A Security-Mode for Carrier-Grade SDN Controllers

Management approaches to modern networks are increasingly influenced by software-defined networks (SDNs), and this increased influence is reflected in the growth of commercially available innovative SDN-based switches, controllers and applications. To date, there have been a number of commercial and open-source SDN operating systems (NOS) introduced for various purposes, including distributed controller frameworks targeting large, carrier-grade networks such as the Open Network Operating System (ONOS) and OpenDayLight (ODL). These frameworks are distinguished by their (i) elastic cluster controller architecture, (ii) network virtualization support, and (iii) modular design. Given their flexible design, growing list of supported features, and collaborative community support, these are attractive hosting platforms for a wide range of third-party distributed network management applications. This paper identifies the common security requirements for policy enforcement in such distributed controller environments. We present the design of a network application permission-enforcement model and an integrated security subsystem (SM-ONOS) for managing distributed applications running on an ONOS controller. We discuss the underlying motivations of its security extensions and their implications for improving our understanding of how to securely manage large-scale SDNs. Our performance assessments demonstrate that the security-mode extension imposed reasonable overheads (ranging from 5 to 20% for 1-7 node clusters).

[1]  David Erickson,et al.  The beacon openflow controller , 2013, HotSDN '13.

[2]  Vinod Yegneswaran,et al.  Securing the Software Defined Network Control Layer , 2015, NDSS.

[3]  Hemma Prafullchandra,et al.  Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2 , 1997, USENIX Symposium on Internet Technologies and Systems.

[4]  John K. Ousterhout,et al.  In Search of an Understandable Consensus Algorithm , 2014, USENIX ATC.

[5]  Brighten Godfrey,et al.  VeriFlow: verifying network-wide invariants in real time , 2012, HotSDN '12.

[6]  Pavlin Radoslavov,et al.  ONOS: towards an open, distributed SDN OS , 2014, HotSDN.

[7]  Martín Casado,et al.  NOX: towards an operating system for networks , 2008, CCRV.

[8]  Brent Byunghoon Kang,et al.  Rosemary: A Robust, Secure, and High-performance Network Operating System , 2014, CCS.

[9]  Guru M. Parulkar,et al.  OpenVirteX: make your virtual SDNs programmable , 2014, HotSDN.

[10]  Rob Sherwood,et al.  Can the Production Network Be the Testbed? , 2010, OSDI.

[11]  Oliver Michel,et al.  Applying operating system principles to SDN controller design , 2013, HotNets.

[12]  Stephen Smalley,et al.  Integrating Flexible Support for Security Policies into the Linux Operating System , 2001, USENIX Annual Technical Conference, FREENIX Track.

[13]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[14]  Ghassan O. Karame,et al.  Access control for SDN controllers , 2014, HotSDN.

[15]  Bo Yang,et al.  SDNShield: Reconciliating Configurable Application Permissions for SDN App Markets , 2016, 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[16]  George Varghese,et al.  Header Space Analysis: Static Checking for Networks , 2012, NSDI.

[17]  Mabry Tyson,et al.  A security enforcement kernel for OpenFlow networks , 2012, HotSDN '12.

[18]  Theophilus Benson,et al.  Tolerating SDN Application Failures with LegoSDN , 2014, HotNets.

[19]  Martín Casado,et al.  Onix: A Distributed Control Platform for Large-scale Production Networks , 2010, OSDI.