© The Institution of Engineering and Technology
Software defined networking (SDN) enables the network more flexible, open and programmable. However, as the network control and intelligence lay on the centralised controller, its security becomes even more important, and a minor change may have a direct crucial impact on the entire network. Numerous research results have shown that the SDN controller not only faces traditional security threats, but also has to tackle the challenges introduced by its unique centralised architecture. In this study, the authors present a novel SDN controller framework called mimic network operating system (MNOS). The main ideas behind MNOS are cyberspace mimic defence (CMD), which is proposed by academician Wu's team recently. By introducing the CMD into the design of SDN controllers, they come out with an N -variant controller framework with dynamic, heterogeneous and redundant characteristics. MNOS has a design-in security mechanism, its main features are: (i) effectively protects the controller from the attacks as hijacking and data modification without relying on prior knowledge of vulnerabilities; (ii) constantly monitors the behaviours of variants to detect unknown attacks; (iii) greatly improves the reliability of controllers. Theoretical analysis and experimental results show that MNOS can achieve considerable security gains and effectively improve security performance of SDN controller.
References
-
-
1)
-
10. Lee, J., Uddin, M., Tourrilhes, J., et al: ‘meSDN: mobile extension of SDN’. Proc. of the Fifth Int. Workshop Mobile Cloud Computing & Services, Bretton Woods, New Hampshire, USA, 2014, pp. 7–14.
-
2)
-
3)
-
4)
-
4. Mijumbi, R., Serrat, J., Gorricho, J., et al: ‘Network function virtualization: state-of-the art and research challenges’, IEEE Commun. Surv. Tutor., 2015, PP, (99), p. 1, .
-
5)
-
27. Katta, N., Zhang, H., Freedman, M., et al: ‘Ravana: controller fault-tolerance in software-defined networking’. ACM Symp. for SDN Research (SOSR), June 2015.
-
6)
-
5. Kannan, K., Banerjee, S.: ‘Scissors: dealing with header redundancies in data centers through SDN’. Proc. of the 8th Int. Conf. Network and Services Management, Las Vegas, Nevada, 2013, pp. 295–301.
-
7)
-
28. Eldefrawy, K., Kaczmarek, T.: ‘Byzantine fault tolerant software-defined networking (SDN) controllers’. MidCCI 2016: The 2nd IEEE Int. Workshop on Middleware for Cyber Security, Cloud Computing and Internetworking, Atlana, GA, 2016.
-
8)
-
14. Scott-Hayward, S., Natarajan, S., Sezer, S.: ‘A survey of security in software defined networks’, IEEE Commun. Surv. Tutor., 2016, 18, (1), pp. 623–654, .
-
9)
-
24. Botelho, F.A., Ramos, F.M.V., Kreutz, D., et al: ‘On the feasibility of a consistent and fault-tolerant data store for SDNs’. Second European Workshop on Software Defined Networks (EWSDN), 2013, 2013, pp. 38–43.
-
10)
-
30. Chandrasekaran, B., Benson, T.: ‘Tolerating SDN application failures with LegoSDN’. Proc. of the 13th ACM Workshop on Hot Topics in Networks, 2014, p. 22.
-
11)
-
12)
-
2. McKeown, N., Anderson, T., Balakrishnan, H., et al: ‘OpenFlow: enabling innovation in campus networks’, ACM SIGCOMM Comput. Commun. Rev., 2008, 38, (2), pp. 69–74.
-
13)
-
19. Porras, P., Shin, S., Yegneswaran, V., et al ‘A security enforcement kernel for OpenFlow networks’. Proc. of the First Workshop on Hot Topics in Software Defined Networks, 2012, pp. 121–126.
-
14)
-
15)
-
38. Garcia, M., Bessani, A., Gashi, I., et al: ‘Analysis of OS diversity for intrusion tolerance’, Softw. Pract. Exp., 2012, 00, pp. 1–36.
-
16)
-
31. Wen, X., Chen, Y., Hu, C., et al: ‘Towards a secure controller platform for openflow applications’. Proc. of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, 2013, pp. 171–172.
-
17)
-
26. Kim, H., Santos, J.R., Turner, Y., et al: ‘CORONET: fault tolerance for software defined networks’. 20th IEEE Int. Conf. Network Protocols (ICNP), 2012, October 2012, pp. 1–2.
-
18)
-
6. Ghobadi, M., Yeganeh, S.H., Ganjali, Y.: ‘Rethinking end-to-end congestion control in software-defined networks’. Proc. of the 11th ACM Workshop on Hot Topics in Networks, Redmond, Washington, 2012, pp. 61–66.
-
19)
-
11. Jin, D., Nicol, D.M.: ‘Parallel simulation of software defined networks’. Proc. of the 2013 ACM SIGSIM Conf. Principles of Advanced Discrete Simulation, Canada, 2013, pp. 91–102.
-
20)
-
25. Botelho, F., Bessani, A., Ramos, F.M., et al: ‘On the design of practical fault-tolerant sdn controllers’. Proc. of the 3rd European Workshop on Software Defined Networks (EWSDN), 2014, vol. 14.
-
21)
-
32. Shin, S., Porras, P., Yegneswaran, V., et al: ‘FRESCO: modular composable security services for software-defined networks’. Proc. of Network and Distributed Security Symp., 2013.
-
22)
-
3. Yang, M., Li, Y., Jin, D., et al: ‘OpenRAN: a software defined ran architecture via virtualization’. Proc. of the ACM SIGCOMM 2013 Conf. SIGCOMM, Hong Kong, China, 2013, pp. 549–550.
-
23)
-
17. Wu, J.: ‘Cyberspace mimic defense’. , National Digital Switching System Engineering & Technological R&D Center, 2013–2016.
-
24)
-
16. Li, H., Li, P., Guo, S., et al: ‘Byzantine-resilient secure software-defined networks with multiple controllers in cloud’, IEEE Trans. Cloud Comput., 2014, 2, (4), pp. 436–447, .
-
25)
-
7. Li, D., Chen, G.H., Ren, F.Y., et al: ‘Data center network research process and trends’, Chin. J. Comput., 2014, 37, (02), pp. 259–274, .
-
26)
-
18. Gude, N., Koponen, T., Pettit, J., et al: ‘NOX: towards an operating system for networks’, ACM SIGCOMM Comput. Commun. Rev., 2008, 38, (3), pp. 105–110.
-
27)
-
1. Casado, M., Freedman, M.J., Pettit, J., et al: ‘Ethane: taking control of the enterprise’, ACM SIGCOMM Comput. Commun. Rev., 2007, 37, (4), pp. 1–12.
-
28)
-
35. Berde, P., Gerola, M., Hart, J., et al: ‘ONOS: towards an open, distributed SDN OS’. Proc. of the Third Workshop on Hot Topics in Software Defined Networking, 2014, pp. 1–6.
-
29)
-
30)
-
9. Yi, G., Lee, S.: ‘Fully distributed handover based on SDN in heterogeneous wireless networks’. Proc. of the 8th Int. Conf. Ubiquitous Information Management and Communications, Siem Reap, Cambodia, 2014, pp. 1–7.
-
31)
-
23. Li, H., Li, P., Guo, S., et al: ‘Byzantine-resilient secure software defined networks with multiple controllers’. IEEE Int. Conf. Communications (ICC), 2014, 2014, pp. 695–700.
-
32)
-
29. Shin, S., Song, Y., Lee, T., et al: ‘Rosemary: a robust, secure, and high performance network operating system’. Proc. of the 2014 ACM SIGSAC Conf. Computer and Communications Security, 2014, pp. 78–89.
-
33)
-
8. Suresh, L., Schulz-Zander, J., Merz, R., et al: ‘Demo: programming enterprise WLANs with odin’, SIGCOMM Comput. Commun. Rev., 2012, 42, (4), pp. 279–280.
-
34)
-
35)
-
36)
-
36. Bessani, A., Sousa, J., Alchieri, E.: ‘State machine replication for the masses with BFT-SMaRt’. , October 2013.
-
37)
-
38)
-
22. Porras, P., Cheung, S., Fong, M., et al: ‘Securing the software-defined network control layer’. Proc. of the 2015 Network and Distributed System Security Symp. (NDSS), February 2015.
-
39)
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2017.0085
Related content
content/journals/10.1049/iet-ifs.2017.0085
pub_keyword,iet_inspecKeyword,pub_concept
6
6