Development of a distributed firewall using software defined networking technology

Pena, Justin Gregory V.; Yu, William Emmanuel S.

doi:10.1109/icist.2014.6920514

Cited by 34 publications

(13 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Many works have studied network security using the SDN architecture, either by implementing firewalls 9,10,29,30,31 , IPS 11 , NAC 7 and IDS modules 24,27,28 on top of the SDN controller, or by installing security policies into OpenFlow switches. The emergence of the next generation Internet architecture, requires even higher security levels, such as authenticating network devices, users and objects connecting to users using both wired and wireless technologies.…”

Section: Distributed Sdn Security Solutionmentioning

confidence: 99%

New Security Architecture for IoT Network

Flauzac

González

Nolot

2015

Procedia Computer Science

118

View full text Add to dashboard Cite

We explain the notion of security architecture for Internet of Things (IoT) based on software-defined networking (SDN). In this context, the SDN-based architecture works with or without infrastructure, that we call SDN-Domain. This work describes the operation of the proposed architecture and summarizes the opportunity to achieve network security in a more efficient and flexible with SDN. An overview of existing SDN security applications were discussed and tackles its issues, presenting a new IoT system's architecture. In this paper we considered the network access control and global traffic monitoring for ad-hoc networks. Finally, we point out architectural design choices for SDN using OpenFlow and discuss their performance implications.

show abstract

Section: Distributed Sdn Security Solutionmentioning

confidence: 99%

New Security Architecture for IoT Network

Flauzac

González

Nolot

2015

Procedia Computer Science

118

View full text Add to dashboard Cite

show abstract

“…Such applications simply get the abstract network view (ANV ) from the SDN controller. Upon making the necessary policy decisions, they interact with the underlying data plane through SDN controller that maps higher-level 1 A flow can be defined as a sequence of packets from a source to a destination [39].…”

Section: Background Of Software Defined Networking a What Is Sofmentioning

confidence: 99%

Comparison of Routing Algorithms With Static and Dynamic Link Cost in Software Defined Networking (SDN)

Akin

Korkmaz

2019

IEEE Access

View full text Add to dashboard Cite

In this paper, we compared the existing routing algorithms in the context of Software Defined Networking (SDN), where a logically centralized controller acquires the global view of the network, selects the paths using a routing algorithm, and installs the determined routing rules to the switches. We divided existing routing algorithms (RA) into three categories: RA with static link cost (RA-SLC), RA with dynamic link cost (RA-DLC), and RA with dynamic link cost and minimum interference (RA-DLCMI). We then implemented various routing algorithms from each category using RYU SDN controller and compared their performances on Mininet emulator. For the network state information (NSI) needed for the routing algorithms, we first consider the idealistic case where the accurate NSI is available, as assumed in the literature. However, since this is not possible in practice, we also considered the practical case where the controller periodically collects the NSI with some inaccuracy. In our experiments, we observed that while RA-DLC and RA-DLCMI give similar performance, RA-SLC falls behind of RA-DLC and RA-DLCMI in the number of accepted flows and total throughput. We also showed that the performance of every algorithm is adversely affected from the inaccuracy of NSI, calling for further research on developing effective NSI collection methods. INDEX TERMS Routing algorithms, network state information accuracy, software defined networking (SDN), traffic engineering.

show abstract

“…Distributed firewalls, such as [23][24][25][26][27], use a different approach. Every network device that participates in forwarding packets is involved to "compose" the distributed firewall.…”

Section: Firewalls On Sdnmentioning

confidence: 99%

“…In fact, the concept of "flow" allows forwarding devices to treat similar packets in the same way, rather than making individual decisions for each packet in an uncoordinated way. Every forwarding device, having a flow table appropriately configured with a particular set of static security policies, behaves as a distributed stateless firewall, as proposed by a few research contributions [3][4][5][6][7]. In this way, the firewall functions are implemented at the data plane, relieving the controller from the filtering burden, and leaving to it just the task to deploy static rules on each switch.…”

Section: Introductionmentioning

confidence: 99%

FORTRESS: An Efficient and Distributed Firewall for Stateful Data Plane SDN

Caprolu

Raponi

Pietro

2019

Security and Communication Networks

View full text Add to dashboard Cite

The Software Defined Networking (SDN) paradigm decouples the logic module from the forwarding module on traditional network devices, bringing a wave of innovation to computer networks. Firewalls, as well as other security appliances, can largely benefit from this novel paradigm. Firewalls can be easily implemented by using the default OpenFlow rules, but the logic must reside in the control plane due to the dynamic nature of their rules that cannot be handled by data plane devices. This leads to a nonnegligible overhead in the communication channel between layers, as well as introducing an additional computational load on the control plane. To address the above limitations, we propose the architectural design of FORTRESS: a stateful firewall for SDN networks that leverages the stateful data plane architecture to move the logic of the firewall from the control plane to the data plane. FORTRESS can be implemented according to two different architectural designs: Stand-Alone and Cooperative, each one with its own peculiar advantages. We compare FORTRESS against FlowTracker, the state-of-the-art solution for SDN firewalling, and show how our solution outperforms the competitor in terms of the number of packets exchanged between the control plane and the data plane—we require 0 packets for the Stand-Alone architecture and just 4 for the Cooperative one. Moreover, we discuss how the adaptability, elegant and modular design, and portability of FORTRESS contribute to make it the ideal candidate for SDN firewalling. Finally, we also provide further research directions.

show abstract

Development of a distributed firewall using software defined networking technology

Cited by 34 publications

References 2 publications

New Security Architecture for IoT Network

New Security Architecture for IoT Network

Comparison of Routing Algorithms With Static and Dynamic Link Cost in Software Defined Networking (SDN)

FORTRESS: An Efficient and Distributed Firewall for Stateful Data Plane SDN

Contact Info

Product

Resources

About