Towards a secure controller platform for openflow applications

Wen, Xuyun; Chen, Yan; Hu, Chengchen; Shi, Chao‐Xiang; Wang, Yi

doi:10.1145/2491185.2491212

Cited by 145 publications

(73 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…[24] and Wen et al [8,40] implement permission-based access control system to prevent malicious applications from accessing the control plane. Shin et al introduce robust and secure controller, Rosemary, which addresses diverse security issues concerning the security and robustness of controllers [10].…”

Section: Security Research For Sdn Controllermentioning

confidence: 99%

NOSArmor: Building a Secure Network Operating System

Nam

Shin

2018

Security and Communication Networks

View full text Add to dashboard Cite

Software-Defined Networking (SDN), controlling underlying network devices (i.e., data plane) in a logically centralized manner, is now actively adopted in many real world networking environments. It is clear that a network administrator can easily understand and manage his networking environments with the help of SDN. In SDN, a network operating system (NOS), also known as an SDN controller, is the most critical component because it should be involved in all transactions for controlling network devices, and thus the security of NOS cannot be highly exaggerated. However, in spite of its importance, no previous works have thoroughly investigated the security of NOS. In this work, to address this problem, we present the NOSArmor, which integrates several security mechanisms, named as security building block (SBB), into a consolidated SDN controller. NOSArmor consists of eight SBBs and each of them addresses different security principles of network assets. For example, while role-based authorization focuses on securing confidentiality of internal storage from malicious applications, OpenFlow protocol verifier protects availability of core service in the controller from malformed control messages received from switches. In addition, NOSArmor shows competitive performance compared to existing other controllers (i.e., ONOS, Floodlight) with secureness of network assets.

show abstract

Section: Security Research For Sdn Controllermentioning

confidence: 99%

NOSArmor: Building a Secure Network Operating System

Nam

Shin

2018

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…Wen et al [25] provided a defensive measure against potential network attacks launched via the controller API interface to protect the networks from misconfiguration by malicious applications. In the approach called PermOF, kernel modules of the controller are isolated at runtime which prevent applications from calling the controller directly with a set of fine-grained permission.…”

Section: Related Workmentioning

confidence: 99%

Trust Establishment in SDN: Controller and Applications

Isong¹,

Kgogo²,

Lugayizi³

2017

IJCNIS

View full text Add to dashboard Cite

Abstract-Software Defined Networks (SDNs) is a network technology developed to deal with several limitations faced by the current traditional networks. However, SDN itself is confronted with security challenges which emanates specifically from its platform, given the explosive growth in network attacks and threats. Though many solutions have been developed and proposed, the continual lack of trust between the SDN controller and the applications running atop the control plane poses a great security challenge. SDN controller can easily be attacked by malicious/compromised applications which can result in network failure as the controller represents a single point of failure. Though trust mechanisms to certify network devices exist, mechanisms to certify management applications are still not well developed. Therefore, this paper proposes a novel direct trust establishment framework between an OpenFlow-based SDN controller and applications. The objective is to ensure that SDN controller is protected and diverse applications that consumes network resources are always trusted throughout their lifetime. Additionally, the paper introduce the concept of trust access matrix and application identity to ensure efficient control of network resources. We believe that, if the proposed trust model is adopted in the OpenFlow architecture, it could go a long way to improve the security of the SDN.

show abstract

“…The issue of exposing the full privilege of OpenFlow to every application without protection is identified in [12]. The authors propose PermOF with a set of permissions and an isolation mechanism to enforce the permissions at the API entry.…”

Section: Related Workmentioning

confidence: 99%