Software Defined Network (SDN) is a new network architecture based on centralized management that configures a network in real time through a controller. In this paper, we analyze the vulnerability of an SDN security system in the midst of a DDoS attack. We regard an existing security mechanism, which employs a trust value and entropy computed by client's access behaviors, as a security mechanism of a controller. We analyze this security system using the STRIDE threat model. In addition, suggestions when designing a secure application for an SDN will be discussed in this paper.
展开▼