The (In)Security of Virtualization in Software Defined Networks

Software Defined Networking (SDN) is a new networking paradigm with the promise to increase simplicity and efficiency in network management through the separation of control functions from the forwarding functions. In SDN, the control functions are softwarized and logically placed in a centralized entity, i.e. the SDN controller. Network virtualization is one of the key features enabled and facilitated by the SDN, and it allows multiple virtual networks and the SDN controllers to share the same physical network infrastructure. This paper discusses the security of virtualization in the SDN, and it highlights and demonstrates critical vulnerabilities of key network hypervisors used in the SDN. In particular, the paper demonstrates how the isolation of different virtual networks can be broken, and enabling different types of attacks. Finally, the paper discusses the potential impact of these vulnerabilities and points to mitigation approaches.