Towards efficient and secure SDN permission system

Abstract

This dissertation proposes an automation approach to improve the efficiency and security of the software-defined network (SDN) permission system. More specifically, existing SDN permission systems require human intervention in 1) permission reviewing process and 2) permission model generation and implementation process. In the permission reviewing process, a network operator should analyze the SDN application's source code and reads the application's description before installing it to an SDN controller to determine whether the declared permissions in the SDN application are appropriate. In the case of the permission model generation and implementation process, SDN security experts should analyze the assets retained on an SDN controller to design and implement a permission model for the SDN controller. However, such manual tasks are always error-prone and time-consuming, so they degrade security and cause inefficiency in using or building the SDN permission system. To address these problems, this dissertation proposes the novel approaches to automate the two processes (i.e., permission reviewing process, and permission model generation and implementation process) that require human intervention in the SDN permission system. To prove the feasibility of our approaches, we implement prototypes to automate each process and then evaluate them in the context of popular SDN controllers. Our evaluation clearly shows that our approaches enable us to build a more efficient and secure SDN permission system than prior ones.