ANALYSIS OF VULNERABILITIES OF THE SDN DATA PLANE AND THE FUNCTIONAL CAPABILITIES OF THE ROUTING TOOLS IN RELATION TO PREVENTING POTENTIAL ATTACKS
DOI:
https://doi.org/10.26906/SUNZ.2023.3.123Keywords:
SDN, metrics, security, vulnerability, CVSSAbstract
Problem. The article is devoted to the analysis of the vulnerabilities of the SDN data plane and the functionality of secure routing tools in terms of countering possible attacks. The main typical security problems, their causes and possible targets of attacks are considered within the data plane. Existing SDN data plane protection technologies are described. A generalized classification of vulnerabilities and their characteristics is provided. Goal. The purpose of the article is to analyze the vulnerabilities of the SDN data plane and the functionality of secure routing tools to counter possible attacks. Methodology. Analytical modeling, formalization and comparison. Task statement – To improve secure routing taking into account the basic metrics of the criticality of vulnerabilities. Results. An analysis of the vulnerabilities of the SDN data plane and the functionality of secure routing tools against possible attacks, as well as the existing technologies and approaches to protect the SDN data plane, has been carried out. Conclusions: Thus, the paper analyzes the CVSS standard for quantitative calculation of the level of vulnerability of network equipment and proves the feasibility of its use during the development and research of promising approaches to secure routing in the data plane of software-configured networks. Originality. Systematized and analyzed the vulnerabilities of the SDN data plane and their functionality in terms of secure routing and countermeasures against possible attacks. Practical value. Computer-configured SDN networks are considered within the data plane, the main typical security problems are found, their causes and possible objects of attacks are indicated.Downloads
References
Liu Y., Zhao B., Zhao P., Fan P., Liu H. A survey: Typical security issues of software-defined networking. China Communications. 2019. № 16 (7). pp. 13-31. DOI: https://doi.org/10.23919/JCC.2019.07.002.
Sagare A. A., Khondoker R. Security Analysis of SDN Routing Applications. In: Khondoker, R. (eds) SDN and NFV Security. Lecture Notes in Networks and Systems, vol. 30. Springer, Cham, 2018, pp. 1-17. DOI: https://doi.org/10.1007/978-3-319-71761-6_1.
Yeremenko O., Persikov M., Lemeshko V., Altaki B. Research and development of the secure routing flow-based model with load balancing. Проблеми телекомунікацій. 2021. № 2 (29). pp. 3-14. URL: https://pt.nure.ua/wp-content/uploads/2021/12/212_yeremenko_secure.pdf.
Євдокименко М. О., Шаповалова А. С., Шаповал М. М. Потокова модель маршрутизації із врахуванням ризиків інформаційної безпеки за допомогою базових метрик критичності вразливостей. Проблеми телекомунікацій. 2020. № 1 (26). С. 48-62. URL: http://pt.nure.ua/wp-content/uploads/2021/03/201_yevdokimenko_security.pdf.
Yevdokymenko M., Yeremenko O., Shapovalova A., Shapoval M., Porokhniak V., Rogovaya N. Investigation of the Secure Paths Set Calculation Approach Based on Vulnerability Assessment. Workshop Proceedings of the MoMLeT+DS 2021: 3rd International Workshop on Modern Machine Learning Technologies and Data Science, June 5, 2021, Lviv-Shatsk, Ukraine. pp. 207-217. URL: http://ceur-ws.org/Vol-2917/paper19.pdf.
Stallings W. Effective Cybersecurity: Understanding and Using Standards and Best Practices, Addison-Wesley, 2019. 800 p.
Common Vulnerability Scoring System v 3.0: Examples, Forum of Incident Response and Security Teams, URL: https://www.first.org/cvss/examples.
Lou W., Kwon Y. H-SPREAD: A Hybrid Multipath Scheme for Secure and Reliable Data Collection in Wireless Sensor Networks. IEEE Transactions on Vehicular Technology. 2006. Vol. 55, No. 4. pp. 1320-1330. DOI: https://doi.org/10.1109/TVT.2006.877707.
Snihurov A., Chakrian V. Improvement of EIGRP Protocol Routing Algorithm with the Consideration of Information Security Risk Parameters. Scholars Journal of Engineering and Technology. 2015. Vol. 3, No. 8. pp. 707-714.
