A Survey on Data Plane Security in Software-Defined Networks: Toward Adaptive Security of Data Planes
Software-Defined Networking (SDN) is the actual approach in the network design, based on separating the control and data plane. Such architectural model has brought improvements in terms of network monitoring, management and troubleshooting, but has also increased risks related to network security....
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/11020661/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849471000030216192 |
|---|---|
| author | Amina Tankovic Emir Dervisevic Miralem Mehic Enio Kaljic |
| author_facet | Amina Tankovic Emir Dervisevic Miralem Mehic Enio Kaljic |
| author_sort | Amina Tankovic |
| collection | DOAJ |
| description | Software-Defined Networking (SDN) is the actual approach in the network design, based on separating the control and data plane. Such architectural model has brought improvements in terms of network monitoring, management and troubleshooting, but has also increased risks related to network security. Security attacks can occur at all SDN layers and disrupt part or the entire network. Existing research is mostly focused on the security of the control plane, since it contains all control logic of SDN networks and thus represents their main part. Although the data plane has many vulnerabilities and can also be a significant source of security threats towards the control plane, it is only partially covered in existing research, without enough details related to differences between methods and implementation techniques which provide security enhancement. In this paper, we present a comprehensive survey on security of the data plane, focusing on the latest advanced solutions. The survey starts with an overview of attacks, threats and affected security attributes in the data plane, classified using common security models: STRIDE, CIA and AAA. After that, we present a detailed analysis of solutions explored in the literature, including the methods used for security enhancement, implementation techniques, experimental environments, their contributions in terms of vulnerabilities that they address, performance analysis and limitations. Through this analysis, we introduce the concept of adaptive security and select several mechanisms which can be used to achieve it. Additionally, we propose possible combinations of presented mechanisms to provide strong, comprehensive solution which should adapt to dynamics of network, attackers and users, and in that way protect the network from different threats and also satisfy the requirements of services which need different levels of security. |
| format | Article |
| id | doaj-art-cefa8d36248647ad848383b4e706a0b9 |
| institution | Kabale University |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-cefa8d36248647ad848383b4e706a0b92025-08-20T03:24:59ZengIEEEIEEE Access2169-35362025-01-0113970589709310.1109/ACCESS.2025.357549411020661A Survey on Data Plane Security in Software-Defined Networks: Toward Adaptive Security of Data PlanesAmina Tankovic0https://orcid.org/0000-0001-8570-8339Emir Dervisevic1https://orcid.org/0000-0002-7981-7739Miralem Mehic2https://orcid.org/0000-0003-2697-1756Enio Kaljic3https://orcid.org/0000-0003-1902-2608Department of Telecommunications, Faculty of Electrical Engineering, University of Sarajevo, Sarajevo, Bosnia and HerzegovinaDepartment of Telecommunications, Faculty of Electrical Engineering, University of Sarajevo, Sarajevo, Bosnia and HerzegovinaDepartment of Telecommunications, Faculty of Electrical Engineering, University of Sarajevo, Sarajevo, Bosnia and HerzegovinaDepartment of Telecommunications, Faculty of Electrical Engineering, University of Sarajevo, Sarajevo, Bosnia and HerzegovinaSoftware-Defined Networking (SDN) is the actual approach in the network design, based on separating the control and data plane. Such architectural model has brought improvements in terms of network monitoring, management and troubleshooting, but has also increased risks related to network security. Security attacks can occur at all SDN layers and disrupt part or the entire network. Existing research is mostly focused on the security of the control plane, since it contains all control logic of SDN networks and thus represents their main part. Although the data plane has many vulnerabilities and can also be a significant source of security threats towards the control plane, it is only partially covered in existing research, without enough details related to differences between methods and implementation techniques which provide security enhancement. In this paper, we present a comprehensive survey on security of the data plane, focusing on the latest advanced solutions. The survey starts with an overview of attacks, threats and affected security attributes in the data plane, classified using common security models: STRIDE, CIA and AAA. After that, we present a detailed analysis of solutions explored in the literature, including the methods used for security enhancement, implementation techniques, experimental environments, their contributions in terms of vulnerabilities that they address, performance analysis and limitations. Through this analysis, we introduce the concept of adaptive security and select several mechanisms which can be used to achieve it. Additionally, we propose possible combinations of presented mechanisms to provide strong, comprehensive solution which should adapt to dynamics of network, attackers and users, and in that way protect the network from different threats and also satisfy the requirements of services which need different levels of security.https://ieeexplore.ieee.org/document/11020661/Adaptivitydata planesecuritysoftware-defined networks |
| spellingShingle | Amina Tankovic Emir Dervisevic Miralem Mehic Enio Kaljic A Survey on Data Plane Security in Software-Defined Networks: Toward Adaptive Security of Data Planes IEEE Access Adaptivity data plane security software-defined networks |
| title | A Survey on Data Plane Security in Software-Defined Networks: Toward Adaptive Security of Data Planes |
| title_full | A Survey on Data Plane Security in Software-Defined Networks: Toward Adaptive Security of Data Planes |
| title_fullStr | A Survey on Data Plane Security in Software-Defined Networks: Toward Adaptive Security of Data Planes |
| title_full_unstemmed | A Survey on Data Plane Security in Software-Defined Networks: Toward Adaptive Security of Data Planes |
| title_short | A Survey on Data Plane Security in Software-Defined Networks: Toward Adaptive Security of Data Planes |
| title_sort | survey on data plane security in software defined networks toward adaptive security of data planes |
| topic | Adaptivity data plane security software-defined networks |
| url | https://ieeexplore.ieee.org/document/11020661/ |
| work_keys_str_mv | AT aminatankovic asurveyondataplanesecurityinsoftwaredefinednetworkstowardadaptivesecurityofdataplanes AT emirdervisevic asurveyondataplanesecurityinsoftwaredefinednetworkstowardadaptivesecurityofdataplanes AT miralemmehic asurveyondataplanesecurityinsoftwaredefinednetworkstowardadaptivesecurityofdataplanes AT eniokaljic asurveyondataplanesecurityinsoftwaredefinednetworkstowardadaptivesecurityofdataplanes AT aminatankovic surveyondataplanesecurityinsoftwaredefinednetworkstowardadaptivesecurityofdataplanes AT emirdervisevic surveyondataplanesecurityinsoftwaredefinednetworkstowardadaptivesecurityofdataplanes AT miralemmehic surveyondataplanesecurityinsoftwaredefinednetworkstowardadaptivesecurityofdataplanes AT eniokaljic surveyondataplanesecurityinsoftwaredefinednetworkstowardadaptivesecurityofdataplanes |