6,293 research outputs found
Verifiably-safe software-defined networks for CPS
Next generation cyber-physical systems (CPS) are expected to be deployed in domains which require scalability as well as performance under dynamic conditions. This scale and dynamicity will require that CPS communication networks be programmatic (i.e., not requiring manual intervention at any stage), but still maintain iron-clad safety guarantees. Software-defined networking standards like OpenFlow provide a means for scalably building tailor-made network architectures, but there is no guarantee that these systems are safe, correct, or secure. In this work we propose a methodology and accompanying tools for specifying and modeling distributed systems such that existing formal verification techniques can be transparently used to analyze critical requirements and properties prior to system implementation. We demonstrate this methodology by iteratively modeling and verifying an OpenFlow learning switch network with respect to network correctness, network convergence, and mobility-related properties. We posit that a design strategy based on the complementary pairing of software-defined networking and formal verification would enable the CPS community to build next-generation systems without sacrificing the safety and reliability that these systems must deliver
NeuRoute: Predictive Dynamic Routing for Software-Defined Networks
This paper introduces NeuRoute, a dynamic routing framework for Software
Defined Networks (SDN) entirely based on machine learning, specifically, Neural
Networks. Current SDN/OpenFlow controllers use a default routing based on
Dijkstra algorithm for shortest paths, and provide APIs to develop custom
routing applications. NeuRoute is a controller-agnostic dynamic routing
framework that (i) predicts traffic matrix in real time, (ii) uses a neural
network to learn traffic characteristics and (iii) generates forwarding rules
accordingly to optimize the network throughput. NeuRoute achieves the same
results as the most efficient dynamic routing heuristic but in much less
execution time.Comment: Accepted for CNSM 201
ANCHOR: logically-centralized security for Software-Defined Networks
While the centralization of SDN brought advantages such as a faster pace of
innovation, it also disrupted some of the natural defenses of traditional
architectures against different threats. The literature on SDN has mostly been
concerned with the functional side, despite some specific works concerning
non-functional properties like 'security' or 'dependability'. Though addressing
the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to
efficiency and effectiveness problems. We claim that the enforcement of
non-functional properties as a pillar of SDN robustness calls for a systemic
approach. As a general concept, we propose ANCHOR, a subsystem architecture
that promotes the logical centralization of non-functional properties. To show
the effectiveness of the concept, we focus on 'security' in this paper: we
identify the current security gaps in SDNs and we populate the architecture
middleware with the appropriate security mechanisms, in a global and consistent
manner. Essential security mechanisms provided by anchor include reliable
entropy and resilient pseudo-random generators, and protocols for secure
registration and association of SDN devices. We claim and justify in the paper
that centralizing such mechanisms is key for their effectiveness, by allowing
us to: define and enforce global policies for those properties; reduce the
complexity of controllers and forwarding devices; ensure higher levels of
robustness for critical services; foster interoperability of the non-functional
property enforcement mechanisms; and promote the security and resilience of the
architecture itself. We discuss design and implementation aspects, and we prove
and evaluate our algorithms and mechanisms, including the formalisation of the
main protocols and the verification of their core security properties using the
Tamarin prover.Comment: 42 pages, 4 figures, 3 tables, 5 algorithms, 139 reference
Adaptive Robust Traffic Engineering in Software Defined Networks
One of the key advantages of Software-Defined Networks (SDN) is the
opportunity to integrate traffic engineering modules able to optimize network
configuration according to traffic. Ideally, network should be dynamically
reconfigured as traffic evolves, so as to achieve remarkable gains in the
efficient use of resources with respect to traditional static approaches.
Unfortunately, reconfigurations cannot be too frequent due to a number of
reasons related to route stability, forwarding rules instantiation, individual
flows dynamics, traffic monitoring overhead, etc.
In this paper, we focus on the fundamental problem of deciding whether, when
and how to reconfigure the network during traffic evolution. We propose a new
approach to cluster relevant points in the multi-dimensional traffic space
taking into account similarities in optimal routing and not only in traffic
values. Moreover, to provide more flexibility to the online decisions on when
applying a reconfiguration, we allow some overlap between clusters that can
guarantee a good-quality routing regardless of the transition instant.
We compare our algorithm with state-of-the-art approaches in realistic
network scenarios. Results show that our method significantly reduces the
number of reconfigurations with a negligible deviation of the network
performance with respect to the continuous update of the network configuration.Comment: 10 pages, 8 figures, submitted to IFIP Networking 201
- …