SENAD: Securing Network Application Deployment in Software Defined Networks

被引:0
|
作者
Tseng, Yuchia [1 ]
Nait-Abdesselam, Farid [2 ]
Khokhar, Ashfaq [3 ]
机构
[1] Paris Descartes Univ, IRT Syst X, Paris, France
[2] Paris Descartes Univ, Paris, France
[3] Iowa State Univ, Ames, IA USA
关键词
SDN controller; network applications; security-by-design;
D O I
暂无
中图分类号
TM [电工技术]; TN [电子技术、通信技术];
学科分类号
0808 ; 0809 ;
摘要
The Software Defined Networks (SDN) paradigm, often referred to as a radical new idea in networking, promises to dramatically simplify network management by enabling innovation through network programmability. However, notable security issues, such as app-to-control threats, remain a significant concern that impedes SDN from being widely adopted. To cope with those app-to-control threats, this paper proposes a solution to securely deploy valid network applications while protecting the SDN controller against the injection of the malicious application. This problem is mitigated by proposing a novel SDN architecture, dubbed SENAD, which splits the well-known SDN controller into: (1) a data plane controller (DPC), and (2) an application plane controller (APC), to secure this latter by design. The role of the DPC is dedicated for interpreting the network rules into OpenFlow entries and maintaining the communication with the data plane. The role of the APC, however, is to provide a secured runtime for deploying the network applications, including authentication, access control, resource isolation, control, and monitoring applications. We show that this approach can easily shield against any deny of service, caused for instance by the resource exhaustion attack or the malicious command injection, that is caused by the co-existence of a malicious application on the controller's runtime. The evaluation of our architecture shows that the packet_in messages take less than 5 ms to be delivered from the data plane to the application plane on the long range.
引用
收藏
页数:6
相关论文
共 50 条
  • [41] TOPOGEN: A NETWORK TOPOLOGY GENERATION ARCHITECTURE WITH APPLICATION TO AUTOMATING SIMULATIONS OF SOFTWARE DEFINED NETWORKS
    Laurito, Andres
    Bonaventura, Matias
    Astigarraga, Mikel Eukeni Pozo
    Castro, Rodrigo
    [J]. 2017 WINTER SIMULATION CONFERENCE (WSC), 2017, : 1049 - 1060
  • [42] Flexible network management and application service adaptability in software defined wireless sensor networks
    Kgotlaetsile Mathews Modieginyane
    Reza Malekian
    Babedi Betty Letswamotse
    [J]. Journal of Ambient Intelligence and Humanized Computing, 2019, 10 : 1621 - 1630
  • [43] Software defined wireless sensor networks application opportunities for efficient network management: A survey
    Modieginyane, Kgotlaetsile Mathews
    Letswamotse, Babedi Betty
    Malekian, Reza
    Abu-Mahfouz, Adnan M.
    [J]. COMPUTERS & ELECTRICAL ENGINEERING, 2018, 66 : 274 - 287
  • [44] Orchestrating Network Functions in Software-Defined Networks
    Hongchao Hu
    Lin Pang
    Zhenpeng Wang
    Guozhen Cheng
    [J]. China Communications, 2017, 14 (02) : 104 - 117
  • [45] Orchestrating Network Functions in Software-Defined Networks
    Hu, Hongchao
    Pang, Lin
    Wang, Zhenpeng
    Cheng, Guozhen
    [J]. CHINA COMMUNICATIONS, 2017, 14 (02) : 104 - 117
  • [46] Network Traffic Measurement and Management in Software Defined Networks
    Grezo, Rudolf
    Nagy, Martin
    [J]. PROCEEDINGS OF 2017 3RD IEEE INTERNATIONAL CONFERENCE ON COMPUTER AND COMMUNICATIONS (ICCC), 2017, : 541 - 546
  • [47] Zoning for Hierarchical Network Optimization in Software Defined Networks
    Li, Xu
    Djukic, Petar
    Zhang, Hang
    [J]. 2014 IEEE NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM (NOMS), 2014,
  • [48] Virtual Network Embedding in Software-Defined Networks
    Bays, Leonardo Richter
    Gaspary, Luciano Paschoal
    Ahmed, Reaz
    Boutaba, Raouf
    [J]. NOMS 2016 - 2016 IEEE/IFIP NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM, 2016, : 10 - 18
  • [49] Network Management through Graphs in Software Defined Networks
    Pantuza, Gustavo
    Sampaio, Frederico
    Vieira, Luiz F. M.
    Guedes, Dorgival
    Vieira, Marcos A. M.
    [J]. 2014 10TH INTERNATIONAL CONFERENCE ON NETWORK AND SERVICE MANAGEMENT (CNSM), 2014, : 400 - 405
  • [50] Scalable Network Virtualization in Software-Defined Networks
    Drutskoy, Dmitry
    Keller, Eric
    Rexford, Jennifer
    [J]. IEEE INTERNET COMPUTING, 2013, 17 (02) : 20 - 27