ITC: Intrusion tolerant controller for multicontroller SDN architecture

Abstract

Software-Defined Networking (SDN) is a novel paradigm where the data plane and the control plane are decoupled on network devices. This approach places the control plane in an external entity, rather than in each individual device as in the traditional networking architecture to conquer the latter weaknesses such as the lack of global visibility of the network state. SDN simplifies network management, offers flexibility, and makes communication networks easier. However, SDN faces several security challenges, since the controller is considered as a single point of failure that may return the whole network down in case of a security compromise. Indeed, the single point of failure is partially tackled by the use of multi-controller mechanisms. However, simply using these mechanisms cannot avoid compromising vulnerable controllers due to their visible nature. In fact, the attacker needs just much more time to compromise the whole system. In this paper, we propose to approach the issue of intrusion tolerance in the SDN control plane by first applying a Recovery Based model which assumes that as soon as a system comes online it is compromised; therefore, periodic restoration to a good state is necessary. Secondly, we aim to establish Moving Target Defense (MTD) that provides a proactive defense against adaptive adversaries. The goal of the MTD in the Dispatcher is to constantly shift between multiple controllers with diverse configurations in order to increase the uncertainty for the attacker, in effect, diminishing the information gathered from the control plan during the reconnaissance phase of a potential attack. Finally, We put in place probabilistic models that can contribute to the perception of the performance of self-cleansing intrusion tolerance in the SDN control plane.