Our mission is to conduct critical analyses of the security challenges that are posed by the SDN paradigm and embodied in the current OpenFlow specification.  We are actively working toward solutions to these core challenges, developing reference implementations of OpenFlow security features that can be integrated at all layers of the OpenFlow stack.


We also present reference implementations of advanced network  security defenses that utilize OpenFlow to introduce the next generation of network attack mitigation.  OpenFlow has some truly exciting potential to drive new innovations  in intelligent and dynamic network security defenses for future networks. In fact, long term OpenFlow could prove to be one of the more impactful  technologies to drive a variety of new network defense solutions.  

OpenFlowSec.org

Now Available: Our SDN Security Suite

 

Watch demonstration and experimentation videos of our various technologies

 




2021:


  1.   BottleNet: Hiding Network Bottlenecks Using SDN-Based Topology Deception, Jinwoo Kim, Jaehyun Nam,

   Seungsoo Lee, Vinod Yegneswaran, Phillip Porras and Seungwon Shin. In IEEE Transactions on Information

   Forensics and Security, vol. 16, pp. 3138-3153, 2021.


2020:


  1. A Comprehensive Security Assessment Framework for Software-Defined Networks Seungsoo Lee, Jinwoo Kim,

   Seungwon Woo, Changhoon Yoon, Sandra Scott-Hayward, Vinod Yegneswaran, Phillip Porras, Seungwon Shin

   Computers & Security (COSE), 2020. ( pdf ) AudiSDN: Automated Detection of Network Policy Inconsistencies

   in Software-Defined Networks


  1. Seungsoo Lee, Seungwon Woo, Jinwoo Kim, Vinod Yegneswaran, Phillip Porras, Seungwon Shin

   Proceedings of IEEE Conference on Computer Communications (INFOCOM), 2020. ( pdf )


  1.   Congratulations to our colleague, Seungsoo Lee, who is now  an Assistant Professor at Incheon National University


  1.   Congratulations to our colleague, Seungwon Shin, who is now Corporate Vice President, Head of Security, at

   Samsung Electronics Corporation

     

    

2019:


  1. Coordinated Dataflow Protection for Ultra-High Bandwidth Science (SDMZ) Networks, Vasudevan Nagendra, 

   Vinod Yegneswaran, Phillip Porras, Samir R Das

  1. Proceedings of the 35th Annual Computer Security Applications Conference (ACSAC), 2019. ( pdf )

   Automated permission model generation for securing SDN control-plane,  Heedo Kang, Vinod Yegneswaran,

   Shalini Ghosh, Phillip Porras, Seungwon Shin IEEE Transactions on Information Forensics and Security, 2019



  1. DPX: Data-Plane eXtensions for SDN Security Service Instantion.  Taejune Park, YeonKeun Kim, Vinod Yegneswaran,

   Phillip Porras, Zhaoyan Xu, Kyougsoo Park, Seungwon Shin, Proceedings of SIG SIDAR Conference on Detection of

   Intrusions and Malware & Vulnerability Assessment (DIMVA), 2019. ( pdf )



  1. Operator-defined Reconfigurable Network OS for Software-Defined Networks.  Jaehyun Nam, Hyeonseong Jo,

   Yeonkeun Kim, Phillip Porras, Vinod Yegneswaran, Seungwon Shin. Proceedings of IEEE/ACM Transactions on

   Networking (ToN), 2019. ( pdf )


  1.   Congratulations toour  colleague, Jaehyun Nam, who is now Principle Scientist and Accuknox, Inc.


2018


  1. AEGIS: An Automated Permission Generation and Verification System for SDN. Heedo Kang, Seungwon Shin, Vinod

   Yegneswaran, Shalini Ghosh, Phil Porras,  Proceedings of the ACM SIGCOMM Workshop on Security in Softwarized

   Networks: Prospects and Challenges (SecSoN),2018.



  1. Barista: An Event-centric NOS Composition Framework for Software-Defined Networks. Jaehyun Nam, Hyeonseong Jo,

   Yeonkeun Kim, Phillip Porras, Vinod Yegneswaran, Seungwon Shin. Proceedings of IEEE Conference on Computer

   Communications (INFOCOM), March 2018.

  

  — software release (https://github.com/kloudmax/barista)


2017


  1. A Security-Mode for Carrier-Grade SDN Controllers. Changhoon Yoon, Seungwon Shin, Phillip Porras, 

  Vinod Yegneswaran, Heedo Kang, Martin Fong, Brian O'Connor, Thomas Vachuska.

  Proceedings of Annual Computer Security Application Conference (ACSAC), December 2017


 — highlight software release (?)



  1. Securing Ultra-High-Bandwidth Science DMZ Networks with Coordinated Situational Awareness.

   Vasudevan Nagendra, Vinod Yegneswaran, Phillip Porras. Proceedings of ACM SIGCOMM Workshop on Hot Topics

   in Networking (HotNets), November 2017 



  1. Bridging the Architectural Gap between NOS Design Principles in Software-Defined Networks (poster).

   Jaehyun Nam, Hyeonseong Jo, Yeonkeun Kim, Phillip Porras, Vinod Yegneswaran, Seungwon Shin.

   ACM Symposium on Cloud Computing, Santa Clara, CA, USA, September, 2017 



  1. Flow Wars: Systemizing the Attack Surface and Defenses in Software-Defined Networks.  Changhoon Yoon,

   Seungsoo Lee, Heedo Kang, Taejune Park, Seungwon Shin, Vinod Yegneswaran, Phillip Porras, Guofei Gu.

   IEEE/ACM Transactions on Networking (ToN) 2017



  1. Athena: A Framework for Scalable Anomaly Detection in Software-Defined Networks. Seunghyeon Lee, Jinwoo Kim,

   Seungwon Shin, Phillip Porras, Vinod Yegneswaran Proceedings of IEEE/IFIP International Conference on Dependable

   Systems and Networks (DSN), June 2017


      — software release (https://github.com/shlee89/athena)


  1. DELTA: A Security Assessment Framework for Software-Defined Networks. Seungsoo Lee, Changhoon Yoon, Chanhee Lee,

   Seungwon Shin, Vinod Yegneswaran, Phillip Porras. Proceedings of Network and Distributed System Security Symposium

   (NDSS), February 2017 


  — software release (https://github.com/seungsoo-lee/DELTA)


2016



  1. Barista: A Highly Composable NOS Brewing Framework for Software-Defined Networks (poster).

   Jaehyun Nam, Hyeonseong Jo, Yeonkeun Kim, Seungwon Shin, Phillip Porras, Vinod Yegneswaran.

   Proceedings of Usenix Annual Technical Conference, August 2016


2015:


  1. Securing the Software Defined Network Control Layer. Phillip Porras, Steven Cheung, Martin Fong, Keith Skinner,

   Vinod Yegneswaran. Proceedings of Network and Distributed System Security Symposium (NDSS), February 2015 



2014:


  1. Rosemary: A Robust, Secure, and High-Performance Network Operating System. Seungwon Shin, Yongoo Song, Taekyung Lee,

   Sangho Lee, Jaewoong Chung, Phil Porras, Vinod Yegneswaran, Jiseong Noh, Brent Byunghoon Kang. Proceedings of ACM

   Conference on Computer Communications Security (CCS), November 2014


  1. SDN security issues: How secure is the SDN stack  in SearchSDN TechTarget. February 2014

    <http://searchsdn.techtarget.com/news/2240214438/SDN-security-issues-How-secure-is-the-SDN-stack>

     /SearchSDN TechTarget. February 2014/


2013:


  1. Phil Porras invited to be Research Associate at ONF, focusing on SDN Security

   https://opennetworking.org/technical-communities/groups/research-associates-ja/phillip-porras-2-2/


  1. 1 Oct - Avant Guard: Scalable and Vigilant Switch Flow Management in Software Defined Networks (PDF), in  ACM CCS 2013, Nov 2013.


  1. 15 Sep - Seungwon Shin -  Now “Professor Seungwon Shin” of KAIST University, South Korea.  Congrats Seungwon!


  1. 9 Jun -  IEEE ICC 2013: Model Checking Invariant Security Properties in OpenFlow


  1. 17 Apr - ONS 2013 - We presented SE Floodlight on stage with BigSwitch at this year’s ONS conference


  1. 10 Apr - Seungwon Shin - our intrepid PhD candidate, is graduating and now seeking a full time position 


  1. 8 Apr - Tech Republic Interview - Software Defined Networking: How it affects security


  1. 26 Mar -  BigSwitch press release - Contributors and Partners Innovating Using Opensource SDN


  1. 12 Feb - SDN Central Interview regarding our NDSS FRESCO paper:  SDN Security - An Oxymoron?


  1. 10 Feb - NDSS 2013 Paper - FRESCO: Modular Composable Security Services for Software-Defined Networks


2012:


  1. 20 Dec - We gave an invited talk at DIMAC 2012 - New Killer Apps for Software Defined Networking?"


  1. 12 Aug - Sigcomm HotSDN Paper - A Security Enforcement Kernel for OpenFlow Networks


  1. 3 Jul - SDN Central Interview - Lack of Secure Controller Hurting  OpenFlow


  1. 27 Jun  - SDN Central Interview - Top Open Source SDN Projects to Keep Your Eyes On


  1. 2 March - Presentation SDN2012 Security Seminar Wrap-up

 

Tech and DownloadsTechnologies.html
Papers and PresentationsPublications.html

Technology descriptions and download links to our reference implementations of our various OpenFlow security technologies 

Links to our research papers, technical reports, and links and news articles about our OpenFlow security work

DemonstrationsDemo_Vids.html


Recent News and Activities