Abstract
This paper proposes security techniques for counteracting attacks from malicious end hosts in a software defined networking (SDN) environment. This paper describes the design of a security architecture, which comprises a security management application running in the SDN controller for specifying and evaluating security policies, and security components in the switches for enforcing these security policies on network flows. Our proposed security solution helps to detect the attacking end hosts even before the flow requests from the malicious end hosts are forwarded to the SDN controller. Furthermore, if the end hosts become malicious after the interactions with the SDN controller and generate attacks in the data plane, then our architecture has mechanisms to address these attacks that occur after the establishment of routes by the SDN controller. The domain wide network visibility of the SDN controller enables our security architecture to achieve dynamic management of the security policies. The enforcement of security policies in the data plane is tailored to the functionality available in the network switches, making the proposed security solution practical. We describe the implementation of the proposed security architecture and analyze its security and performance characteristics. We also discuss the advantages of the proposed security architecture over existing solutions.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
More From: IEEE Transactions on Network and Service Management
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.