Checking Multi-domain Policies in SDN

Programmable Network like SDN allows administrators to program network nfrastructure according to service demand and custom-defined policies. Network olicies are interpreted by the centralized controller to define actions and rules to rocess the network traffic on devices that belong to a single domain. However, actual etworks are multi-domain where several domains are interconnected. Then, because DN controllers in a domain cannot define nor monitor policies in other domains, etwork administrators cannot ensure that their own policies, origin policies are being nforced by the domains not directly managed by them (i.e. foreign domains). e present AudiT, a multi-domain SDN policy verifier that identifies whether an rigin policy is enforced by foreign domains. AudiT comprises (1) model for network opology, policies, and flows, (2) an Audit protocol to gather information about the ctions performed by network devices to carry the flows of interest, and (3) a validation ngine that takes that information and detects security policy violations, and (4) an extension to the OpenFlow protocol to enable external auditing. This paper resents our approach and illustrates its application using an example considering ultiple SDN networks.

[1]  Martín Casado,et al.  NOX: towards an operating system for networks , 2008, CCRV.

[2]  Martín Casado,et al.  Practical declarative network management , 2009, WREN '09.

[3]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[4]  Daniel Jackson,et al.  Alloy: a lightweight object modelling notation , 2002, TSEM.

[5]  Geoffrey G. Xie,et al.  Network policy languages: a survey and a new approach , 2001, IEEE Netw..

[6]  Bernhard Rumpe,et al.  Meaningful modeling: what's the semantics of "semantics"? , 2004, Computer.

[7]  Eusebi Calle,et al.  Detection and prevention of firewall-rule conflicts on software-defined networking , 2015, 2015 7th International Workshop on Reliable Networks Design and Modeling (RNDM).

[8]  George Varghese,et al.  Usenix Association 10th Usenix Symposium on Networked Systems Design and Implementation (nsdi '13) 99 Real Time Network Policy Checking Using Header Space Analysis , 2022 .

[9]  Marco Canini,et al.  A NICE Way to Test OpenFlow Applications , 2012, NSDI.

[10]  David Walker,et al.  A compiler and run-time system for network programming languages , 2012, POPL '12.

[11]  Marco Canini,et al.  FatTire: declarative fault tolerance for software-defined networks , 2013, HotSDN '13.

[12]  Yezid Donoso,et al.  Detecting Network Policy Conflicts Using Alloy , 2014, ABZ.

[13]  Sharad Malik,et al.  Abstractions for model checking SDN controllers , 2013, 2013 Formal Methods in Computer-Aided Design.

[14]  Azer Bestavros,et al.  Using Alloy to Formally Model and Reason About an OpenFlow Network Switch , 2016, ArXiv.

[15]  Samuel T. King,et al.  Debugging the data plane with anteater , 2011, SIGCOMM 2011.

[16]  Emin Gün Sirer,et al.  Managing the network with Merlin , 2013, HotNets.

[17]  Mabry Tyson,et al.  A security enforcement kernel for OpenFlow networks , 2012, HotSDN '12.

[18]  Ehab Al-Shaer,et al.  Network configuration in a box: towards end-to-end verification of network reachability and security , 2009, 2009 17th IEEE International Conference on Network Protocols.

[19]  Daniel Jackson,et al.  Software Abstractions - Logic, Language, and Analysis , 2006 .

[20]  Brighten Godfrey,et al.  VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[21]  Timothy L. Hinrichs Expressing and Enforcing Flow-Based Network Security Policies , 2008 .