access icon free MNOS: a mimic network operating system for software defined networks

© The Institution of Engineering and Technology
Received 23/02/2017, Accepted 12/06/2017, Published 16/06/2017

Software defined networking (SDN) enables the network more flexible, open and programmable. However, as the network control and intelligence lay on the centralised controller, its security becomes even more important, and a minor change may have a direct crucial impact on the entire network. Numerous research results have shown that the SDN controller not only faces traditional security threats, but also has to tackle the challenges introduced by its unique centralised architecture. In this study, the authors present a novel SDN controller framework called mimic network operating system (MNOS). The main ideas behind MNOS are cyberspace mimic defence (CMD), which is proposed by academician Wu's team recently. By introducing the CMD into the design of SDN controllers, they come out with an N -variant controller framework with dynamic, heterogeneous and redundant characteristics. MNOS has a design-in security mechanism, its main features are: (i) effectively protects the controller from the attacks as hijacking and data modification without relying on prior knowledge of vulnerabilities; (ii) constantly monitors the behaviours of variants to detect unknown attacks; (iii) greatly improves the reliability of controllers. Theoretical analysis and experimental results show that MNOS can achieve considerable security gains and effectively improve security performance of SDN controller.

Inspec keywords: network operating systems; computer network security; software defined networking; computer network reliability

Other keywords: security threats; CMD; cyberspace mimic defence; mimic network operating system; data modification; revolutionary technology; controller protection; centralised architecture; MNOS; variant behaviour monitoring; network control; centralised controller; reliability performance; software defined networks; security gains; N-variant controller framework; SDN controller framework; unknown attacks detection; hijacking

Subjects: Computer communications; Computer network performance; Reliability; Computer networks and techniques; Data security; Other distributed systems software

References

    1. 1)
      • 10. Lee, J., Uddin, M., Tourrilhes, J., et al: ‘meSDN: mobile extension of SDN’. Proc. of the Fifth Int. Workshop Mobile Cloud Computing & Services, Bretton Woods, New Hampshire, USA, 2014, pp. 714.
    2. 2)
      • 37. BFT-SMaRt. Available at http://code.google.com/p/bft-smart/.
    3. 3)
      • 20. Floodlight Controller, Floodlight Documentation, For Developers, Architecture. Available at http://www.projectfloodlight.org/floodlight/.
    4. 4)
      • 4. Mijumbi, R., Serrat, J., Gorricho, J., et al: ‘Network function virtualization: state-of-the art and research challenges’, IEEE Commun. Surv. Tutor., 2015, PP, (99), p. 1, doi: 10.1109/COMST. 2015.2477041.
    5. 5)
      • 27. Katta, N., Zhang, H., Freedman, M., et al: ‘Ravana: controller fault-tolerance in software-defined networking’. ACM Symp. for SDN Research (SOSR), June 2015.
    6. 6)
      • 5. Kannan, K., Banerjee, S.: ‘Scissors: dealing with header redundancies in data centers through SDN’. Proc. of the 8th Int. Conf. Network and Services Management, Las Vegas, Nevada, 2013, pp. 295301.
    7. 7)
      • 28. Eldefrawy, K., Kaczmarek, T.: ‘Byzantine fault tolerant software-defined networking (SDN) controllers’. MidCCI 2016: The 2nd IEEE Int. Workshop on Middleware for Cyber Security, Cloud Computing and Internetworking, Atlana, GA, 2016.
    8. 8)
      • 14. Scott-Hayward, S., Natarajan, S., Sezer, S.: ‘A survey of security in software defined networks’, IEEE Commun. Surv. Tutor., 2016, 18, (1), pp. 623654, doi: 10.1109/COMST.2015.2453114.
    9. 9)
      • 24. Botelho, F.A., Ramos, F.M.V., Kreutz, D., et al: ‘On the feasibility of a consistent and fault-tolerant data store for SDNs’. Second European Workshop on Software Defined Networks (EWSDN), 2013, 2013, pp. 3843.
    10. 10)
      • 30. Chandrasekaran, B., Benson, T.: ‘Tolerating SDN application failures with LegoSDN’. Proc. of the 13th ACM Workshop on Hot Topics in Networks, 2014, p. 22.
    11. 11)
      • 15. National Science and Technology Council, Trustworthy Cyberspace: Strategic Plan for The Federal Cybersecurity Research and Development Program, December 2011.
    12. 12)
      • 2. McKeown, N., Anderson, T., Balakrishnan, H., et al: ‘OpenFlow: enabling innovation in campus networks’, ACM SIGCOMM Comput. Commun. Rev., 2008, 38, (2), pp. 6974.
    13. 13)
      • 19. Porras, P., Shin, S., Yegneswaran, V., et alA security enforcement kernel for OpenFlow networks’. Proc. of the First Workshop on Hot Topics in Software Defined Networks, 2012, pp. 121126.
    14. 14)
      • 13. ETSI ISG Network Functions Virtualization Security Expert Group. Available at http://www.etsi.org/technologies-clusters/ technologies/nfv.
    15. 15)
      • 38. Garcia, M., Bessani, A., Gashi, I., et al: ‘Analysis of OS diversity for intrusion tolerance’, Softw. Pract. Exp., 2012, 00, pp. 136.
    16. 16)
      • 31. Wen, X., Chen, Y., Hu, C., et al: ‘Towards a secure controller platform for openflow applications’. Proc. of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, 2013, pp. 171172.
    17. 17)
      • 26. Kim, H., Santos, J.R., Turner, Y., et al: ‘CORONET: fault tolerance for software defined networks’. 20th IEEE Int. Conf. Network Protocols (ICNP), 2012, October 2012, pp. 12.
    18. 18)
      • 6. Ghobadi, M., Yeganeh, S.H., Ganjali, Y.: ‘Rethinking end-to-end congestion control in software-defined networks’. Proc. of the 11th ACM Workshop on Hot Topics in Networks, Redmond, Washington, 2012, pp. 6166.
    19. 19)
      • 11. Jin, D., Nicol, D.M.: ‘Parallel simulation of software defined networks’. Proc. of the 2013 ACM SIGSIM Conf. Principles of Advanced Discrete Simulation, Canada, 2013, pp. 91102.
    20. 20)
      • 25. Botelho, F., Bessani, A., Ramos, F.M., et al: ‘On the design of practical fault-tolerant sdn controllers’. Proc. of the 3rd European Workshop on Software Defined Networks (EWSDN), 2014, vol. 14.
    21. 21)
      • 32. Shin, S., Porras, P., Yegneswaran, V., et al: ‘FRESCO: modular composable security services for software-defined networks’. Proc. of Network and Distributed Security Symp., 2013.
    22. 22)
      • 3. Yang, M., Li, Y., Jin, D., et al: ‘OpenRAN: a software defined ran architecture via virtualization’. Proc. of the ACM SIGCOMM 2013 Conf. SIGCOMM, Hong Kong, China, 2013, pp. 549550.
    23. 23)
      • 17. Wu, J.: ‘Cyberspace mimic defense’. Technical Report, National Digital Switching System Engineering & Technological R&D Center, 2013–2016.
    24. 24)
      • 16. Li, H., Li, P., Guo, S., et al: ‘Byzantine-resilient secure software-defined networks with multiple controllers in cloud’, IEEE Trans. Cloud Comput., 2014, 2, (4), pp. 436447, doi:10.1109/TCC.2014.2355227.
    25. 25)
      • 7. Li, D., Chen, G.H., Ren, F.Y., et al: ‘Data center network research process and trends’, Chin. J. Comput., 2014, 37, (02), pp. 259274, doi: 10.3724/SP.J.1016.2014.00259.
    26. 26)
      • 18. Gude, N., Koponen, T., Pettit, J., et al: ‘NOX: towards an operating system for networks’, ACM SIGCOMM Comput. Commun. Rev., 2008, 38, (3), pp. 105110.
    27. 27)
      • 1. Casado, M., Freedman, M.J., Pettit, J., et al: ‘Ethane: taking control of the enterprise’, ACM SIGCOMM Comput. Commun. Rev., 2007, 37, (4), pp. 112.
    28. 28)
      • 35. Berde, P., Gerola, M., Hart, J., et al: ‘ONOS: towards an open, distributed SDN OS’. Proc. of the Third Workshop on Hot Topics in Software Defined Networking, 2014, pp. 16.
    29. 29)
      • 33. Noxrepo.org, About POX. Available at http://www.noxrepo.org/pox/about-pox/.
    30. 30)
      • 9. Yi, G., Lee, S.: ‘Fully distributed handover based on SDN in heterogeneous wireless networks’. Proc. of the 8th Int. Conf. Ubiquitous Information Management and Communications, Siem Reap, Cambodia, 2014, pp. 17.
    31. 31)
      • 23. Li, H., Li, P., Guo, S., et al: ‘Byzantine-resilient secure software defined networks with multiple controllers’. IEEE Int. Conf. Communications (ICC), 2014, 2014, pp. 695700.
    32. 32)
      • 29. Shin, S., Song, Y., Lee, T., et al: ‘Rosemary: a robust, secure, and high performance network operating system’. Proc. of the 2014 ACM SIGSAC Conf. Computer and Communications Security, 2014, pp. 7889.
    33. 33)
      • 8. Suresh, L., Schulz-Zander, J., Merz, R., et al: ‘Demo: programming enterprise WLANs with odin’, SIGCOMM Comput. Commun. Rev., 2012, 42, (4), pp. 279280.
    34. 34)
      • 12. Open Networking Foundation Security Working Group. Available at https://www.opennetworking.org/technical-communities/areas/services.
    35. 35)
      • 39. OpenFlow Switch Specification Version 1.4, Open Networking Foundation. Available at https://www.opennetworking.org.
    36. 36)
      • 36. Bessani, A., Sousa, J., Alchieri, E.: ‘State machine replication for the masses with BFT-SMaRt’. Technical Report DI-FCUL TR, October 2013.
    37. 37)
      • 21. OPENFLOWSEC.ORG, Security-Enhanced Floodlight. Available at www.openflowsec.org.
    38. 38)
      • 22. Porras, P., Cheung, S., Fong, M., et al: ‘Securing the software-defined network control layer’. Proc. of the 2015 Network and Distributed System Security Symp. (NDSS), February 2015.
    39. 39)
      • 34. OpenDaylight: A Linux Foundation Collaborative Project, 2014. Available at http://www.opendaylight.org.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2017.0085
Loading

Related content

content/journals/10.1049/iet-ifs.2017.0085
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading