SDN attack analysis focusing on each level.
SDN architecture
Attacks vectors on each level of the SDN architecture
Data plane
⁃ The data flow within the network could be forged and redirected ⁃ Manipulating session maintenance between the devices
Control plane
⁃ SDN services could be denied to the network causing a denial of service/distributed denial of service ⁃ Compromised network topology information ⁃ The network could be manipulated because of its centralized and distributed controller attributes
Application plane
⁃ Legitimate applications could be compromised and manipulated ⁃ Misconfigurations within the legitimate applications
Combination of all planes
⁃ Majority of the attacks could be initiated using compromised trusted networks causing distributed denial of service ⁃ Sniffing the packets to gain network information
Interfaces
⁃ Exploiting the application programming interface