A Formalized Method for Assessing the Criticality of Infrastructure as Code Changes in Software-defined Networks
DOI:
https://doi.org/10.32515/2664-262X.2026.13(44).52-58Keywords:
software-defined networks, Infrastructure as Code, change criticality, classificationAbstract
The aim of the article is to develop a formalized method for assessing the criticality of changes to Infrastructure as Code configuration artifacts in software-defined networks. The relevance of the research is determined by the increasing automation of network management processes and the need for early identification of configuration changes that may compromise functional stability or violate security policies in corporate infrastructures. The study focuses on constructing an interpretable model that enables quantitative evaluation of the consequences of configuration modifications prior to their deployment in a production environment.
The paper introduces a formal representation of the state of a software-defined network and models the transition between states under the influence of a configuration change. Criticality is defined as an integral function that aggregates the degradation of topology connectivity, critical service reachability, and access policy consistency. For each change, the network state transition is explicitly modeled, normalized impact components are computed, and an aggregated indicator is formed using weighted coefficients. A threshold-based decision rule is applied to distinguish critical from non-critical modifications. The proposed metric is experimentally validated on controlled scenarios that include neutral, partially degradative, and critical configuration changes. The obtained results confirm the consistency of the integral indicator with the actual functional consequences observed in the modified network state.
The results demonstrate the interpretability and practical applicability of the proposed formalization for structured assessment of configuration changes in automated deployment workflows. The integral metric provides a transparent mechanism for separating critical modifications from non-critical ones based on measurable degradation characteristics.
References
Список літератури
1. Arevalo-Herrera J., Camargo Mendoza J., Martínez Torre J. I., Zona-Ortiz T., Ramirez J. M. Assessing SDN controller vulnerabilities: A survey on attack typologies, detection mechanisms, controller selection, and dataset application in machine learning. Wireless Personal Communications. 2025. Vol. 140, № 1–2. P. 739–775. URL: https://doi.org/10.1007/s11277-025-11748-w (дата звернення: 10.01.2026).
2. Verdet A., Hamdaqa M., Silva L. D., Khomh F. Assessing the adoption of security policies by developers in terraform across different cloud providers. Empirical Software Engineering. 2025. Vol. 30, № 3. Art. 74. URL: https://doi.org/10.1007/s10664-024-10610-0 (дата звернення: 10.01.2026).
3. War A., Diallo A., Habib A., Klein J., Bissyandé T. F. Vulnerabilities in infrastructure as code: what, how many, and who? Empirical Software Engineering. 2025. Vol. 30, № 5. URL: https://doi.org/10.1007/s10664-025-10672-8 (дата звернення: 10.01.2026).
4. Opdebeeck R., Zerouali A., De Roover C. Control and data flow in security smell detection for infrastructure as code: Is it worth the effort? 2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR), Melbourne, Australia. 2023. P. 534–545. URL: https://doi.org/10.1109/msr59073.2023.00079 (дата звернення: 11.01.2026).
5. Shaji N. S., Muthalagu R. Survey on security aspects of distributed software-defined networking controllers in an enterprise SD-WLAN. Digital Communications and Networks. 2023. URL: https://doi.org/10.1016/j.dcan.2023.09.004 (дата звернення: 11.01.2026).
6. Riggs H., Khalid A., Sarwat A. I. An Overview of SDN Issues—A Case Study and Performance Evaluation of a Secure OpenFlow Protocol Implementation. Electronics. 2025. Vol. 14, № 16. Art. 3244. URL: https://doi.org/10.3390/electronics14163244 (дата звернення: 11.01.2026).
7. Batool S., Aslam M., Akpokodje E., Jilani S. F. A Comprehensive Review of DDoS Detection and Mitigation in SDN Environments: Machine Learning, Deep Learning, and Federated Learning Perspectives. Electronics. 2025. Vol. 14, № 21. Art. 4222. URL: https://doi.org/10.3390/electronics14214222 (дата звернення: 17.01.2026).
8. Vasileiou Z., Kumara I., Meditskos G., Tokmakov K., Radolović D., Cruz J. G., Vrochidis S. A knowledge-based approach for guided development of Infrastructure as Code. Software and Systems Modeling. 2025. URL: https://doi.org/10.1007/s10270-025-01294-1 (дата звернення: 17.01.2026).
9. Chiari M., De Pascalis M., Pradella M. Static analysis of infrastructure as code: A survey. 2022 IEEE 19th International Conference on Software Architecture Companion (ICSA-C), Honolulu, HI, USA. 2022. URL: https://doi.org/10.1109/icsa-c54293.2022.00049 (дата звернення: 17.01.2026).
10. Sokolowski D., Salvaneschi G. Towards Reliable Infrastructure as Code. 2023 IEEE 20th International Conference on Software Architecture Companion (ICSA-C), L’Aquila, Italy. 2023. URL: https://doi.org/10.1109/icsa-c57050.2023.00072 (дата звернення: 18.01.2026).
11. Akbar M. A., Smolander K., Mahmood S., Alsanad A. Toward successful DevSecOps in software development organizations: A decision-making framework. Information and Software Technology. 2022. Vol. 147. Art. 106894. URL: https://doi.org/10.1016/j.infsof.2022.106894 (дата звернення: 18.01.2026).
12. Phu A. T., Li B., Ullah F., Ul Huque T., Naha R., Babar M. A., Nguyen H. Defending SDN against packet injection attacks using deep learning. Computer Networks. 2023. Vol. 234. Art. 109935. URL: https://doi.org/10.1016/j.comnet.2023.109935 (дата звернення: 18.01.2026).
13. Bajenaid A., Khemakhem M., Eassa F. E., Bourennani F., Qurashi J. M., Alsulami A. A., Alturki B. Towards Robust SDN Security: A Comparative Analysis of Oversampling Techniques with ML and DL Classifiers. Electronics. 2025. Vol. 14, № 5. Art. 995. URL: https://doi.org/10.3390/electronics14050995 (дата звернення: 18.01.2026).
14. Toprani D., Madisetti V. K. LLM agentic workflow for automated vulnerability detection and remediation in infrastructure-as-code. IEEE Access: Practical Innovations, Open Solutions. 2025. Vol. 13. P. 69175–69181. URL: https://doi.org/10.1109/access.2025.3560911 (дата звернення: 18.01.2026).
References
1. Arevalo-Herrera, J., Camargo Mendoza, J., Martínez Torre, J. I., Zona-Ortiz, T., & Ramirez, J. M. (2025). Assessing SDN controller vulnerabilities: A survey on attack typologies, detection mechanisms, controller selection, and dataset application in machine learning. Wireless Personal Communications, 140(1–2), 739–775. https://doi.org/10.1007/s11277-025-11748-w
2. Verdet, A., Hamdaqa, M., Silva, L. D., & Khomh, F. (2025). Assessing the adoption of security policies by developers in terraform across different cloud providers. Empirical Software Engineer, 30(3), 74. https://doi.org/10.1007/s10664-024-10610-0
3. War, A., Diallo, A., Habib, A., Klein, J., & Bissyandé, T. F. (2025). Vulnerabilities in infrastructure as code: what, how many, and who? Empirical Software Engineer, 30(5). https://doi.org/10.1007/s10664-025-10672-8
4. Opdebeeck, R., Zerouali, A., & De Roover, C. (2023, May). Control and data flow in security smell detection for infrastructure as code: Is it worth the effort? 2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR), 534–545. Presented at the 2023 IEEE/ACM 20th International Conference on Mining Software Repositories (MSR), Melbourne, Australia. https://doi.org/10.1109/msr59073.2023.00079
5. Shaji, N. S., & Muthalagu, R. (2023). Survey on security aspects of distributed software-defined networking controllers in an enterprise SD-WLAN. Digital Communications and Networks. https://doi.org/10.1016/j.dcan.2023.09.004
6. Riggs, H., Khalid, A., & Sarwat, A. I. (2025). An Overview of SDN Issues—A Case Study and Performance Evaluation of a Secure OpenFlow Protocol Implementation. Electronics, 14(16), 3244. https://doi.org/10.3390/electronics14163244
7. Batool, S., Aslam, M., Akpokodje, E., & Jilani, S. F. (2025). A Comprehensive Review of DDoS Detection and Mitigation in SDN Environments: Machine Learning, Deep Learning, and Federated Learning Perspectives. Electronics, 14(21), 4222. https://doi.org/10.3390/electronics14214222
8. Vasileiou, Z., Kumara, I., Meditskos, G., Tokmakov, K., Radolović, D., Cruz, J. G., … Vrochidis, S. (2025). A knowledge-based approach for guided development of Infrastructure as Code. Software and Systems Modeling. https://doi.org/10.1007/s10270-025-01294-1
9. Chiari, M., De Pascalis, M., & Pradella, M. (2022, March). Static analysis of infrastructure as code: A survey. 2022 IEEE 19th International Conference on Software Architecture Companion (ICSA-C). Presented at the 2022 IEEE 19th International Conference on Software Architecture Companion (ICSA-C), Honolulu, HI, USA. https://doi.org/10.1109/icsa-c54293.2022.00049
10. Sokolowski, D., & Salvaneschi, G. (2023, March). Towards Reliable Infrastructure as Code. 2023 IEEE 20th International Conference on Software Architecture Companion (ICSA-C). Presented at the 2023 IEEE 20th International Conference on Software Architecture Companion (ICSA-C), L’Aquila, Italy. https://doi.org/10.1109/icsa-c57050.2023.00072
11. Akbar, M. A., Smolander, K., Mahmood, S., & Alsanad, A. (2022). Toward successful DevSecOps in software development organizations: A decision-making framework. Information and Software Technology, 147(106894), 106894. https://doi.org/10.1016/j.infsof.2022.106894
12. Phu, A. T., Li, B., Ullah, F., Ul Huque, T., Naha, R., Babar, M. A., & Nguyen, H. (2023). Defending SDN against packet injection attacks using deep learning. Computer Networks, 234(109935), 109935. https://doi.org/10.1016/j.comnet.2023.109935
13. Bajenaid, A., Khemakhem, M., Eassa, F. E., Bourennani, F., Qurashi, J. M., Alsulami, A. A., & Alturki, B. (2025). Towards Robust SDN Security: A Comparative Analysis of Oversampling Techniques with ML and DL Classifiers. Electronics, 14(5), 995. https://doi.org/10.3390/electronics14050995
14. Toprani, D., & Madisetti, V. K. (2025). LLM agentic workflow for automated vulnerability detection and remediation in infrastructure-as-code. IEEE Access: Practical Innovations, Open Solutions, 13, 69175–69181. https://doi.org/10.1109/access.2025.3560911
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Oleksandr Huralnyk, Oleg Savenko
This work is licensed under a Creative Commons Attribution 4.0 International License.
