Title :
OperationCheckpoint: SDN Application Control
Author :
Scott-Hayward, Sandra ; Kane, Christopher ; Sezer, Sakir
Author_Institution :
Centre for Secure Inf. Technol. (CSIT), Queen´s Univ. Belfast, Belfast, UK
Abstract :
One of the core properties of Software Defined Networking (SDN) is the ability for third parties to develop network applications. This introduces increased potential for innovation in networking from performance-enhanced to energy-efficient designs. In SDN, the application connects with the network via the SDN controller. A specific concern relating to this communication channel is whether an application can be trusted or not. For example, what information about the network state is gathered by the application? Is this information necessary for the application to execute or is it gathered for malicious intent? In this paper we present an approach to secure the northbound interface by introducing a permissions system that ensures that controller operations are available to trusted applications only. Implementation of this permissions system with our Operation Checkpoint adds negligible overhead and illustrates successful defense against unauthorized control function access attempts.
Keywords :
authorisation; computer network performance evaluation; computer network security; OperationCheckpoint; SDN application control; communication channel; energy-efficient design; performance-enhanced design; permissions system; software defined networking; unauthorized control function access attempts; Communication networks; Java; Monitoring; Protocols; Security; Switches;
Conference_Titel :
Network Protocols (ICNP), 2014 IEEE 22nd International Conference on
Conference_Location :
Raleigh, NC
Print_ISBN :
978-1-4799-6203-7
DOI :
10.1109/ICNP.2014.98
