HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation
Conference papers

SDN Intent-based conformance checking: application to security policies

Abstract : With the popularity of software defined networking architectures, the growing complexity of its use cases dictates the need for better auditability especially for security. In this paper, we aim at facilitating high-level management-plane policy configuration conformance auditing and their reflection in the data plane, to detect missing or spurious flow rules with respect to security policies. To this end, we propose an efficient conformance checking approach based on an intentional northbound interface as well as traces of management, control and data plane. Leveraging a proof-of-concept implementation of our approach, we compare its conformance-checking runtime and precision against a direct method on virtual topologies and find that it significantly improves scalability. We conclude by proposing directions for further enhancements extending the techniques presented herein.
Document type :
Conference papers
Complete list of metadata

Contributor : Nicolas Herbaut Connect in order to contact the contributor
Submitted on : Sunday, April 25, 2021 - 4:01:59 PM
Last modification on : Friday, April 29, 2022 - 10:12:50 AM
Long-term archiving on: : Monday, July 26, 2021 - 6:09:32 PM


Files produced by the author(s)


  • HAL Id : hal-03207525, version 1


Nicolas Herbaut, Camilo Correa, Jacques Robin, Raul Mazo. SDN Intent-based conformance checking: application to security policies. 7th IEEE International Conference on Network Softwarization (IEEE NetSoft 2021), Jun 2021, Tokyo (virtual), Japan. ⟨hal-03207525⟩



Record views


Files downloads