Software Defined Networking (SDN) is a modern approach to computer networks that involves the separation of the control and forwarding planes. Using this approach, control is achieved through the use of an SDN controller, which enables the delivery of far more intelligent, efficient and resilient networks.

Whilst the use of an SDN controller offers many potential benefits, the centralisation of network control introduces a single point of failure - if the SDN controller develops a fault, or is under attack, then the network can be severely disrupted. From a security perspective, the SDN controller represents a tempting target for an attacker - if the attacker can gain control over the controller then they can act as a malicious insider, gaining control over the operation of the whole network. The actions of a compromised SDN controller can be seen as an occurrence of byzantine (or arbitrary) faults. By introducing a byzantine fault tolerant (BFT) element to the control plane, insider attacks can be prevented.



This thesis explores the impact of a compromised SDN controller, and provides a defence called SDBFT: Software Defined Byzantine Fault prevenTing control. I reduce fault tolerance to fault preventing, which means fault detecting with recovery. SDBFT prevents a compromised SDN controller from performing malicious actions in a network. Within this thesis, I first analyse and demonstrate a number of attacks that can be performed from a compromised controller, including an exploration of the impact of such attacks on a real-world scenario involving Industrial Control Systems (ICS). I then propose, implement and evaluate the SDBFT system, using novel algorithms that are able to protect against faulty controllers. I demonstrate through extensive experimentation that the SDBFT system far outperforms approaches built upon a traditional BFT model, and only represents a modest reduction in controller performance compared to the traditional SDN architecture.