Visible to the public SoS Software-Defined Networking WorkshopConflict Detection Enabled

SoS Newsletter- Advanced Book Block


SoS Logo

SoS Software-Defined Networking Workshop


Chicago, IL
June 17, 2016

The Science of Security Software-Defined Networking (SoSSDN) Workshop, sponsored by the NSA SoS Lablet at the University of Illinois Urbana Champaign (UIUC), was hosted by the Illinois Institute of Technology in Chicago on June 16 and 17, 2016. Speakers included two keynotes and research presentations from academe, industry, and government. A panel discussed progress in addressing the science of cyber security and how SDN fits together with the concept.


According to the organizers, software-defined networking (SDN) holds promise to convey large benefits ranging from reducing the complexities of network traffic control and management to empowering the design of agile networks that can adapt to changing application requirements. There is interest in using SDN to offer fine-grained control and strategies over network-based security functions, but this body of research remains largely disconnected from mainstream systems security research. The highly structured approach of SDN offers significant advantages in developing formal guarantees for security. In particular, we may be able to develop a science around the subject that allows us to better measure the effectiveness of any newly developed solutions for security in this space.


Frank Acker, Computer Security Researcher, Trusted Systems Research Group, Department of Defense, gave the keynote “Developing and Maintaining Trust among SDN Entities.” “The big problem in software defined networks is that there is no method to verify the trustworthiness of devices in the SDN infrastructure.  This problem creates both challenges and opportunities for research,” said Dr. Ackers. “We are looking at Trusted Platform Modules (TPM’s) to establish a trust mechanism among the SDN entities.” Citing research from his group and others, he identified remotely programmable networks, new protocols, both open and proprietary, the lack of standards, the low priority of security given by vendors, new attack surfaces, and trust methods as current research challenges. In summary, he described SDN ecurity as an evolving technology with new players, a security need that is largely undefined, and that there is a need for the government to work with industry and academic research partners.


Anita Nikolich, Program Director for Cybersecurity, Division of Advanced Cyberinfrastructure, National Science Foundation (NSF) spoke on Research Challenges in SDN. To NSF, the question is whether SDN Security is a “hot topic” i.e., are there enough basic research questions around it that NSF should fund it?  NSF is currently funding Software Defined Network Function Virtualization; Big Data and Optical light paths; high performance data plane kernels for SDN, and Software Defined Internet Exchange.


A panel of leading SDN researchers gave their views on “How to Make Security for SDN a Science?”

David Nicol, UIUC, said that SoS is an ongoing problem. Science has three legs: Theory—development of formal mathematical models, predictions form the model; Experimental—identify observables, hypothesis; and Simulation—computational theory. SDN offers an attractive unifying framework that crosses layer boundaries. Frank Acker, Trusted Systems Research Group, Department of Defense, said we need to study underlying mechanisms to develop an underlying premise for building a product. The challenge is the need to work toward a secure SDN environment. Anita Nikolich, NSF, said that, to become science, there is a need to develop both physical and social science elements to develop measurements. In addition, really great, robust data sets are needed to build from. Vinod Yegneswaren, SRI International, described scientific method as an ongoing process. In his view, the SDN security challenge is to answer the question, “What happens when the software defines the network flow policy?” The panel interacted with the audience to discuss important questions related to SDN and SoS, including methods for measuring “security,” priorities, standards, and how to develop trust among entities.


Eight individual research presentations were offered. Topics included SDNs, Clouds and security; network aware VM migration; dynamic graph query primitives for SDN-based cloud network management; reconciling configurable application permissions for SDN app markets; dynamic control of real-time communication using SDN; a robust and secure SDN control layer; “BigData express” — toward schedulable, predictable, and high-performance data transfer; RAINCOAT: randomization of network connectivity in industrial control systems to mitigate cyber-attacks; and database-defined network. Synopses of all of the presentations are provided in a companion article. Ten posters were also presented.


The SoSSDN Workshop was the first SoS single topic workshop. More than 65 researchers from across the U.S. representing more than a dozen universities, small business, Fermilab, NIST, SRI International, and the Bell Laboratories participated.  

(ID#: 16-11363)