Abstract
Sharing network resources with user groups, divisions, or even other companies in software defined networking promises better network utilization. Resource sharing is effectively realized by empowering these tenants at the control plane with permissions for administrating network components. However, since the network resources at the data plane are shared and different tenants can have competing objectives, mechanisms are needed to protect the network resources from unauthorized access. In this paper, we propose mechanisms that focus on protecting the network flows, which are determined by the entries installed in the flow tables of the shared switches. To this end, we present an access control scheme, based on the OpenFlow model, for accessing the switches' flow tables and their entries. Our scheme accounts for various security requirements in multi-tenant networks, including requirements on sharing flow table entries for handling network flows, and the resolution of conflicts originating from the reconfiguration of network components.
Original language | English |
---|---|
Title of host publication | 1st IEEE Conference on Network Softwarization |
Subtitle of host publication | Software-Defined Infrastructures for Networks, Clouds, IoT and Services, NETSOFT 2015 |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
ISBN (Electronic) | 9781479978991 |
DOIs | |
Publication status | Published - 1 Jun 2015 |
Event | 1st IEEE Conference on Network Softwarization, NETSOFT 2015 - London, United Kingdom Duration: 13 Apr 2015 → 17 Apr 2015 |
Other
Other | 1st IEEE Conference on Network Softwarization, NETSOFT 2015 |
---|---|
Country/Territory | United Kingdom |
City | London |
Period | 13/04/15 → 17/04/15 |
Keywords
- Access control
- Network flows
- OpenFlow
- Reference monitor
- Software defined networking