ControllerDAC: securing SDN controller with dynamic access control

Abstract : Software-Defined Networking (SDN), as a new network paradigm, has the advantages of centralizing control and global visibility over the whole network. However, security issues remain to be a significant concern and impede SDN from being widely adopted. The most straightforward approach to mitigate the threat from malicious OpenFlow applications (OF app) is using permission set for controlling access from OF app to SDN controller. Unfortunately, most of them, if not all, adopt simply static permission control. In this paper, we will address the app-to-control threats along with the four permission categories: READ, ADD, UPDATE and REMOVE on four open source SDN controllers, including OpenDaylight, ONOS, Floodlight, and Ryu. We found that malicious OF app still can infect SDN controllers which are even hardened by the static permission control. Therefore, we present Controller DAC (SDN Controller Dynamic Access Control System), which is a controller-independent dynamic access control system for protecting SDN controllers against API abuse. In our implementation, Controller DAC requires low deployment complexity for securing SDN controllers, and most of time its operation is independent from underlying SDN controller. The preliminary experimental results show that Controller DAC can prevent SDN controllers from API abuse with less than 0.5% performance overhead
Type de document :
Communication dans un congrès
ICC 2017 : IEEE International Conference on Communications, May 2017, Paris, France. IEEE Computer Society, Proceedings ICC 2017 : IEEE International Conference on Communications, pp.1 - 6, 2017, 〈10.1109/ICC.2017.7997249〉
Liste complète des métadonnées

https://hal.archives-ouvertes.fr/hal-01738732
Contributeur : Médiathèque Télécom Sudparis & Institut Mines-Télécom Business School <>
Soumis le : mardi 20 mars 2018 - 17:18:57
Dernière modification le : jeudi 24 janvier 2019 - 01:16:14

Identifiants

Citation

Yuchia Tseng, Montida Pattaranantakul, Ruan He, Zonghua Zhang, Farid Naït-Abdesselam. ControllerDAC: securing SDN controller with dynamic access control. ICC 2017 : IEEE International Conference on Communications, May 2017, Paris, France. IEEE Computer Society, Proceedings ICC 2017 : IEEE International Conference on Communications, pp.1 - 6, 2017, 〈10.1109/ICC.2017.7997249〉. 〈hal-01738732〉

Partager

Métriques

Consultations de la notice

48