Project is directed at the security issues in Software-Defined Networking (SDN) where the control and

data “planes” are separated. If I have understood the proposal correctly SDN offers network

administration advantages; however, by separating control and data, the control layer becomes

vulnerable to security attacks, particularly Distributed Denial of Service (DDoS) attacks (not sure why

this should be the case, but OK).

The proposed PhD programme of work seeks to address this issue.

The research question is:

What is the role of SDN in the defence against DDoS attacks.

I don’t think this is expressed correctly, I don’t think SDN has a “role” in the defence against DDoS

attacks. I think the research question is something like “How can DDoS attacks be best mitigated against

in the context of SDN”.

A number of issues are identified associated with the resolution of the research question; OK, but no

hints are given as to how they might be addressed.

Although elements of the proposal are unclear I believe there is sufficient research content and

“application novelty” for a PhD. However, I was unclear as to the “technical novelty” of any proposed

solution. Indeed, looking at the programme of work, there does not seem to be anything new that is

being proposed (but see comments on research plan below).

The research plan includes deliverable s of various kinds, but I would have liked to have seen some

planned academic papers.

Feedback on the timescales and planning, including any constructive comments on how it could

be modified.

The PhD programme plan seems feasible, although I have some concerns, which might have arisen out of the way

the research plan is presented.

My main concern is that there are a lot of Work Packages (WPs) directed at reviewing existing work. In fact

Phases 1 to 5, November 2015 to February 2018 (more two years of the available time), are directed at reviews of

various sorts. When does the original/novel work happen?

Phase 6, “Doing experimental work” (Think we need more academic/scientific title) is directed at evaluating

previous work. Again, where is the new work undertaken?

Almost three years into the research, in WP 6.3, the student intends to prepare and send questionnaires to

organisations, this seems very late. Also I doubt many organisation would be prepared to divulge the security

challenges they face as they would not like their customers to think the have any security challenges.

The project plan dose not include a thesis writing WP, when is this going to happen?

Any other issues?

The use of English in the proposal is very poor, which is a cause for concern. The student should take

every opportunity to practice writing technical reports to support the research work

The student should decide how to write SDN, in the proposal it is written in three different ways!:

1) Software define networking

2) Software defined networking

3) Software-defined networking

The document uses the phrase (para 3) “The above research” but no research is presented “above”.