Skip to Main content Skip to Navigation
Conference papers

ControllerSEPA: a security-enhancing SDN controller plug-in for openflow applications

Abstract : Software-defined networking (SDN), as a new network paradigm, has the advantage of centralizing control and global visibility over a network. However, security issues remain a major concern and prevent SDN from being widely adopted. One of the challenges is the prevention of malicious OpenFlow application (OF app) access to the SDN controller as it opens a programmable northbound interface for third party applications. In this paper, we address app-to-control security issues with focus on five main attack vectors: unauthorized access, illegal function calling, malicious rules injection, resources exhausting and manin-the-middle attack. Based on the identified threat models, we develop a light-weight plug-in, which is called ControllerSEPA, by using RESTful API to defend SDN controller against malicious OF apps. Specifically, ControllerSEPA can provide the services including OF app-based AAA control (unlike OpenDaylight and ONOS which offer user-based or role-based AAA control), rule conflict resolution, OF app isolation, fine-grained access control and encryption. Furthermore, we study the feasibility of deploying ControllerSEPA on five open source SDN controllers: OpenDaylight, ONOS, Floodlight, Ryu and POX. Results show that the deployment operates with very low complexity, and most of time the modification of source codes is unnecessary. In our implementations, the repacked services in ControllerSEPA create negligible latency (0.1% to 0.3%) and can provide more rich services to OF apps
Complete list of metadata
Contributor : Médiathèque Télécom Sudparis & Institut Mines-Télécom Business School Connect in order to contact the contributor
Submitted on : Tuesday, March 20, 2018 - 5:25:41 PM
Last modification on : Wednesday, October 20, 2021 - 11:24:12 AM



Yuchia Tseng, Zonghua Zhang, Farid Naït-Abdesselam. ControllerSEPA: a security-enhancing SDN controller plug-in for openflow applications. Parallel and Distributed Computing, Applications and Technologies (PDCAT), 2016 17th International Conference on, Dec 2016, Guangzhou, China. pp.268 - 273, ⟨10.1109/PDCAT.2016.064⟩. ⟨hal-01738747⟩



Les métriques sont temporairement indisponibles