QoSVisor: QoS Framework for SDN

The increasing demand for network services and quality across wide selections of digital applications in the internet era has caused growing congestion and raised questions about how to deal with prioritizing data in ways tailored to particular uses of applications and managing peak congestion times. Software Defined Network (SDN) in particular Slicing Strategy, seems the best solution due to its new constitution intelligently implemented through the SDN OpenFlow protocol. However, Slicing Strategies specifically “FlowVisor” are limited in certain mechanisms such as Traffic Engineering (TE), which make it a requirement to find new ways to deliver Quality of Service (QoS) for different applications. In this paper, QoSVisor presented as an SDN extension action QoS Slicer based as an enhancement to the standard FlowVisor operation slicing tools to ensure the QoS for each Slice-based class of application

Detecting cloud virtual network isolation security for data leakage

This thesis considers information leakage in cloud virtually isolated networks. Virtual Network (VN) Isolation is a core element of cloud security yet research literature shows that no experimental work, to date, has been conducted to test, discover and evaluate VN isolation data leakage. Consequently, this research focussed on that gap. Deep Dives of the cloud infrastructures were performed, followed by (Kali) penetration tests to detect any leakage. This data was compared to information gathered in the Deep Dive, to determine the level of cloud network infrastructure being exposed. As a major contribution to research, this is the first empirical work to use a Deep Dive approach and a penetration testing methodology applied to both CloudStack and OpenStack to demonstrate cloud network isolation vulnerabilities. The outcomes indicated that Cloud manufacturers need to test their isolation mechanisms more fully and enhance them with available solutions. However, this field needs more industrial data to confirm if the found issues are applicable to non-open source cloud technologies. If the problems revealed are widespread then this is a major issue for cloud security. Due to the time constraints, only two cloud testbeds were built and analysed, but many potential future works are listed for analysing more complicated VN, analysing leveraged VN plugins and testing if system complexity will cause more leakage or protect the VN. This research is one of the first empirical building blocks in the field and gives future researchers the basis for building their research on top of the presented methodology and results and for proposing more effective solutions

Enhanced Security of Software-defined Network and Network Slice Through Hybrid Quantum Key Distribution Protocol

Software-defined networking (SDN) has revolutionized the world of technology as networks have become more flexible, dynamic and programmable. The ability to conduct network slicing in 5G networks is one of the most crucial features of SDN implementation. Although network programming provides new security solutions of traditional networks, SDN and network slicing also have security issues, an important one being the weaknesses related to openflow channel between the data plane and controller as the network can be attacked via the openflow channel and exploit communications with the control plane. Our work proposes a solution to provide adequate security for openflow messages through using a hybrid key consisting of classical and quantum key distribution protocols to provide double security depending on the computational complexity and physical properties of quantum. To achieve this goal, the hybrid key used with transport layer security protocol to provide confidentiality, integrity and quantum authentication to secure openflow channel. We experimentally based on the SDN-testbed and network slicing to show the workflow of exchanging quantum and classical keys between the control plane and data plane and our results showed the effectiveness of the hybrid key to enhance the security of the transport layer security protocol. Thereby achieving adequate security for openflow channel against classical and quantum computer attacks

Secure migration of virtual SDN topologies

International audienceWith the emergence of Software Defined Networks (SDN), new virtualization techniques have appeared (e.g., FlowVi-sor [14]). Traditional hypervision has attracted a lot of attention with respect to resource sharing and multi-tenancy. Cloud providers have usually a solid knowledge on how to manage computing , memory and storage resources, but often lack the ability to properly manage network resources. Thanks to OpenFlow, a widespread SDN southbound interface protocol, virtualizing the network infrastructure has become possible. However, network virtualization also comes with its own security issues ([5], [6]). In this paper, we focus on the security aspects related to the migration of virtual networks. After providing a brief overview of the technological scope of our work, we review the state of the art of the migration of virtual resources. Finally, we conclude with our current results and the prospective outcomes we expect to obtain

SDN Access Control for the Masses

The evolution of Software-Defined Networking (SDN) has so far been predominantly geared towards defining and refining the abstractions on the forwarding and control planes. However, despite a maturing south-bound interface and a range of proposed network operating systems, the network management application layer is yet to be specified and standardized. It has currently poorly defined access control mechanisms that could be exposed to network applications. Available mechanisms allow only rudimentary control and lack procedures to partition resource access across multiple dimensions. We address this by extending the SDN north-bound interface to provide control over shared resources to key stakeholders of network infrastructure: network providers, operators and application developers. We introduce a taxonomy of SDN access models, describe a comprehensive design for SDN access control and implement the proposed solution as an extension of the ONOS network controller intent framework

Seguridad en la virtualización de redes definidas por software: revisión por dimensión a virtualizar

En las Redes Definidas por Software (SDN), donde el Plano de Control está separado del Plano de Datos (hardware), la red es configurada y administrada en forma dinámica y centralizada desde el controlador. Esto permite flexibilidad en la programación del flujo de la red y variedad en los servicios a desarrollar, para mejorar la performance y seguridad de la red, tales como ruteo y firewalling. El protocolo de comunicación de SDN, OpenFlow ofrece una abstracción del Plano de Datos que permite virtualizar los recursos de la red, ancho de banda, topología, tabla de flujo de datos, etc, tarea inimaginable en el modelo de red tradicional con dispositivos administrados en forma individual. No obstante las ventajas del control centralizado existen temas de seguridad inherentes a SDN, OpenFlow en particular y a la virtualización de la red, que justifican un análisis de la seguridad de la red en este escenario. El enfoque de este artículo se basa en las vulnerabilidades de los protocolos usados por FlowVisor para virtualizar, en la administración de la red por parte de FlowVisor como proxy y el comportamiento del controlador OpenFlow. Se obtuvo un panorama integrador de los aspectos de seguridad que afectan a la red SDN virtualizada, y las medidas que se pueden tomar para contrarrestar las vulnerabilidades señaladas.Sociedad Argentina de Informática e Investigación Operativ