ABSTRACT
Software-defined networks (SDN) introduce a revolutionary communications model. SDN architecture decouples the control and forward planes. The network logic is relocated in a new layer named network controller. This model promotes such features as centralization and network programmability. These features pave the way for security solutions innovations. Contradictorily, centralization and programmability have significant impacts on security that deter the full release of SDN capabilities. In this chapter, we investigate the various opportunities introduced by the SDN model to enhance network security. We study SDN security solutions for policy enforcement and verification. Also, we explore the application of SDN in network intrusion detection. Moreover, this chapter questions the security challenges related to the novel architecture. The study focuses on new threats associated with the controller plane and the southbound dominant protocol, OpenFlow. Lastly, we highlight several SDN security tools and categorize those tools according to their solution domains.
