AC-PROT: An Access Control Model to Improve Software-Defined Networking Security

The logically-centralized controllers have largely operated as the coordination points in software-defined networking(SDN), through which applications submit network operations to manage the global network resource. Therefore, the validity of these network operations from SDN applications are critical for the security of SDN. In this paper, we analyze the mechanism that generates network operations in SDN, and present a fine-grained access control model, called Access Control Protector(AC-PROT),that employs an attribute-based signature scheme for network applications. The simulation result demonstrates that AC-PROT can efficiently identify and reject unauthorized network operations generated by applications.

[1]  Vinod Yegneswaran,et al.  Securing the Software Defined Network Control Layer , 2015, NDSS.

[2]  Xiao Liu,et al.  PERM-GUARD: Authenticating the Validity of Flow Rules in Software Defined Networking , 2017, J. Signal Process. Syst..

[3]  Otto Carlos Muniz Bandeira Duarte,et al.  AuthFlow: authentication and access control mechanism for software defined networking , 2016, Ann. des Télécommunications.

[4]  Yi Wang,et al.  Towards a secure controller platform for openflow applications , 2013, HotSDN '13.

[5]  Obi Akonjang,et al.  SANE: A Protection Architecture For Enterprise Networks , 2007 .

[6]  Vinod Yegneswaran,et al.  Model checking invariant security properties in OpenFlow , 2013, 2013 IEEE International Conference on Communications (ICC).

[7]  Xiaofeng Wang,et al.  Mediated attribute based signature scheme supporting key revocation , 2012, 2012 8th International Conference on Information Science and Digital Content Technology (ICIDT2012).

[8]  Ghassan O. Karame,et al.  Access control for SDN controllers , 2014, HotSDN.

[9]  Chanil Park,et al.  Fine-grained user access control in ciphertext-policy attribute-based encryption , 2012, Secur. Commun. Networks.

[10]  Johan van de Koppel,et al.  Non-trophic Interactions Control Benthic Producers on Intertidal Flats , 2013, Ecosystems.

[11]  Sakir Sezer,et al.  OperationCheckpoint: SDN Application Control , 2014, 2014 IEEE 22nd International Conference on Network Protocols.