Requirement Analysis for Abstracting Security in Software Defined Network

Software Defined Network(SDN) decouples the control plane from the data plane. The aim of this decoupling in SDN helps to create an open programmable network. Programmability offers the capability to write custom network modules i.e. topology discovery, switching, routing, traffic monitoring, access control, etc. Building SDN applications in the primary controller(i.e. Pox, Opendaylight, etc.) configuration is tedious due to low-level programming. The programmability in SDN not only allows flexibility in network management but also introduce new security holes. Indeed the researchers have proposed several abstractions for network management, but we believe the similar abstractions for security is needed to realize the holistic view of SDN fully. In this paper, we review the existing programming model and available abstractions for SDN and show the need for a new security abstraction through an example. We determine that existing abstractions lack the expressiveness for security measures precisely. So there is a need for abstractions which can express the threat detection, mitigation or even prevention by analyzing huge number of logs and can classify them into groups based on their intent.