A trust management framework for software‐defined network applications

The emergence of software‐defined network (SDN) has brought unprecedented innovation to current networks. SDN's two most notable features are decoupling and programmability. Decoupling makes network management centralized in a control plane. Meanwhile, having benefitted from the programmable characteristic of SDN, new functions of networking can be easily realized. However, these features also introduce new security issues to SDN. Through the programming interface provided by SDN, software engineers can easily develop network applications to generate networking policies for SDN's control planes for the purpose of guiding network routing. However, it is hard to guarantee the security and quality of these new applications. Malicious or low‐quality applications could damage a whole network. To solve this problem, we propose a novel trust management framework for SDN applications in this paper. It can evaluate applications' trust values based on their impact on the network performance (such as time delay, packet loss rate, throughput, etc). These trust values further play a decisive role for managing and selecting applications in SDN. We evaluate this framework's performance through a prototype system implemented based on a floodlight controller. The experimental results show the accuracy and effectiveness of our design.

[1]  M. Belyaev,et al.  Towards load balancing in SDN-networks during DDoS-attacks , 2014, 2014 First International Science and Technology Conference (Modern Networking Technologies) (MoNeTeC).

[2]  Jin Cao,et al.  A secure SDN based multi-RANs architecture for future 5G networks , 2017, Comput. Secur..

[3]  Chen Liang,et al.  Participatory networking: an API for application control of SDNs , 2013, SIGCOMM.

[4]  Vinod Yegneswaran,et al.  Securing the Software Defined Network Control Layer , 2015, NDSS.

[5]  Fernando M. V. Ramos,et al.  Software-Defined Networking: A Comprehensive Survey , 2014, Proceedings of the IEEE.

[6]  Yi Wang,et al.  Towards a secure controller platform for openflow applications , 2013, HotSDN '13.

[7]  Zheng Yan,et al.  A Survey on Software-Defined Networking Security , 2016, MobiMedia.

[8]  Athanasios V. Vasilakos,et al.  A security and trust framework for virtualized networks and software-defined networking , 2016, Secur. Commun. Networks.

[9]  Weiming Wang,et al.  Research on network programming language and policy conflicts for SDN , 2017, Concurr. Comput. Pract. Exp..

[10]  Mabry Tyson,et al.  A security enforcement kernel for OpenFlow networks , 2012, HotSDN '12.

[11]  Yulei Wu,et al.  An Architecture for Accountable Anonymous Access in the Internet-of-Things Network , 2018, IEEE Access.

[12]  Kim-Kwang Raymond Choo,et al.  Security, Privacy, and Anonymity in Computation, Communication, and Storage , 2017, Lecture Notes in Computer Science.

[13]  Nerea Toledo,et al.  Toward an SDN-enabled NFV architecture , 2015, IEEE Communications Magazine.

[14]  Yustus Eko Oktian,et al.  Mitigating Denial of Service (DoS) attacks in OpenFlow networks , 2014, 2014 International Conference on Information and Communication Technology Convergence (ICTC).

[15]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[16]  Andrei V. Gurtov,et al.  Security in Software Defined Networks: A Survey , 2015, IEEE Communications Surveys & Tutorials.

[17]  Hyogon Kim,et al.  Controller scheduling for continued SDN operation under DDoS attacks , 2015 .

[18]  Zheng Yan,et al.  Trust Management in Mobile Environments - Usable and Autonomic Models , 2013 .

[19]  Andres Garcia-Saavedra,et al.  5G-Crosshaul: An SDN/NFV Integrated Fronthaul/Backhaul Transport Network Architecture , 2017, IEEE Wireless Communications.

[20]  Sakir Sezer,et al.  OperationCheckpoint: SDN Application Control , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[21]  Geyong Min,et al.  Time Series Anomaly Detection for Trustworthy Services in Cloud Computing Systems , 2017, IEEE Transactions on Big Data.

[22]  H. Kim,et al.  A SDN-oriented DDoS blocking scheme for botnet-based attacks , 2014, 2014 Sixth International Conference on Ubiquitous and Future Networks (ICUFN).

[23]  Christian Banse,et al.  A Secure Northbound Interface for SDN Applications , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[24]  Rodrigo Braga,et al.  Lightweight DDoS flooding attack detection using NOX/OpenFlow , 2010, IEEE Local Computer Network Conference.

[25]  Sangheon Pack,et al.  Low-Complexity Master Controller Assignment in Distributed SDN Controller Environments , 2018, IEEE Communications Letters.

[26]  Riccardo Trivisonno,et al.  SDN‐based 5G mobile networks: architecture, functions, procedures and backward compatibility , 2015, Trans. Emerg. Telecommun. Technol..

[27]  Qi Zhang,et al.  Tenants Attested Trusted Cloud Service , 2016, 2016 IEEE 9th International Conference on Cloud Computing (CLOUD).

[28]  Theophilus Benson,et al.  Tolerating SDN Application Failures with LegoSDN , 2014, HotNets.

[29]  Nick Feamster,et al.  Improving network management with software defined networking , 2013, IEEE Commun. Mag..

[30]  Mohsen Guizani,et al.  Software-defined networking security: pros and cons , 2015, IEEE Communications Magazine.

[31]  Piotr Cofta,et al.  A Mechanism for Trust Sustainability Among Trusted Computing Platforms , 2004, TrustBus.

[32]  Wei Wu,et al.  AC-PROT: An Access Control Model to Improve Software-Defined Networking Security , 2017, 2017 IEEE 85th Vehicular Technology Conference (VTC Spring).

[33]  Peng Zhang,et al.  TIM: A Trust Insurance Mechanism for Network Function Virtualization Based on Trusted Computing , 2017, SpaCCS.

[34]  David Fernández Cambronero,et al.  A user-centric SDN management architecture for NFV-based residential networks , 2017, Comput. Stand. Interfaces.

[35]  Mabry Tyson,et al.  FRESCO: Modular Composable Security Services for Software-Defined Networks , 2013, NDSS.

[36]  F. Richard Yu,et al.  Software-Defined Networking (SDN) and Distributed Denial of Service (DDoS) Attacks in Cloud Computing Environments: A Survey, Some Research Issues, and Challenges , 2016, IEEE Communications Surveys & Tutorials.

[37]  Sanjay Jha,et al.  A Survey of Securing Networks Using Software Defined Networking , 2015, IEEE Transactions on Reliability.

[38]  Marc St-Hilaire,et al.  Early detection of DDoS attacks against SDN controllers , 2015, 2015 International Conference on Computing, Networking and Communications (ICNC).

[39]  Sakir Sezer,et al.  A Survey of Security in Software Defined Networks , 2016, IEEE Communications Surveys & Tutorials.

[40]  Zheng Yan,et al.  Security in Software-Defined-Networking: A Survey , 2016, SpaCCS.

[41]  Nicolai Kuntze,et al.  Hypervisor-Based Attestation of Virtual Environments , 2016, 2016 Intl IEEE Conferences on Ubiquitous Intelligence & Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Cloud and Big Data Computing, Internet of People, and Smart World Congress (UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld).

[42]  Xiao Liu,et al.  PERM-GUARD: Authenticating the Validity of Flow Rules in Software Defined Networking , 2015, 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing.

[43]  Brent Byunghoon Kang,et al.  Rosemary: A Robust, Secure, and High-performance Network Operating System , 2014, CCS.