New SDN-Oriented Authentication and Access Control Mechanism

Nife, Fahad; Kotulski, Zbigniew

doi:10.1007/978-3-319-92459-5_7

Cited by 13 publications

(10 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [20] the authors propose a new authentication system for the SDN network, which is used to verify the identity of a host upon connection to the network. The proposed mechanism denies the access of unauthorized hosts and defines different levels of privileges for each user.…”

Section: Firewall Solutions In Sdnmentioning

confidence: 99%

Application-Aware Firewall Mechanism for Software Defined Networks

Nife

Kotulski

2020

J Netw Syst Manage

Self Cite

View full text Add to dashboard Cite

Software-Defined-Networking (SDN) has been recently arising as a new technology in the IT industry. It is a network architecture that hopes to provide better solutions to most of the constraints in contemporary networks. SDN is a centralized control architecture for networking in which the control plane is separated from the data plane, the network services are abstracted from the underlying forwarding devices, and the network's intelligence is centralized in a software-based directly-programmed device called a controller. These features of SDN provide more flexible, programmable and innovative network's architecture. However, they may pose new vulnerabilities and may lead to new security problems. In this paper, we propose the application-aware firewall mechanism for SDN, which can be implemented as an extension to the network's controller. In order to provide more control and visibility in applications running over the network, the system is able to detect network applications that may at some point affect network's performance, and it is capable to dynamically enforce constraint rules on applications. The firewall architecture is designed as four cooperating modules: the Main Module, the Filtering Module, the Application Identification Module, and the Security-Enforcement Module. The proposed mechanism checks the network traffic at the network, transport, and application levels, and installs appropriate security instructions down into the network. The proposed solution features were implemented and tested using a Python-based POX controller, and the network topology was built using Mininet emulation tool.

show abstract

Section: Firewall Solutions In Sdnmentioning

confidence: 99%

Application-Aware Firewall Mechanism for Software Defined Networks

Nife

Kotulski

2020

J Netw Syst Manage

Self Cite

View full text Add to dashboard Cite

show abstract

“…Based on the scheme of [4], this paper implements the prototype system and constructs the experimental environment as shown in the following Figure 2.…”

Section: Prototype Implementationmentioning

confidence: 99%

“…At the same time, the node may access and exit continuously, reflecting a strong dynamic. Therefore, SDN-oriented access control mechanism needs to solve dynamic problems such as timely update of access nodes and active adjustment of access rights [4]. Traditional access control models for enclosed environments, such as DAC (Discretionary Access Control), MAC (Mandatory Access Control), RBAC (Role-Based Access Control), require preset node-privilege correspondence and SDN access [5] [6].…”

mentioning

confidence: 99%

A Dynamic Access Control Method for SDN

Chang¹,

Sun²,

Yue³

et al. 2019

JCC

View full text Add to dashboard Cite

Aiming at the problem that network topology changes frequently in SDN (Software Defined Network) environment and it is difficult to implement fine-grained access control, utilizing the characteristics of SDN transfer control separation and software programming, the ABAC model (Attribute-Based Access Control) is extended by introducing security level, and the security level is defined for the attributes of subject and object to establish the access mapping relationship based on mandatory access rules. At the same time, with secure access path as SDN access control attribute, a dynamic generation method of access control path based on PSO (Particle Swarm Optimization) algorithm is designed to ensure the security of access data flow. The prototype system experiments show that the proposed method takes into account the fine-grained and dynamic requirements of SDN access control, and improves the access security of SDN while ensuring the access efficiency.

show abstract

“…The authentication functionality is composed of five components: supplicant, OpenFlow-enabled switches, controller, authenticator, and the authentication server, see [5]. The authentication process of comparing the credentials, provided by the user with the predefined authorized users information database to validate the users, is done in the authentication server (RADIUS).…”

Section: Access Control and Policy Enforcement Subsystemmentioning

confidence: 99%

“…In this paper, we extend our previous work in [4,5] and propose a solution that takes the advantages of the programmability and the centralized control with its global view, it consists of two main subsystems. The first subsystem tries to prevent any access attempts from unauthorized users by verifying a host identity upon connection to the network.…”

Section: Introductionmentioning

confidence: 97%

New SDN-Oriented Distributed Network Security System

Nife¹,

Kotulski²,

Reyad³

2018

Appl. Math. Inf. Sci

Self Cite

View full text Add to dashboard Cite

Software-Defined Network (SDN) is a network technology aimed to open new possibilities in network management and orchestration. This is important in future (especially mobile) networks, where virtualization of resources and network functions is the basic paradigm. SDN has been proposed to programmatically control networks, facilitating deployment of new applications and services, as well as tuning network policy and performance. It represents an important change in the way networks are architected, built, and managed. In this new networking paradigm, a network control plane is physically decoupled from a forwarding plane and is directly programmable. In SDN networks, the control plane supports a logically centralized controller which has a global view of the entire network; it gathers information from the data plane to be processed by the management tasks which are implemented as applications running on the top of the controller. Based on the global view, these applications make packets processing decisions and distribute them to the data plane via the controller. However, security of such networks with their programmability and centralized points of control is not currently ensured on a sufficient level. In this paper, we present the concept of a new security system for SDN-based networks, which can be easily integrated with the existing network infrastructure as well as can provide security of all network components. It consists of two main subsystems: the network authentication and access control system to protect the network control and the distributed firewall system to protect data transmission. Such a system enables creating additional boundaries within the network to provide a multi-plane system of defense, solves the problem of a single point of failure, and makes it easy to protect the network from external attacks as well as from internal malicious users.

show abstract

New SDN-Oriented Authentication and Access Control Mechanism

Cited by 13 publications

References 22 publications

Application-Aware Firewall Mechanism for Software Defined Networks

Application-Aware Firewall Mechanism for Software Defined Networks

A Dynamic Access Control Method for SDN

New SDN-Oriented Distributed Network Security System

Contact Info

Product

Resources

About