Towards infrastructure based software defined security
Any nation’s well-being relies upon secure and resilient critical infrastructure. Present day critical infrastructures are now increasingly exposed to cyber risks, which stem from growing integration of information and communications technologies such as Ethernet. Most existing security solutions can no longer contain ongoing cyber threats because the networked infrastructure systems were built to operate in static network configurations. These types of systems may give an attacker enough time to study specific system vulnerability, probe the network, collect network information and then launch an attack. Software-defined networking (SDN) is an approach to computer networking that allows control and forwarding elements in the network to be disassociated, allowing for a range of considerably more flexible and effective network management and threat mitigation solutions. In this dissertation, Software Defined Networks (SDN) is used to address security in two critical infrastructures; cloud infrastructures and smart grid infrastructures. Virtual Machine (VM) migration is the key player in Moving Target Defense (MTD) security in cloud infrastructures. To enhance the use of VM migrations as a security mechanism, this research explores to know the cost of VM Migrations in cloud infrastructures. This work addresses the cost of VM Migrations with Software Defined Networking (SDN) principles in a data center testbed characterized by wide-area network dynamics and realistic traffic scenarios. The results show that knowing the cost of VM Migration on the network ensures a successful VM Migration and improves the performance of competing flows in the network. Regarding to security in smart grid infrastructures, the dissertation quantitatively assesses security risks in smart grids in the perspectives of both the defender and the attacker. An existing security quantification model is improved to include criticality of every smart grid component. SDN principles together with the improved security quantification model are used to address DoS attacks (link flood attacks) in a smart grid environment. The results show that using SDN relieves the network of link flood threats, hence improving the performance of IEC 61850 applications, making them IEC 61850 time compliant.
Computer Engineering|Information Technology
"Towards infrastructure based software defined security"
ETD Collection for Tennessee State University.