ESR (#9) - robust | resilient

[hubertdcruze]

The SDN Controller shall be robust and resilient to various types of attacks such as DoS, fuzzing, or HTTP based exploits.

[hubertdcruze]

Comments from TC meeting on Feb 8 · Consider testing methods and capabilities when developing these requirements · No "such as" examples as that can be perceived as explicit assignments · Don't use the word "prevent" instead use reduce the impact or mitigate the risk

[hubertdcruze]

Please see the below changes and let us know your comments. Please add or delete as you find appropriate.

1. The SDN Controller must demonstrate resilience and robustness against DoS (Denial of Service), Fuzzing attacks, and HTTP-based exploits.

2. The SDN Controller is required to be fortified and withstand attacks such as DoS (Denial of Service), Fuzzing, and exploits based on HTTP.

3. The SDN Controller should exhibit strong defense capabilities and maintain resilience in the face of DoS (Denial of Service), Fuzzing attacks, and HTTP-based vulnerabilities.

[destineeb]

Are these the only 3 types of attacks we are concerned with?.......I suggest "The SDN Controller must mitigate the risk of DoS (Denial of Service), Fuzzing attacks, and HTTP-based exploits.

[hubertdcruze]

No. Not really, since Cybersecurity threats come in various forms, including for this case but not limited to: Malware, MitM, DoS, SQL injection, 0-day exploit, APTs, etc.

[hubertdcruze]

The SDN Controllers needs to be designed and built in such a way that it can withstand and continue to operate effectively despite various cybersecurity threats or malicious activities. The requirement for high levels of robustness refers to the controller's ability to maintain its functionality and performance under stress or in the face of challenges. Resilience refers to its capability to quickly recover from attacks, ensuring minimal disruption to network operations. Together, these qualities ensure that the SDN Controller remains reliable and secure, protecting the network from potential harm or downtime caused by attacks.

[hubertdcruze]

Please let us know what do you think about this:

The SDN Controller requires design and construction that ensures it remains operational and effective amidst cybersecurity threats ranging from but not limited to Malware, MitM, DoS, SQL injection, APTs, Fuzzing attacks, and HTTP-based vulnerabilities with robustness to maintain performance under stress and resilience for rapid recovery from attacks, safeguarding network integrity and minimizing disruptions.

[pbelani]

I think this is ok but maybe a bit generic in sense, as these ultimately have to be testable so that is where the rubber will hit the road. I think its worth bouncing of the TC and other PP experts that more experience to get their take on the situation.