Automated permission model generation for securing SDN control-plane

Cited 0 time in webofscience Cited 0 time in scopus
  • Hit : 298
  • Download : 0
An important consideration in software-defined networks (SDNs), is that one SDN application, through a bug or API misuse, can break an entire SDN. While previous works have tried to mitigate such concerns by implementing access control mechanisms (permission models) for an SDN controller, they commonly require serious manual efforts in creating a permission model. Moreover, they do not support flexible permission models, and they are often tightly coupled with a specific SDN controller. To address such limitations, we introduce an automated permission generation and verification system called VOGUE. A distinguishing aspect of VOGUE is that it automatically generates flexible permission models and yet is completely separated from the SDN controller implementation. To demonstrate the feasibility of our approach, we implement a prototype, evaluate its completeness and soundness, and examine its performance. In addition, to show the effectiveness of VOGUE, we demonstrate its use cases and security impact to SDN in the context of popular SDN controllers.
Publisher
IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
Issue Date
2020-01
Language
English
Article Type
Article
Citation

IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, v.15, pp.1668 - 1682

ISSN
1556-6013
DOI
10.1109/TIFS.2019.2946928
URI
http://hdl.handle.net/10203/272605
Appears in Collection
EE-Journal Papers(저널논문)
Files in This Item
There are no files associated with this item.

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0