SDN Security What’s done, what’s...
Transcript of SDN Security What’s done, what’s...
SDN Security – What’s done, what’s next? ITC Meeting, Paris, May 2017 Sandra Scott-Hayward
A Global Innovation Hub for Cyber Security
A Global Innovation Hub for Cyber Security
Bio – Dr. Sandra Scott-Hayward, CEng CISSP CEH OCSA
Lecturer – Network Security, Queen’s University Belfast • Open Networking Foundation (ONF) Research Associate
• Vice-Chair, ONF Security WG
• Project Leader, OSSDN Project Delta
• MEF Research Associate
A Global Innovation Hub for Cyber Security
Solutions to Security Issues
S. Scott-Hayward, S. Natarajan, S. Sezer, ‘A Survey of Security in Software Defined Networks’, IEEE Communications Surveys & Tutorials, 2015.
A Global Innovation Hub for Cyber Security
ETSI NFV Security Working Group Work Item Rapporteur Completed
SEC001 “NFV Security problem statement” Bob Briscoe, BT (Oct. 2014)
SEC002 “Openstack security” Huilan Lu, Alcatel-Lucent (Aug. 2015)
SEC003 “NFV Security and Trust Guidelines” Mike Bursell, Intel; Kurt Roemer, Citrix (Dec. 2014)
SEC004 “Lawful interception report” Scott Cadzow, Cadzow Limited (Sept. 2015)
SEC005 “Certificate management report” Marcus Wong, Huawei Early Draft (Sept. 2016)
SEC006 “Security & regulation report” Scott Cadzow, Cadzow Limited (Apr. 2016)
SEC007 “NFV attestation report” Diego Lopez, Telefonica Early Draft (May 2017)
SEC008 “Security monitoring report” Ashutosh Dutta, AT&T; Kapil Sood, Intel
SEC009 “Use cases for multi-layer host administration” Mike Bursell, Intel (Dec. 2015)
SEC010 “NFV retained data” Mark Shepherd, Tencastle (Apr. 2016)
SEC011 “Lawful interception architecture report” Alex Leadbeater, BT Early Draft (July 2016)
SEC012 “Architecture for sensitive components” Mike Bursell, Intel (Jan. 2017)
SEC013 “Security management & monitoring specification” Ashutosh Dutta, AT&T
SEC014 “MANO security specification” Pradheepkumar Singaravelu, NEC (Feb. 2017)
SEC015 “Security spec. for other MANO reference points” Pradheepkumar Singaravelu, NEC Start of Work (Oct. 2016)
SEC016 “Report on location, timestamping of VNFs” Pierre Courbon, Ministry of the Economy, France Early Draft (May 2017)
A Global Innovation Hub for Cyber Security
… and now?
• ONF Northbound Interface (NBI) Security
• MEF LSO Security
• OSSDN Delta Project – ONOS Security
• Research …
A Global Innovation Hub for Cyber Security
Links
CSIT SDN Security Research
http://www.qub.ac.uk/sites/CSIT/Research/ResearchGroups/NetworkSecuritySystems/SoftwareDefinedNetworkSecurity/
OSSDN Delta Project
http://opensourcesdn.org/projects/project-delta-sdn-security-evaluation-framework/
https://github.com/OpenNetworkingFoundation/delta
Open Networking Foundation Security Working Group. https://www.opennetworking.org/technical-communities/areas/services
ETSI ISG Network Functions Virtualization Security Expert Group http://www.etsi.org/technologies-clusters/technologies/nfv