Geodesic
«Common criteria» and software defined network security
Modelirovanie i analiz informacionnyh sistem, Tome 26 (2019) no. 1, pp. 134-145.

Voir la notice de l'article provenant de la source Math-Net.Ru

«Common criteria» (ISO 15408) is a universally recognized and broadly applicable approach to information security solutions management and evaluation. «Common criteria» leans on developing a shared conceptual basis for key security solution modules including protection profiles and security targets. Conceptual basis development implies defining the following elements: security objectives and assumptions (for the environment and the object), threats and security policies, as well as functional and assurance requirements. The specifics of SDN (software defined network) security solutions is largely driven by fundamental architectural principles of SDN technology itself — primarily by the separation of control and data flows, — and by conditions imposed by Open Flow protocol application. However, proactive (threats and policies), passive (objectives and assumptions) and reactive (requirements) aspects of security management remain highly relevant for this type of security solutions. This paper discusses the Common Criteria application specifics for assessing the SDN security and practical MTUCI (Moscow Technical University of Communications and Informatics) experience in the development of the protection profile. A new class of network attacks on SDN switches and controllers can involve either data or control components. In addition to traditional vulnerabilities, centralization of management functions paves way for new security threats by isolating controller activity and administrative message exchange. Therefore, identifying and analyzing threats, policies and requirements specific to SDN control module security becomes an emerging priority.
Keywords: security of software defined networks, general criteria, security profile. 
@article{MAIS_2019_26_1_a9,
     author = {A. N. Petukhov and P. L. Pilyugin},
     title = {{\guillemotleft}Common criteria{\guillemotright} and software defined network security},
     journal = {Modelirovanie i analiz informacionnyh sistem},
     pages = {134--145},
     publisher = {mathdoc},
     volume = {26},
     number = {1},
     year = {2019},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/MAIS_2019_26_1_a9/}
}
TY  - JOUR
AU  - A. N. Petukhov
AU  - P. L. Pilyugin
TI  - «Common criteria» and software defined network security
JO  - Modelirovanie i analiz informacionnyh sistem
PY  - 2019
SP  - 134
EP  - 145
VL  - 26
IS  - 1
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/MAIS_2019_26_1_a9/
LA  - ru
ID  - MAIS_2019_26_1_a9
ER  - 
%0 Journal Article
%A A. N. Petukhov
%A P. L. Pilyugin
%T «Common criteria» and software defined network security
%J Modelirovanie i analiz informacionnyh sistem
%D 2019
%P 134-145
%V 26
%N 1
%I mathdoc
%U http://geodesic.mathdoc.fr/item/MAIS_2019_26_1_a9/
%G ru
%F MAIS_2019_26_1_a9
A. N. Petukhov; P. L. Pilyugin. «Common criteria» and software defined network security. Modelirovanie i analiz informacionnyh sistem, Tome 26 (2019) no. 1, pp. 134-145. http://geodesic.mathdoc.fr/item/MAIS_2019_26_1_a9/

[1] ISO/IEC 15408-1:2005 Information technology – Security techniques – Evaluation criteria for IT security – Part 1: Introduction and general model, https://www.iso.org/standard/40612.html

[2] Anwer B., et al., “A Slick Control Plane for Network Middleboxes”, Open Networking Summit (2013) http://nextstep-esolutions.com/Clients/ONS2.0/pdf/2013/researchtrack/posterpapers/final/ons2013-final51.pdf

[3] Fayazbakhsh S., et al., “FlowTags: Enforcing Network-Wide Policies in the Presence of Dynamic Middlebox Actions”, HotSDN'13, ACM, 2013 http://www.cs.columbia.edu/l̃ierranli/coms6998-8SDNFall2013/papers/Flowtags-HotSDN2013.pdf

[4] Qazi Z.A., et al., “SIMPLE-fying Middlebox Policy Enforcement Using SDN”, SIGCOMM, ACM, 2013

[5] ONF Threat Analysis for the SDN Architecture. Version 1.0, TR-530, , July 2016 https://www.opennetworking.org/wp-content/uploads/2014/10/Threat_Analysis_for_the_SDN_Architecture.pdf

[6] Pilyugin P., Smeliansky R., “Modern security issues in SDN”, 2-nd International Conference on Information Technologies, Systems and Networks. ITSN-2017 (Chisinau, Republic of Moldova, 17–18 October 2017)

[7] ONF Security Foundation Requirements for SDN Controllers. Version 1.0, TR-529, , July 2016 https://www.opennetworking.org/wp-content/uploads/2013/05/Security_Foundation_Requirements_for_SDN_Controllers.pdf