Extending Software Defined Networking to End User Devices

Mobile device computing and networking abilities are rapidly evolving. Software defined networking (SDN) is an emerging technology that can be deployed on mobile devices to support new use cases. This paper presents a generalized architecture for mobile SDN switching whose SDN controllers may be located in the mobile device operating system (OS), service provider networks and/or enterprise data centers. Mobile device SDN opens many beneficial use cases, but may also expose security vulnerabilities which must be addressed. The benefits include enhanced user experiences through data path and application security, and improved network security through malware detection and isolation. However, new potential vulnerabilities may also arise from this SDN software (which changes the mobile device attack surface). Mitigations for these vulnerabilities are discussed.