The importance of cloud computing has grown over the last years, which resulted in a significant increase of Data Center (DC) network requirements. Virtualisation is one of the key drivers of that transformation and enables a massive deployment of computing resources, which exhausts server capacity limits. Furthermore, the increased network endpoints need to be handled dynamically and centrally to facilitate cloud computing functionalities. Traditional DCs barely satisfy those demands because of their inherent limitations based on the network topology. Software-Defined Networks (SDN) promise to meet the increasing network requirements for cloud applications by decoupling control functionalities from data forwarding. Although SDN solutions add more flexibility to DC networks, they also pose new vulnerabilities with a high impact due to the centralised architecture. In this paper we propose an evaluation framework for assessing the security level of SDN architectures in four different stages. Furthermore, we show in an experimental study, how the framework can be used for mapping SDN threats with associated vulnerabilities and necessary mitigations in conjunction with risk and impact classification. The proposed framework helps administrators to evaluate the network security level, to apply countermeasures for identified SDN threats, and to meet the networks security requirements.

翻译：近年来，云计算的重要性不断增长，导致数据中心网络需求显著提升。虚拟化是实现这一转型的关键驱动力之一，它使得计算资源的大规模部署成为可能，从而耗尽了服务器的容量极限。此外，为了支持云计算功能，需要以动态且集中的方式管理不断增长的网络端点。传统数据中心因其基于网络拓扑的固有局限性，难以满足这些需求。软件定义网络通过将控制功能与数据转发解耦，有望满足云应用日益增长的网络需求。尽管软件定义网络解决方案为数据中心网络增添了更多灵活性，但由于其集中式架构，也带来了具有高影响力的新型漏洞。本文提出了一种评估框架，用于在四个不同阶段评估软件定义网络架构的安全等级。此外，我们通过实验研究展示了该框架如何结合风险与影响分类，将软件定义网络威胁与相关漏洞及必要缓解措施进行映射。该框架有助于管理员评估网络安全等级、针对已识别的软件定义网络威胁实施应对措施，并满足网络的各项安全需求。