Improving the security of exposed safety critical systems using SDN

Sammanfattning: The purpose of this thesis is to study if software defined networks (SDN) can function as a second layer of defence in safety critical sensor networks. SDNs are controlled and topologically defined by a logically centralised control unit. The centralised control logic makes it possible to control the behaviour of the network, and react to network events. In this thesis we examine if and how SDNs can be used to isolate a compromised host from the network. As the intended use case requires galvanic isolation of the devices we test and find that the solution is compatible with the use of media converters and optic fibre. We evaluate the security of SDNs compared to traditional networks and implement a proof of concept using the OpenFlow protocol and Open vSwitch. We find that SDNs could be used to isolate compromised hosts and provide security benefits, but the uncovered method is too immature to be used in a safety critical network.