Security analysis of approaches to integrate middleboxes into software defined networks

Abstract

Software-defined Networking (SDN) is a novel approach to manage enterprise and data center networks easily. Integration of middleboxes, which provides Network Functions (NF)s that are crucial for network security, performance and reliability, raises new challenges, for example, traversing middle-boxes in a given order makes routing more complex. Rerouted traffic flows require that the state of middleboxes that is no longer part of the route is transferred to middleboxes which becomes part of the route. Software-defined Middlebox PoLicy Enforcement (SIMPLE) and OpenNF are two approaches to integrate middleboxes in SDNs which address these challenges. Since they are responsible to enforce middlebox policies, possible design flaws in their architecture could lead to severe vulnerabilities and put security of the network at stake. Therefore, security analysis of SIMPLE and OpenNF was conducted using Microsoft's threat modeling approach called STRIDE, whose results show the threats on these approaches.