AC-PROT: An Access Control Model to Improve Software-Defined Networking Security

© 2017 IEEE. The logically-centralized controllers have largely operated as the coordination points in software-defined networking(SDN), through which applications submit network operations to manage the global network resource. Therefore, the validity of these network operations from SDN applications are critical for the security of SDN. In this paper, we analyze the mechanism that generates network operations in SDN, and present a fine-grained access control model, called Access Control Protector(AC-PROT),that employs an attribute-based signature scheme for network applications. The simulation result demonstrates that AC-PROT can efficiently identify and reject unauthorized network operations generated by applications

Impact of SDN Controllers Deployment on Network Availability

Software-defined networking (SDN) promises to improve the programmability and flexibility of networks, but it may bring also new challenges that need to be explored. The purpose of this technical report is to assess how the deployment of the SDN controllers affects the overall availability of SDN. For this, we have varied the number, homing and location of SDN controllers. A two-level modelling approach that is used to evaluate the availability of the studied scenarios. Our results show how network operators can use the approach to find the optimal cost implied by the connectivity of the SDN control platform by keeping high levels of availability.Comment: Department of Telematics, NTNU, Tech. Rep., March 201

Design Concept for a Failover Mechanism in Distributed SDN Controllers

Software defined networking allows the separation of the control plane and data plane in networking. It provides scalability, programmability, and centralized control. It will use these traits to reach ubiquitous connectivity. Like all concepts software defined networking does not offer these advantages without a cost. By utilizing a centralized controller, a single point of failure is created. To address this issue, this paper proposes a distributed controller failover. This failover will provide a mechanism for recovery when controllers are not located in the same location. This failover mechanism is based on number of hops from orphan nodes to the controller in addition to the link connection. This mechanism was simulated in Long Term Evolution telecommunications architecture