A security enforcement kernel for OpenFlow networks
Software-defined networks facilitate rapid and open innovation at the network control layer by providing a programmable network infrastructure for computing flow policies on demand. However, the dynamism of programmable networks also introduces new security challenges that demand innovative solutions. A critical challenge is efficient detection and reconciliation of potentially conflicting flow rules imposed by dynamic OpenFlow (OF) applications. To that end, we introduce FortNOX, a software extension that provides role-based authorization and security constraint enforcement for the NOX OpenFlow controller. FortNOX enables NOX to check flow rule contradictions in real time, and implements a novel analysis algorithm that is robust even in cases where an adversarial OF application attempts to strategically insert flow rules that would otherwise circumvent flow rules imposed by OF security applications. We demonstrate the utility of FortNOX through a prototype implementation and use it to examine performance and efficiency aspects of the proposed framework.
- Publisher
- ACM Sigcomm
- Issue Date
- 2012-08-13
- Language
- English
- Citation
Proceedings of the first workshop on Hot topics in software defined networks(HotSDN), pp.121 - 126
- ISBN
- 978-1-4503-1477-0
- Appears in Collection
- EE-Conference Papers(학술회의논문)
- Files in This Item
- FortNox-HotSDN2012.pdf(2.36 MB)Download
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.