Author_Institution :
Sch. of Comput. Sci. & Eng., Univ. of Aizu, Aizu-Wakamatsu, Japan
Abstract :
Software-defined network (SDN) is the next generation of networking architecture that is dynamic, manageable, cost-effective, and adaptable, making it ideal for the high-bandwidth, dynamic nature of today´s applications. In SDN, network management is facilitated through software rather than low-level device configurations. However, the centralized control plane introduced by SDN imposes a great challenge for the network security. In this paper, we present a secure SDN structure, in which each device is managed by multiple controllers, not just a single as in a traditional manner, with the dynamic and isolated instance provided by the cloud. It can resist Byzantine attacks on controllers and the communication links between controllers and SDN switches. Furthermore, we study a controller minimization problem with security requirement and propose a cost-efficient controller assignment algorithm with a constant approximation ratio. From the experiment result, the secure SDN structure has little impact on the network latency, provide better security than general distributed controller, and the proposed algorithm performs higher efficiency than random assignment.
Keywords :
cloud computing; computer network management; computer network security; software defined networking; Byzantine attacks resistance; Byzantine-resilient secure software-defined networks; centralized control plane; constant approximation ratio; controller minimization problem; cost-efficient controller assignment algorithm; multiple controllers; network management; network security; networking architecture; secure SDN structure; security requirement; Cloud computing; Computer security; Control systems; Fault tolerant systems; IP networks; Ports (Computers); Software; Byzantine attack; Software-defined network; approximation algorithm; cloud computing;
