Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Software Security in Software-Defined Networking: A Systematic Literature Review

Moustapha Awwalou Diouf, Samuel Ouya, Jacques Klein, Tegawendé F. Bissyandé

TL;DR

This work addresses the software-security dimension of Software-Defined Networking (SDN), where centralized controllers and programmable APIs expand the attack surface. Using a systematic literature review, the authors analyze 58-60 primary publications to map vulnerability types, testing/analysis methodologies, and mitigation efforts, culminating in a four-dimensional taxonomy (Objectives, Targets, Methodology, Representations). Key findings show a predominant focus on vulnerability detection, with the SDN controller as the primary target, and a strong emphasis on static analysis, fuzzing, and model checking as testing strategies. The study highlights gaps in vulnerability localization and remediation, and proposes future directions including AI-enhanced fuzzing and more flexible vulnerability-analysis tools to strengthen SDN software security. Overall, the paper provides a comprehensive, data-driven foundation for advancing SDN software security research and practice, with practical implications for benchmarking, tooling, and policy design.

Abstract

Software-defined networking (SDN) has shifted network management by decoupling the data and control planes. This enables programmatic control via software applications using open APIs. SDN's programmability has fueled its popularity but may have opened issues extending the attack surface by introducing vulnerable software. Therefore, the research community needs to have a deep and broad understanding of the risks posed by SDN to propose mitigating measures. The literature, however, lacks a comprehensive review of the current state of research in this direction. This paper addresses this gap by providing a comprehensive overview of the state-of-the-art research in SDN security focusing on the software (i.e., the controller, APIs, applications) part. We systematically reviewed 58 relevant publications to analyze trends, identify key testing and analysis methodologies, and categorize studied vulnerabilities. We further explore areas where the research community can make significant contributions. This work offers the most extensive and in-depth analysis of SDN software security to date.

Software Security in Software-Defined Networking: A Systematic Literature Review

TL;DR

This work addresses the software-security dimension of Software-Defined Networking (SDN), where centralized controllers and programmable APIs expand the attack surface. Using a systematic literature review, the authors analyze 58-60 primary publications to map vulnerability types, testing/analysis methodologies, and mitigation efforts, culminating in a four-dimensional taxonomy (Objectives, Targets, Methodology, Representations). Key findings show a predominant focus on vulnerability detection, with the SDN controller as the primary target, and a strong emphasis on static analysis, fuzzing, and model checking as testing strategies. The study highlights gaps in vulnerability localization and remediation, and proposes future directions including AI-enhanced fuzzing and more flexible vulnerability-analysis tools to strengthen SDN software security. Overall, the paper provides a comprehensive, data-driven foundation for advancing SDN software security research and practice, with practical implications for benchmarking, tooling, and policy design.

Abstract

Software-defined networking (SDN) has shifted network management by decoupling the data and control planes. This enables programmatic control via software applications using open APIs. SDN's programmability has fueled its popularity but may have opened issues extending the attack surface by introducing vulnerable software. Therefore, the research community needs to have a deep and broad understanding of the risks posed by SDN to propose mitigating measures. The literature, however, lacks a comprehensive review of the current state of research in this direction. This paper addresses this gap by providing a comprehensive overview of the state-of-the-art research in SDN security focusing on the software (i.e., the controller, APIs, applications) part. We systematically reviewed 58 relevant publications to analyze trends, identify key testing and analysis methodologies, and categorize studied vulnerabilities. We further explore areas where the research community can make significant contributions. This work offers the most extensive and in-depth analysis of SDN software security to date.

Paper Structure

This paper contains 60 sections, 8 figures, 7 tables.

Table of Contents

  1. Introduction
  2. Background software-defined networking
  3. Control Plane (CP)
  4. Application Plane (AP)
  5. Data Plane (DP)
  6. Application Programming Interfaces (APIs)
  7. Methodology
  8. Research Question
  9. Construct research a query
  10. Exclusion and Inclusion Criteria
  11. Snowballing
  12. Quality Assessment
  13. Data Extraction
  14. Final primary publications selection
  15. Data Availability Our repository containing the data for our SLR can be found at https://github.com/moustaphaeh/software_security_in_sdn.git.
  16. ...and 45 more sections

Figures (8)

  • Figure 1: A typical SDN architecture.
  • Figure 2: Summary of our SLR process.
  • Figure 3: Taxonomy on Security of SDN Software.
  • Figure 4: Taxonomy of SDN software vulnerabilities
  • Figure 5: The trend of objectives research
  • ...and 3 more figures