Software Defined Networking Reactive Stateful Firewall

Network security is a crucial issue of Software Defined Networking (SDN). It is probably, one of the key features for the success and the future pervasion of the SDN technology. In this perspective, we propose a SDN reactive stateful firewall. Our solution is integrated into the SDN architecture. The application filters TCP communications according to the network security policies. It records and processes the different states of connections and interprets their possible transitions into OpenFlow (OF) rules. The proposition uses a reactive behavior in order to reduce the number of OpenFlow rules in the data plane devices and to mitigate some Denial of Service (DoS) attacks like SYN Flooding. The firewall processes the Finite State Machine of network protocols so as to withdraw useless traffic not corresponding to their transitions’ conditions.

[1]  Fernando M. V. Ramos,et al.  Software-Defined Networking: A Comprehensive Survey , 2014, Proceedings of the IEEE.

[2]  Sajad Shirali-Shahreza,et al.  Empowering Software Defined Network controller with packet-level information , 2013, 2013 IEEE International Conference on Communications Workshops (ICC).

[3]  Sebastian Abt,et al.  Blessing or curse? Revisiting security aspects of Software-Defined Networking , 2014, 10th International Conference on Network and Service Management (CNSM) and Workshop.

[4]  Zouheir Trabelsi Teaching Stateless and Stateful Firewall Packet Filtering: A Hands-on Approach , 2012 .

[5]  Jun Liu,et al.  An OpenFlow-Based Prototype of SDN-Oriented Stateful Hardware Firewalls , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[6]  Tzi-cker Chiueh,et al.  Traffic Analysis : From Stateful Firewall to Network Intrusion Detection System , 2004 .

[7]  Ziming Zhao,et al.  Towards a Reliable SDN Firewall , 2014, ONS.

[8]  Byrav Ramamurthy,et al.  Network Innovation using OpenFlow: A Survey , 2014, IEEE Communications Surveys & Tutorials.

[9]  Vinod Yegneswaran,et al.  A Framework For Integrating Security Services into Software-Defined Networks , 2013 .

[10]  Sajad Shirali-Shahreza,et al.  FleXam: flexible sampling extension for monitoring and security applications in openflow , 2013, HotSDN '13.

[11]  Sajad Shirali-Shahreza,et al.  Efficient Implementation of Security Applications in OpenFlow Controller with FleXam , 2013, 2013 IEEE 21st Annual Symposium on High-Performance Interconnects.

[12]  Zonghua Zhang,et al.  Enabling security functions with SDN: A feasibility study , 2015, Comput. Networks.

[13]  William Emmanuel Yu,et al.  Development of a distributed firewall using software defined networking technology , 2014, 2014 4th IEEE International Conference on Information Science and Technology.

[14]  Sunhee Yang,et al.  Building firewall over the software-defined network controller , 2014, 16th International Conference on Advanced Communication Technology.

[15]  Yiming Li,et al.  Software defined networking: State of the art and research challenges , 2014, Comput. Networks.

[16]  Patricia Morreale,et al.  Software-defined networking , 2014 .

[17]  Gail-Joon Ahn,et al.  FLOWGUARD: building robust firewalls for software-defined networks , 2014, HotSDN.

[18]  Zouheir Trabelsi,et al.  A survey on firewall's early packet rejection techniques , 2011, 2011 International Conference on Innovations in Information Technology.

[19]  Mabry Tyson,et al.  FRESCO: Modular Composable Security Services for Software-Defined Networks , 2013, NDSS.

[20]  Rupam Kumar Sharma,et al.  Different firewall techniques: A survey , 2014, Fifth International Conference on Computing, Communications and Networking Technologies (ICCCNT).

[21]  Z. Hasan A Survey on Shari’Ah Governance Practices in Malaysia, GCC Countries and the UK , 2011 .