Oh joy
So in order to secure against a breech you have to cripple performance?
Software-defined networking (SDN) controllers respond to network conditions by pushing new flow rules to switches. And that, say Italian researchers, creates an unexpected security problem. The researchers were able to persuade their SDN environment to leak information that sysadmins probably don't want out in public, …
Unfortunately, yes. Efficient code by its very nature leaves tells. The only way to remove the tells is to drop fake tells, which ruins your efficiency. It's one reason privacy-oriented networks perform so poorly; there's simply no way around it.
I'll give an analogue. How do you avoid being tracked if there's only one way in or out of your neighborhood (meaning disguises won't work)? The only way left is to use dupes to confuse your pursuers (that's what Harry Potter was forced to use in Deathly Hallows if you'll recall).
Well, it's a tradeoff. People demand BOTH performance AND security not realizing the two often CLASH. You have to pick your poison. You can either have (a) INsecure but efficient networking, (b) secure but INefficient networking, or (c) the worst of both worlds, INsecure INefficient networking. Sorry, no unicorns here.
Seems like a bit of a beat up. If you leave your debug API open to the world you can expect everyone to come take a look. Nothing about SDN says you have to make debug APIs globally accessible just like nothing about BGP says you have to peer with everyone.
As Executive Director of the Open Networking Foundation, I found the article and your posting drawing my considerable attention. (I am still learning to speak British.) We agree that the transmission of any data or control traffic across any open and unsecured communication path in any network is vulnerable; consequently, we recommend securing the control traffic in all SDN environments. Given that, we maintain that SDN brings notable benefits to network security. I have shared the article and your posting with our Security Working Group, and Vice Chair Dr. Sandra Scott-Hayward has published her response to it on our blog today. I encourage your readers to check it out: https://www.opennetworking.org/?p=2402&option=com_wordpress&Itemid=316.