Achieving a Heterogeneous Software-Defined Networks with CamoVisor

Security is a key issue in Software-Defined Networks (SDN). To enhance security performance, we propose a secure mechanism, called CamoVisor, to combine the heterogeneity and resilience into SDN. CamoVisor is a hypervisor between the control plane and data plane. First, it prevents the attackers in the data plane probing the useful network information by hiding the implementation of the control plane. Second, it uses heterogeneous controllers to construct the control plane. Any faulty controller does not affect the entire control plane. We build a prototype of CamoVisor and do some experiments. The experiments show that CamoVisor is able to defend the attacks from the control plane and the data plane.

[1]  Jan Medved,et al.  OpenDaylight: Towards a Model-Driven SDN Controller architecture , 2014, Proceeding of IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks 2014.

[2]  Pavlin Radoslavov,et al.  ONOS: towards an open, distributed SDN OS , 2014, HotSDN.

[3]  Fernando M. V. Ramos,et al.  On the Design of Practical Fault-Tolerant SDN Controllers , 2014, 2014 Third European Workshop on Software Defined Networks.

[4]  Martín Casado,et al.  Onix: A Distributed Control Platform for Large-scale Production Networks , 2010, OSDI.

[5]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[6]  Xin Jin,et al.  CoVisor: A Compositional Hypervisor for Software-Defined Networks , 2015, NSDI.

[7]  Karim M. El Defrawy,et al.  Byzantine Fault Tolerant Software-Defined Networking (SDN) Controllers , 2016, 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC).

[8]  Elisa Rojas,et al.  NetIDE: All-in-one framework for next generation, composed SDN applications , 2016, 2016 IEEE NetSoft Conference and Workshops (NetSoft).

[9]  Song Guo,et al.  Byzantine-Resilient Secure Software-Defined Networks with Multiple Controllers in Cloud , 2014, IEEE Transactions on Cloud Computing.

[10]  Yazhe Tang,et al.  Exploiting the Vulnerability of Flow Table Overflow in Software-Defined Network: Attack Model, Evaluation, and Defense , 2018, Secur. Commun. Networks.

[11]  Vinod Yegneswaran,et al.  Flow Wars: Systemizing the Attack Surface and Defenses in Software-Defined Networks , 2017, IEEE/ACM Transactions on Networking.

[12]  Sakir Sezer,et al.  A Survey of Security in Software Defined Networks , 2016, IEEE Communications Surveys & Tutorials.