A trust management framework for software-defined network applications
Zhen Yao
The State Key Laboratory on Integrated Services Networks, School of Cyber Engineering, Xidian University, Xi'an 710071, China
Search for more papers by this authorCorresponding Author
Zheng Yan
The State Key Laboratory on Integrated Services Networks, School of Cyber Engineering, Xidian University, Xi'an 710071, China
Department of Communications and Networking, Aalto University, Espoo 02150, Finland
Zheng Yan, The State Key Laboratory on Integrated Services Networks, School of Cyber Engineering, Xidian University, Xi'an 710071, China; or Department of Communications and Networking, Aalto University, Espoo 02150, Finland.
Email: [email protected]; [email protected]
Search for more papers by this authorZhen Yao
The State Key Laboratory on Integrated Services Networks, School of Cyber Engineering, Xidian University, Xi'an 710071, China
Search for more papers by this authorCorresponding Author
Zheng Yan
The State Key Laboratory on Integrated Services Networks, School of Cyber Engineering, Xidian University, Xi'an 710071, China
Department of Communications and Networking, Aalto University, Espoo 02150, Finland
Zheng Yan, The State Key Laboratory on Integrated Services Networks, School of Cyber Engineering, Xidian University, Xi'an 710071, China; or Department of Communications and Networking, Aalto University, Espoo 02150, Finland.
Email: [email protected]; [email protected]
Search for more papers by this authorSummary
The emergence of software-defined network (SDN) has brought unprecedented innovation to current networks. SDN's two most notable features are decoupling and programmability. Decoupling makes network management centralized in a control plane. Meanwhile, having benefitted from the programmable characteristic of SDN, new functions of networking can be easily realized. However, these features also introduce new security issues to SDN. Through the programming interface provided by SDN, software engineers can easily develop network applications to generate networking policies for SDN's control planes for the purpose of guiding network routing. However, it is hard to guarantee the security and quality of these new applications. Malicious or low-quality applications could damage a whole network. To solve this problem, we propose a novel trust management framework for SDN applications in this paper. It can evaluate applications' trust values based on their impact on the network performance (such as time delay, packet loss rate, throughput, etc). These trust values further play a decisive role for managing and selecting applications in SDN. We evaluate this framework's performance through a prototype system implemented based on a floodlight controller. The experimental results show the accuracy and effectiveness of our design.
REFERENCES
- 1Matias J, Garay J, Toledo N, Unzilla J, Jacob E. Toward an SDN-enabled NFV architecture. IEEE Commun Mag. 2015; 53(4): 187–193. https://doi.org/10.1109/MCOM.2015.7081093
- 2Kreutz D, Ramos FM, Verissimo PE, Rothenberg CE, Azodolmolky S, Uhlig S. Software-defined networking: a comprehensive survey. Proc IEEE. 2015; 103(1): 14–76. https://doi.org/10.1109/JPROC.2014.2371999
- 3Kim H, Feamster N. Improving network management with software defined networking. IEEE Commun Mag. 2013; 51(2): 114–119. https://doi.org/10.1109/MCOM.2013.6461195
- 4Fu Y, Yan Z, Li H, Xin XL, Cao J. A secure SDN based multi-RANs architecture for future 5G networks. Comput Secur. 2017; 70: 648–662. https://doi.org/10.1016/j.cose.2017.08.013
- 5Moyano RF, Cambronero DF, Triana LB. A user-centric SDN management architecture for NFV-based residential networks. Comput Stand Interfaces. 2017; 54(4): 279–292. https://doi.org/10.1016/j.csi.2017.01.010
- 6Costa-Perez X, Garcia-Saavedra A, Li X, et al. 5G-Crosshaul: an SDN/NFV integrated fronthaul/backhaul transport network architecture. IEEE Wirel Commun. 2017; 24(1): 38–45. https://doi.org/10.1109/MWC.2017.1600181WC
- 7Trivisonno R, Guerzoni R, Vaishnavi I, Soldani D. SDN-based 5G mobile networks: architecture, functions, procedures and backward compatibility. Trans Emerg Telecommun Technol. 2015; 26(1): 82–92. https://doi.org/10.1002/ett.2915
- 8Scott-Hayward S, Natarajan S, Sezer S. A survey of security in software defined networks. IEEE Commun Surv Tutor. 2016; 18(1): 623–654. https://doi.org/10.1109/COMST.2015.2453114
- 9Bian S S, Zhang P, Yan Z. A survey on software-defined networking security. Paper presented at: 2nd International Workshop on 5G Security held in conjunction with 9th EAI International Conference on Mobile Multimedia Communications; 2016; Xi'an, China.
- 10Yao Z, Yan Z. Security in software-defined-network: A survey. Paper presented at: 9th International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage; 2016; Zhangjiajie, China.
- 11Yan Q, Yu FR, Gong Q, Li J. Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun Surv Tutor. 2016; 18(1): 602–622. https://doi.org/10.1109/COMST.2015.2487361
- 12Lim S, Ha J, Kim H, Kim Y, Yang S. A SDN-oriented DDoS blocking scheme for botnet-based attacks. Paper presented at: 6th International Conference on Ubiquitous and Future Networks; 2014; Shanghai, China.
- 13Mousavi S M, St-Hilaire M. Early detection of DDoS attacks against SDN controllers. Paper presented at: International Conference on Computing, Networking and Communications; 2015; Anaheim, CA.
- 14Braga R, Mota E, Passito A. Lightweight DDoS flooding attack detection using NOX/OpenFlow. Paper presented at: IEEE 35th Conference on Local Computer Networks; 2010; Denver, CO.
- 15Oktian YE, Lee S, Lee H. Mitigating denial of service (DoS) attacks in openflow networks. Paper presented at: International Conference on Information and Communication Technology Convergence; 2014; Busan, South Korea.
- 16Lim S, Yang S, Kim Y, Yang S, Kim H. Controller scheduling for continued SDN operation under DDoS attacks. Electronic Lett. 2015; 51(16): 1259–1261. https://doi.org/10.1049/el.2015.0334
- 17Dabbagh M, Hamdaoui B, Guizani M, Rayes A. Software-defined networking security: pros and cons. IEEE Commun Mag. 2015; 53(6): 73–79. https://doi.org/10.1109/MCOM.2015.7120048
- 18Belyaev M, Gaivoronski S. Towards load balancing in SDN-networks during DDoS-attacks. Paper presented at: First International Science and Technology Conference (Modern Networking Technologies); 2014; Moscow, Russia.
- 19Ali ST, Sivaraman V, Radford A, Jha S. A survey of securing networks using software defined networking. IEEE Trans Reliab. 2015; 64(3): 1086–1097. https://doi.org/10.1109/TR.2015.2421391
- 20He B, Dong L, Xu T, Fei S, Zhang H, Wang W. Research on network programming language and policy conflicts for SDN. Concurr Comput Pract Exp. 2017; 29(19). https://doi.org/10.1002/cpe.4218
- 21Porras P, Shin S, Yegneswaran V, Fong M, Tyson M, Gu G. A security enforcement kernel for OpenFlow networks. Paper presented at: 1st workshop on Hot topics in software defined networks; 2012; Helsinki, Finland.
- 22Porras PA, Cheung S, Fong MW, Skinner K, Yegneswaran V. Securing the software defined network control layer. Paper presented at: Network and Distributed System Security Symposium; 2015; San Diego, CA.
- 23Shin S, Porras PA, Yegneswaran V, Fong MW, Gu G, Tyson M. FRESCO: Modular composable security services for software-defined networks. Paper presented at: Network and Distributed System Security Symposium; 2013; San Diego, CA.
- 24Ferguson AD, Guha A, Liang C, Fonseca R, Krishnamurthi S. Participatory networking: an API for application control of SDNs. ACM SIGCOMM Comput Commun Rev. 2013; 43(4): 327–338. https://doi.org/10.1145/2534169.2486003
- 25Chandrasekaran B, Benson T. Tolerating SDN application failures with LegoSDN. Paper presented at: 13th ACM Workshop on Hot Topics in Networks; 2014; Los Angeles, CA.
- 26Shin S, Song Y, Lee T, et al. A robust, secure, and high-performance network operating system. Paper presented at: ACM SIGSAC Conference on Computer and Communications Security; 2014; Scottsdale, AR.
- 27Scott-Hayward S, Kane C, Sezer S. Operationcheckpoint: SDN application control. Paper presented at: 22nd International Conference on Network Protocols; 2014; Raleigh, NC.
- 28Banse C, Rangarajan S. A secure northbound interface for SDN applications. Paper presented at: Trustcom/BigDataSE/ISPA; 2015; Helsinki, Finland.
- 29Wen X, Chen Y, Hu C, Shi C, Wang Y. Towards a secure controller platform for openflow applications. Paper presented at: 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking; August 2013; Sha Tin, Hong Kong.
- 30Wang M, Liu J, Chen J, Liu X, Mao J. Perm-guard: authenticating the validity of flow rules in software defined networking. J Signal Process Syst. 2017; 86(2-3): 157–173. https://doi.org/10.1007/s11265-016-1115-8
- 31Wu A, Liu R, Ni W, Kaafar D, Huang X. AC-PROT: An access control model to improve software-defined networking security. Paper presented at: IEEE 85th Vehicular Technology Conference; 2017; Sydney, Australia.
- 32Ma Y, Wu Y, Ge J, Li J. An architecture for accountable anonymous access in the Internet-of-Things network. IEEE Access. 2018. https://doi.org/10.1109/ACCESS.2018.2806483
- 33Huang C, Min G, Wu Y, Ying Y, Pei K, Xiang Z. Time series anomaly detection for trustworthy services in cloud computing systems. IEEE Trans Big Data. 2017. https://doi.org/10.1109/TBDATA.2017.2711039
- 34Yan Z, Cofta P. A mechanism for trust sustainability among trusted computing platforms. Paper presented at: International Conference on Trust, Privacy and Security in Digital Business; 2004; Zaragoza, Spain.
- 35Yan Z, Zhang P, Vasilakos AV. A security and trust framework for virtualized networks and software-defined networking. Secur Commun Netw. 2016; 9(16): 3059–3069. https://doi.org/10.1049/el.2015.0334
- 36Suh D, Pack S. Low-complexity master controller assignment in distributed SDN controller environments. IEEE Commun Lett. 2018; 2(3): 490–493. doi: 10.1109/LCOMM.2017.2787590
- 37McKeown N, Anderson T, Balakrishnan H, Parulkar G, Peterson L. OpenFlow: enabling innovation in campus networks. ACM SIGCOMM Comput Commun Rev. 2008; 38(2): 69–74. https://doi.org/10.1145/1355734.1355746
- 38Yan Z. Trust Management in Mobile Environments: Usable and Autonomic Models. Hershey, PA: IGI Global; 2013.
- 39 Trusted Computing Group (TCG), TPM Main Specification, Version 1.2 Revision 94. 2014. https://trustedcomputinggroup.org/tpm-1-2-protection-profile/
- 40Ren J, Liu L, Zhang D, Zhang Q, Ba H. Tenants attested trusted cloud service. Paper presented at: IEEE 9th International Conference on Cloud Computing; 2016; San Francisco, CA
- 41Lauer H, Kuntze N. Hypervisor-based attestation of virtual environments. Paper presented at: UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld; 2016; Toulouse, France.
- 42Xu GW, Tang YK, Yan Z, Zhang P. TIM: A trust insurance mechanism for network function virtualization based on trusted computing. Paper presented at: 10th International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage; December 2017; Guangzhou, China.
