DMoiSDN: A defensive mechanism of object integrity for SDN

Abstract

SummarySoftware‐defined network (SDN) technology is widely used for computer networks, especially in enterprise data centers and virtualized networking. However, SDN networks encounter severe challenges to security. One such challenge comes from third‐party applications that contain malicious logic and security vulnerabilities, resulting in controller integrity attacks. In this paper, we propose a defensive mechanism of object integrity for SDN (DMoiSDN) to mitigate the issue known as Cross‐App Poisoning (CAP). Our results contribute to increasing the integrity level of the controller's resources by conducting a potential risk analysis, which showed a decrease of 57% in the risk factor for potential attacks. We further examined the results of comparing DMoiSDN's performance with related work that uses information flow control (IFC) policies. The best results among the three conducted scenarios were as follows: we found that decreased latency in our system ranged from 12% to 90%, with an average of 59%, when encountering an increase in requests. It ranged from 78% to 49%, with an average of 63%, when receiving a variable number of total permissions for each application. DMoiSDN is expected to show a perceptible but reasonable latency and, to some extent, be able to avoid a critical impact on performance.