ASTRAEA: Towards an effective and usable application permission system for SDN

Cited 0 time in webofscience Cited 0 time in scopus
  • Hit : 50
  • Download : 0
Today, Software-defined networking (SDN), which decouples the control plane from the data plane, has quickly emerged as a new promising networking architecture. In SDN, a centralized control plane (a.k.a., SDN controller) manages the entire network; hence, the security of this control plane has become increasingly important. One of the critical security issues, recently raised, is that an SDN application can unrestrictedly access SDN resources, manipulate the operations of an SDN controller, and finally destroy the network. To address this issue, researchers have proposed permission-based access control models for an SDN controller, and well-known SDN controllers have recently started employing these ideas. However, permission-based access control mechanisms can be evaded by excessively/insufficiently privileged applications (i.e., permission gap), and SDN controllers employing such mechanisms are no exception. In addition, it is possible that the permissions required for an application are not clearly presented to an administrator (i.e., semantic gap). Since an SDN controller directly manages a network, the damage caused by this problem would be much more serious. To address this issue, in this paper, we introduce a novel and usable security mechanism called ASTRAEA that can effectively help SDN operators avoid such potentially dangerous SDN applications. (C) 2019 Published by Elsevier.B.V.
Publisher
ELSEVIER SCIENCE BV
Issue Date
2019-05
Language
English
Article Type
Article
Citation

COMPUTER NETWORKS, v.155, pp.1 - 14

ISSN
1389-1286
DOI
10.1016/j.comnet.2019.03.007
URI
http://hdl.handle.net/10203/262630
Appears in Collection
EE-Journal Papers(저널논문)
Files in This Item
There are no files associated with this item.

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0