Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Article type: Research Article
Authors: Hessam, Ghandia; * | Saba, Ghassanb | Alkhayat, M. Iyada
Affiliations: [a] Department of Systems and Computer Networks, Faculty of Information Technology Engineering, Damascus University, Syria. E-mails: [email protected], [email protected] | [b] Informatics Engineering, Higher Institute for Applied Sciences and Technology, Syria. E-mail: [email protected]
Correspondence: [*] Corresponding author. E-mail: [email protected].
Abstract: The scale of Software Defined Networks (SDN) is expanding rapidly and the demands for security reinforcement are increasing. SDN creates new targets for potential security threats such as the SDN controller and networking devices in the data plane. Violation of data plane integrity might lead to abnormal behaviors of the overall network. In this paper, we propose a new security approach for OpenFlow-based SDN in order to detect violation of switches flow tables integrity and successfully locate the compromised switches online. We cover all aspects of integrity violation including flow rule adding, modifying and removing by an unauthorized entity. We achieve this by using the cookie field in the OpenFlow protocol to put in a suitable digest (hash) value for each flow entry. Moreover, we optimize our method performance by calculating a global digest value for the entire switch’s flow table that decides whether a switch is suspected of being compromised. Our method is also able to determine and handle false alarms that affect the coherence of a corresponding table digest. The implementation is a reactive java module integrated with the Floodlight controller. In addition, we introduce a performance evaluation for three different SDN topologies.
Keywords: Compromised switches, data plane security, floodlight controller, SDN security, Software Defined Networks (SDN)
DOI: 10.3233/JCS-200094
Journal: Journal of Computer Security, vol. 29, no. 3, pp. 341-358, 2021
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
[email protected]
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office [email protected]
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
如果您在出版方面需要帮助或有任何建, 件至: [email protected]