Towards a secure controller platform for openflow applications

Authors:
Xitao Wen;Yan Chen;Chengchen Hu;Chao Shi;Yi Wang
Affiliations:
Northwestern University, Evanston, IL, USA;Northwestern University, Evanston, IL, USA;Xi'an Jiaotong University, Xi'an, China;Northwestern University, Evanston, IL, USA;Tsinghua University, Beijing, China
Venue:
Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking
Year:
2013

Citing 3
Cited 1

NOX: towards an operating system for networks

ACM SIGCOMM Computer Communication Review
A NICE way to test openflow applications

NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
A security enforcement kernel for OpenFlow networks

Proceedings of the first workshop on Hot topics in software defined networks

AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

The OpenFlow (OF) paradigm embraces third-party development efforts, and therefore suffers from potential trust issue on OF applications (apps). The abuse of such trust could lead to various types of attacks impacting the entire network. In this paper, we propose PermOF, a fine-grained permission system, as the first line of defense, in order to apply minimum privilege on apps. We summarize a set of 18 permissions to be enforced at the API entry of the controller. To accommodate the isolation requirements, we propose a customized isolation mechanism, which achieves comprehensive resource isolation and access control.