skip to main content


Title: Teaching SDN Security Using Hands-on Labs in CloudLab
Software-Defined Networking (SDN) represents a major transition from traditional hardware-based networks to programmable software-based networks. While SDN brings visibility, elasticity, flexibility, and scalability, it also presents security challenges. This paper describes some of the hands-on labs we developed for teaching SDN security using the CloudLab platform. The hands-on labs have been used in a graduate level course on SDN/NFV related technologies. Our teaching experience of the hands-on labs is discussed. The hands-on labs can be adopted by other instructors to teach SDN security.  more » « less
Award ID(s):
1723804
PAR ID:
10205622
Author(s) / Creator(s):
; ; ; ;
Date Published:
Journal Name:
Journal of the Colloquium for Information System Security Education
Volume:
7
Issue:
1
ISSN:
2641-4546
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. Software-Defined Networking (SDN) has been changing inflexible networks in software-based programmable networks for more flexibility, scalability, and visibility into networking. At the same time, it brings many new security challenges, but there are very few educational materials for students in learning about SDN security. In this workshop, we present our newly designed SDN security education materials, which can be used to meet the ever-increasing demand for high-quality cybersecurity professionals with expertise in SDN security. For effective hands-on learning, the security labs are designed in CloudLab, a free open cloud platform supported by NSF. Participants receive handouts describing security problems, lab instructions, techniques to use CloudLab, and worksheets for Q&A, which can be directly used for their networking classes at their home institutions. The workshop proceeds in three sessions in which we: present the way to use CloudLab and to understand SDN; practice in simulating three networking attacks in SDN on CloudLab; and discussion and critique in small groups for new SDN security labs. 
    more » « less
  2. Software-Defined Networking (SDN) represents a major shift from ossified hardware-based networks to programmable software-based networks. It introduces significant granularity, visibility, and flexibility into networking, but at the same time brings new security challenges. Although the research community is making progress in addressing both the opportunities in SDN and the accompanying security challenges, very few educational materials have been designed to incorporate the latest research results and engage students in learning about SDN security. In this paper, we presents our newly designed SDN security education materials, which can be used to meet the ever-increasing demand for high quality cybersecurity professionals with expertise in SDN security. The designed security education materials incorporate the latest research results in SDN security and are integrated into CloudLab, an open cloud platform, for effective hands-on learning. Through a user study, we demonstrate that students have a better understanding of SDN security after participating in these well-designed CloudLab-based security labs, and they also acquired strong research interests in SDN security. 
    more » « less
  3. Abstract

    Nowadays, real‐world learning modules become vital components in computer science and engineering in general and cybersecurity in particular. However, as student enrollments have been dramatically increasing, it becomes more challenging for a university/college to keep up with the quality of education that offers hands‐on experiment training for students thoroughly. These challenges include the difficulty of providing sufficient computing resources and keep them upgraded for the increasing number of students. In order for higher education institutions to conquer such challenges, some educators introduce an alternative solution. Namely, they develop and deploy virtual lab experiments on the clouds such as Amazon AWS and the Global Environment for Network Innovations (GENI), where students can remotely access virtual resources for lab experiments. Besides, Software‐Defined Networks (SDN) are an emerging networking technology to enhance the security and performance of networked communications with simple management. In this article, we present our efforts to develop learning modules via an efficient deployment of SDN on GENI for computer networking and security education. Specifically, we first give our design methodology of the proposed learning modules, and then detail the implementations of the learning modules by starting from user account creation on the GENI testbed to advanced experimental GENI‐enabled SDN labs. It is worth pointing out that in order to accommodate students with different backgrounds and knowledge levels, we consider the varying difficulty levels of learning modules in our design. Finally, student assessment over these pedagogical efforts is discussed to demonstrate the efficiency of the proposed learning modules.

     
    more » « less
  4. null (Ed.)
    Wireless infrastructure is steadily evolving into wireless access for all humans and most devices, from 5G to Internet-of-Things. This widespread access creates the expectation of custom and adaptive services from the personal network to the backbone network. In addition, challenges of scale and interoperability exist across networks, applications and services, requiring an effective wireless network management infrastructure. For this reason Software-Defined Networks (SDN) have become an attractive research area for wireless and mobile systems. SDN can respond to sporadic topology issues such as dropped packets, message latency, and/or conflicting resource management, to improved collaboration between mobile access points, reduced interference and increased security options. Until recently, the main focus on wireless SDN has been a more centralized approach, which has issues with scalability, fault tolerance, and security. In this work, we propose a state of the art WAM-SDN system for large-scale network management. We discuss requirements for large scale wireless distributed WAM-SDN and provide preliminary benchmarking and performance analysis based on our hybrid distributed and decentralized architecture. Keywords: software defined networks, controller optimization, resilience. 
    more » « less
  5. The emerging Internet of Things (IoT) has increased the complexity and difficulty of network administration. Fortunately, Software-Defined Networking (SDN) provides an easy and centralized approach to administer a large number of IoT devices and can greatly reduce the workload of network administrators. SDN-based implementation of networks, however,has also introduced new security concerns, such as increasing number of DDoS attacks. This paper introduces an easy and lightweight defense strategy against DDoS attacks on IoT devices in a SDN environment using Markov Decision Process (MDP)in which optimal policies regarding handling network flows are determined with the intention of preventing DDoS attacks. 
    more » « less