On achieving SDN controller diversity for improved network security using coloring algorithm

The SDN (Software Defined Networking) paradigm rings flexibility to the network management and is an enabler to offer huge opportunities for network programmability. And, to solve the scalability issue raised by the centralized architecture of SDN, multi-controllers deployment (or distributed controllers system) is envisioned. In this paper, we focus on increasing the diversity of SDN control plane so as to enhance the network security. Our goal is to limit the ability of a malicious controller to compromise its neighboring controllers, and by extension, the rest of the controllers. We investigate a heterogeneous Susceptible-Infectious-Susceptible (SIS) epidemic model to evaluate the security performance and propose a coloring algorithm to increase the diversity based on community detection. And the simulation results demonstrate that our algorithm can reduce infection rate in control plane and our work shows that diversity must be introduced in network design for network security.

[1]  Tarik Taleb,et al.  On using bargaining game for Optimal Placement of SDN controllers , 2016, 2016 IEEE International Conference on Communications (ICC).

[2]  Shouhuai Xu,et al.  Adaptive Epidemic Dynamics in Networks , 2013, ACM Trans. Auton. Adapt. Syst..

[3]  Hu Hongchao,et al.  Performance Evaluations on DHR for Cyberspace Mimic Defense , 2016 .

[4]  Scott A. DeLoach,et al.  Towards a Theory of Moving Target Defense , 2014, MTD '14.

[5]  Claudio Castellano,et al.  Community Structure in Graphs , 2007, Encyclopedia of Complexity and Systems Science.

[6]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[7]  Gregory Levitin,et al.  Optimal structure of fault-tolerant software systems , 2005, Reliab. Eng. Syst. Saf..

[8]  Christos Faloutsos,et al.  Epidemic thresholds in real networks , 2008, TSEC.

[9]  David Evans,et al.  N-Variant Systems: A Secretless Framework for Security through Diversity , 2006, USENIX Security Symposium.

[10]  Jeffrey M. Voas,et al.  Reducing uncertainty about common-mode failures , 1997, Proceedings The Eighth International Symposium on Software Reliability Engineering.