Towards Robust, Accountable and Multitenancy-Friendly Control Plane in Software-Defined Networks
Loading...
Date
2018-08-06
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Software-Defined Networking (SDN) has quickly emerged as a new promising technology for
future networks. Its decoupling of the logically centralized control plane from the data plane makes
the network management more flexible. However, recently, there are several trends to the computer
networks that bring new challenges to the SDN. First, with the rapid expansion of computer networks,
there will be much more network events along with the large volume of network traffic
that brings the scalability issue to the SDN control plane. The scalability issue could bring even
more challenging security threat. Second, the third-party applications in the SDN control plane
are becoming more complex and prone to bugs/vulnerabilities. However, existing network diagnosis
tools cannot directly apply to the SDN since they cannot reason the root causes within the
buggy/vulnerable application. Third, many enterprise networks migrate to the Infrastructure-asa-
Service clouds. However, existing IaaS clouds only allow the cloud administrator to enjoy the
benefit of SDN. The cloud tenants are not able to enjoy the technique of SDN in the clouds due
to several security and privacy issues. Motivated by these challenges, we aim to enhance several
new features to the SDN control plane. Our target is to design a secure SDN control plane which
is: 1) robust to handle spikes of data plane events and even flooding attacks; 2) accountable to give
records and explanation about how the flow control decisions have been made to help the diagnosis
of networking problems; and 3) multitenancy-friendly to allow multitenancy management of
network functions in the Infrastructure-as-a-Service clouds.
In this dissertation work, we propose three extensions to the SDN control plane to enhance
the three new features. To make the SDN control plane robust, we design a scalable, efficient,
lightweight, and protocol-independent defense framework for SDN networks to prevent the datato-
control plane saturation attack. To make the SDN control plane accountable, we provide finegrained
forensics and diagnosis functions in the SDN networks. To make the SDN control plane
multitenancy-friendly, we introduce a new cloud usage paradigm: Bring Your Own Controller
(BYOC), which offers each tenant an individual SDN controller, where tenants can deploy SDN
applications to manage their network. We also propose how to design a new SDN control plane
from the scratch by integrating the three extensions. The evaluation results show that our solution
can meet the needs and achieve a secure SDN framework.
Description
Keywords
Computer Security, Software-Defined Networks