A Novel Software Defined Security Framework for SDN

Software Defined Security (SDS) entails the security implementation of a network, based on certain applications. It can be portrayed as a virtualized abstraction of the essential security features into a single software layer. SDS can be designed for traditional physical, virtualized, NFVs (Network Function Virtualization) and SDN (Software Defined Networking) based networks. This paper aims at developing an SDS framework for ONOS based SDN systems. Though most of the existing controllers like RYU, Floodlight, POX and ODL provide a framework for designing SDN applications and REST APIs, ONOS (Open Network Operating System) is comparatively more flexible. The novelty in considering the "SDS on SDN" design lies in the uniformity and scalability of the system. Moreover, a data plane device can now act in a polymorphic manner. The required security rules are provided into the SDS framework that in turn modifies the corresponding flow rules and the control plane forwards the same to the dataplane devices. Thus, a data plane device can have the functionalities of a firewall, IDS, IPS, AAA, etc. depending upon the triggered flow rule. Dependency on a particular security appliance orVNFand the necessity of maintaining multiple instances of the same is eliminated in the proposed system. The experimental setup comprises of a hybrid network topology of virtual mininet switches and HP Aruba switches. The performance analysis of the system in terms of throughput, bandwidth, and RTT latency shows a considerably low overhead thereby proving the effectiveness of the scheme.