CSPCR: Cloud Security, Privacy and Compliance Readiness - A Trustworthy Framework

The privacy, handling, management and security of information in a cloud environment are complex and tedious tasks to achieve. With minimum investment and reduced cost of operations an organization can avail and apply the benefits of cloud computing into its business. This computing paradigm is based upon a pay as per your usage model. Moreover, security, privacy, compliance, risk management and service level agreement are critical issues in cloud computing environment. In fact, there is dire need of a model which can tackle and handle all the security and privacy issues. Therefore, we suggest a CSPCR model for evaluating the preparation of an organization to handle or to counter the threats, hazards in cloud computing environment. CSPCR discusses rules and regulations which are considered as pre-requisites in migrating or shifting to cloud computing services

Security Threats in Software Defined Mobile Clouds (SDMC)

Future Internet comprises of emerging ICT mega-trends (e.g., mobile, social, cloud, and big data) commands new challenges like ubiquitous accessibility, high bandwidth, and dynamic management to meet the data tsunami requirements. In the recent years, the rapid growth of smartphone business is highly evidenced due to its versatile usage irrespective of location, personality or context. Despite of increased smartphone usage, exploiting its full potential becomes very difficult owing to its typical issues such as resource scarcity, mobility and more prominently the security. Software Defined Networking (SDN), an emerging wireless network paradigm can make use of rich mobile cloud functionalities such as traffic management, load balancing, routing, and firewall configuration over physical abstraction of control planes from data planes. Hence SDN leads to a clear roadmap to Software Security control in Mobile Clouds (SDMC). Further it can be extended to a level of Security prevention. To address in this direction, this paper surveys the relevant backgrounds of the existing state-of-art works to come up with all possible SDMC threats and its countermeasures

A review of solutions for SDN-Exclusive security issues

Software Defined Networking is a paradigm still in its emergent stages in the realm of production-scale networks. Centralisation of network control introduces a new level of flexibility for network administrators and programmers. Security is a huge factor contributing to consumer resistance to implementation of SDN architecture. Without addressing the issues inherent from SDNs centralised nature, the benefits in performance and network configurative flexibility cannot be harnessed. This paper explores key threats posed to SDN environments and comparatively analyses some of the mechanisms proposed as mitigations against these threats – it also provides some insight into the future works which would enable a securer SDN architecture.

Software Technology Maturation and Software Security

Software technology maturation, also referred to as technology transfer, is as difficult as it is rare, mostly because of the time scale involved. Software maturation is defined as the process of taking a piece of technology from conception to popularization. Frequently, software engineers and developers tend to oversimplify the problems of technology transfer. They attribute problems to management pressures that complicate the use of software-engineering practices. However, a good understanding of the processes and problems is necessary to effectively tackle the technology-transfer problem. Without that understanding, the transfer of inappropriate technology to an organization without the maturity to understand and absorb it is likely to do harm, rather than to bring benefits. This research aims to answer two research questions regarding the technology maturation. Namely, is Redwine and Riddle's "Software Technology Maturation" study the accepted and gold standard within the software engineering discipline for assessing the maturation of software technology? Secondly, can the software technology maturation study be applied to other areas of software technology? The purpose of this research is to answer these questions of interest which will serve as the basis for the second implementation; applying the Redwine and Riddle criteria to the comparatively young discipline of software security. The primary goal for the second implementation is to explore and extend the second research question and demonstrate the maturity phases for the field of software security

Software-Defined Networking Security: Pros and Cons

Software-Defined Networking (SDN) is a new networking paradigm that decouples the forwarding and control planes— traditionally being coupled with one another—while adopting a logically centralized architecture aiming to increase network agility and programability. While many efforts are currently being made to standardize this emerging paradigm, careful attentions need to be paid to security at this early design stage too, rather than waiting until the technology becomes mature, thereby potentially avoiding previous pitfalls made when designing the Internet in the 80’s. This article focuses on the security aspects of SDN networks. We begin by discussing the new security pros that SDN brings and by showing how some of the long-lasting issues in network security can be addressed by exploiting SDN capabilities. Then, we describe the new security threats that SDN is faced with and discuss possible techniques that can be used to prevent and mitigate such threats.©2015 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works. This is an author's peer-reviewed final manuscript, as accepted by the publisher. The published article is copyrighted by IEEE - Institute of Electrical and Electronics Engineers and can be found at: http://www.comsoc.org/comma

ETDP: enhanced topology discovery protocol for software-defined networks

Discovering network elements in a dynamic and optimized manner and being able to contend with ever-growing traffic is a key requirement for current networking environments. In software-defined networks (SDNs), the controller collects the topology information from the data plane and maintains an abstract view of the entire network, which is crucial for the proper functioning of applications and network services. However, there is still the need for an enhanced protocol for automatic discovery and mechanisms of autoconfiguration of network elements according to new policies and business requirements. To overcome this challenge, this paper presents a novel protocol that, unlike existing approaches, enables a distributed layer-2 discovery without the need for previous network configurations or controller knowledge of the network. By using this mechanism, the SDN controller can discover the network view without incurring scalability issues, while taking advantage of the shortest control paths toward each switch. The obtained results show that our enhanced protocol is efficient in terms of time and message load over a wide range of generated networks and outperforms the state-of-the-art techniques.Peer ReviewedPostprint (published version

Secure Monitoring of Patients With Wandering Behavior in Hospital Environments

Today there is considerable interest for making use of the latest technological advancements for several healthcare applications. However, there are several challenges for making use of different technologies for healthcare applications. In particular, there is a need to ensure that the healthcare related services receive priority during events, such as legitimate failures of devices, congestion, and attacks in the networks. In this paper, we discuss some of the requirements for making use of technology for healthcare applications and propose techniques for secure monitoring of patients with wandering behavior in a hospital or elderly care environment. One of the aims of our work is to use technology for secure monitoring of patients with wandering behavior to keep them away from danger, or detect if the behavior of the patient violates the policies of the hospital, or even violates privacy policies of other patients. Our approach makes use of software defined networking (SDN), Wireless LAN (WLAN), and wearable devices for the patients. Our approach incurs low cost since WLAN is widely deployed. However, there are some challenges for making use of WLAN for monitoring dementia patients, since it is primarily used for accessing the Internet and its open nature is vulnerable to different types of security attacks. Hence we make use of SDN to solve some of these challenges and provide priority for the monitoring services. We have developed a security application for an SDN controller that can be used to enforce fine granular policies for communication between the hosts, real time location tracking of the patients, and deal with attacks on the hospital networks. The policy-based security enforcement helps to differentiate healthcare related traffic from other traffic and provide priority to the healthcare traffic. The real time location tracking detects wandering by patients and if necessary can raise alarms to the staff. The attack detection component makes use of attack signatures and behavior-based intrusion detection to deal with attacks on hospital networks. We will also present the prototype implementation of our model using ONOS SDN controller and OpenFlow Access Points

Validating User Flows to Protect Software Defined Network Environments

Software Defined Network is a promising network paradigm which has led to several security threats in SDN applications that involve user flows, switches, and controllers in the network. Threats as spoofing, tampering, information disclosure, Denial of Service, flow table overloading, and so on have been addressed by many researchers. In this paper, we present novel SDN design to solve three security threats: flow table overloading is solved by constructing a star topology-based architecture, unsupervised hashing method mitigates link spoofing attack, and fuzzy classifier combined with L1-ELM running on a neural network for isolating anomaly packets from normal packets. For effective flow migration Discrete-Time Finite-State Markov Chain model is applied. Extensive simulations using OMNeT++ demonstrate the performance of our proposed approach, which is better at preserving holding time than are other state-of-the-art works from the literature

Resilience support in software-defined networking:a survey

Software-defined networking (SDN) is an architecture for computer networking that provides a clear separation between network control functions and forwarding operations. The abstractions supported by this architecture are intended to simplify the implementation of several tasks that are critical to network operation, such as routing and network management. Computer networks have an increasingly important societal role, requiring them to be resilient to a range of challenges. Previously, research into network resilience has focused on the mitigation of several types of challenges, such as natural disasters and attacks. Capitalizing on its benefits, including increased programmability and a clearer separation of concerns, significant attention has recently focused on the development of resilience mechanisms that use software-defined networking approaches. In this article, we present a survey that provides a structured overview of the resilience support that currently exists in this important area. We categorize the most recent research on this topic with respect to a number of resilience disciplines. Additionally, we discuss the lessons learned from this investigation, highlight the main challenges faced by SDNs moving forward, and outline the research trends in terms of solutions to mitigate these challenges