2 research outputs found
Cross-layer access control in publish/subscribe middleware over software-defined networks
When technologies of software-defined networks (SDNs) provide a chance to improve the quality of service
(QoS) of publish/subscribe middlewares, new chances are also arising for adversaries to attack the networks
and the middlewares. We here propose a cross-layer access control solution to protect the publish/subscribe
middleware over SDNs. Applications over a publish/subscribe middleware interact by an indirect, anonymous
and multicast event communication paradigm, where we hope that the applications, the middleware, and the
underlying network collaborate to realize the access control of reading/writing events. The key issue is how
to use the flow matching capability of SDN switches to efficiently and securely enforce complex authorization
policies that include multiple conjunction and disjunction structures. It is required to resist against the collusion
attacks of SDN controllers and subscribers when the middleware/network is partially delegated to enforce the
authorization policies of publishers. In our cross-layer solution, a policy representation method is presented
to encode authorization policies into flow entries with high data compression and security, and a two-party
computation method is presented to carry out secret sharing for defeating malicious SDN controllers and
subscribers. Finally, our solution is evaluated to show its effectiveness