Towards an access control scheme for accessing flows in SDN

Felix Klaedtke, Ghassan O. Karame, Roberto Bifulco, Heng Cui

    Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

    Abstract

    Sharing network resources with user groups, divisions, or even other companies in software defined networking promises better network utilization. Resource sharing is effectively realized by empowering these tenants at the control plane with permissions for administrating network components. However, since the network resources at the data plane are shared and different tenants can have competing objectives, mechanisms are needed to protect the network resources from unauthorized access. In this paper, we propose mechanisms that focus on protecting the network flows, which are determined by the entries installed in the flow tables of the shared switches. To this end, we present an access control scheme, based on the OpenFlow model, for accessing the switches' flow tables and their entries. Our scheme accounts for various security requirements in multi-tenant networks, including requirements on sharing flow table entries for handling network flows, and the resolution of conflicts originating from the reconfiguration of network components.

    Original languageEnglish
    Title of host publication1st IEEE Conference on Network Softwarization
    Subtitle of host publicationSoftware-Defined Infrastructures for Networks, Clouds, IoT and Services, NETSOFT 2015
    PublisherInstitute of Electrical and Electronics Engineers Inc.
    ISBN (Electronic)9781479978991
    DOIs
    Publication statusPublished - 1 Jun 2015
    Event1st IEEE Conference on Network Softwarization, NETSOFT 2015 - London, United Kingdom
    Duration: 13 Apr 201517 Apr 2015

    Other

    Other1st IEEE Conference on Network Softwarization, NETSOFT 2015
    Country/TerritoryUnited Kingdom
    CityLondon
    Period13/04/1517/04/15

    Keywords

    • Access control
    • Network flows
    • OpenFlow
    • Reference monitor
    • Software defined networking

    Fingerprint

    Dive into the research topics of 'Towards an access control scheme for accessing flows in SDN'. Together they form a unique fingerprint.

    Cite this