Evolving Network Security in the Era of Network Programmability

Software-defined networking (SDN) is a centralized network architecture enabling dynamic, programmable, and flexible network management, which advances technologies like network security.However, it also introduces new vulnerabilities due to the segregation of data, control, and application planes, creating additional attack surfaces and security gaps from the increased complexity of programmability, flexibility, and scalability.To empower network security with SDN, we develop a coordinated sampling strategy using P4 programming for adaptive network monitoring.Additionally, we uncover a flow entry-induced topology poisoning attack to highlight security gaps from unplanned module integration.Finally, we propose to fortify the SDN control plane by generalizing SDN security policies and fuzzing it to uncover unknown vulnerabilities.