OperationCheckpoint: SDN Application Control
作者: Sandra Scott-Hayward , Christopher Kane , Sakir Sezer
DOI: 10.1109/ICNP.2014.98
关键词: State (computer science) 、 Control (management) 、 Computer security 、 Control theory 、 Computer science 、 Overhead (computing) 、 Core (game theory) 、 Computer network 、 Northbound interface 、 Software-defined networking
摘要: One of the core properties Software Defined Networking (SDN) is ability for third parties to develop network applications. This introduces increased potential innovation in networking from performance-enhanced energy-efficient designs. In SDN, application connects with via SDN controller. A specific concern relating this communication channel whether an can be trusted or not. For example, what information about state gathered by application? Is necessary execute it malicious intent? paper we present approach secure northbound interface introducing a permissions system that ensures controller operations are available applications only. Implementation our Operation Checkpoint adds negligible overhead and illustrates successful defense against unauthorized control function access attempts.
ieeecomputersociety.org参考文章(9)
Marco Canini, Daniele Venzano, Peter Perešíni, Dejan Kostić, Jennifer Rexford, None, A NICE way to test openflow applications networked systems design and implementation. pp. 10- 10 ,(2012)
Ehab Al-Shaer, Saeed Al-Haj, FlowChecker: configuration analysis and verification of federated openflow infrastructures Proceedings of the 3rd ACM workshop on Assurable and usable security configuration. pp. 37- 44 ,(2010) , 10.1145/1866898.1866905
Xitao Wen, Yan Chen, Chengchen Hu, Chao Shi, Yi Wang, Towards a secure controller platform for openflow applications acm special interest group on data communication. pp. 171- 172 ,(2013) , 10.1145/2491185.2491212
Sooel Son, Seungwon Shin, Vinod Yegneswaran, Phillip Porras, Guofei Gu, Model checking invariant security properties in OpenFlow 2013 IEEE International Conference on Communications (ICC). pp. 1974- 1979 ,(2013) , 10.1109/ICC.2013.6654813
Diego Kreutz, Fernando M.V. Ramos, Paulo Verissimo, Towards secure and dependable software-defined networks acm special interest group on data communication. pp. 55- 60 ,(2013) , 10.1145/2491185.2491199
Nate Foster, Rob Harrison, Michael J. Freedman, Christopher Monsanto, Jennifer Rexford, Alec Story, David Walker, Frenetic ACM SIGPLAN Notices. ,vol. 46, pp. 279- 291 ,(2011) , 10.1145/2034574.2034812
Ahmed Khurshid, Wenxuan Zhou, Matthew Caesar, P. Brighten Godfrey, VeriFlow: verifying network-wide invariants in real time acm special interest group on data communication. ,vol. 42, pp. 49- 54 ,(2012) , 10.1145/2342441.2342452
Philip Porras, Seungwon Shin, Vinod Yegneswaran, Martin Fong, Mabry Tyson, Guofei Gu, A security enforcement kernel for OpenFlow networks acm special interest group on data communication. pp. 121- 126 ,(2012) , 10.1145/2342441.2342466
Sandra Scott-Hayward, Gemma O'Callaghan, Sakir Sezer, Sdn Security: A Survey 2013 IEEE SDN for Future Networks and Services (SDN4FNS). pp. 1- 7 ,(2013) , 10.1109/SDN4FNS.2013.6702553