SecFT-SDN: Securing the Flow-Table for Software-Defined Network

The flow table is the core interactive component between the control plane and the data plane in software-defined network, and it realizes global coordination and dynamic mapping of the security policy. The rules of the flow table determine the SDN network behavior, and the flow table security affec...

Full description

Saved in:
Bibliographic Details
Published in2019 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom) pp. 1139 - 1146
Main Authors You, Ruibang, Tu, Bibo, Yuan, Zimu, Cheng, Jie
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.12.2019
Subjects
Access control
Authentication
Cloud computing
flow security
flow table security
Network topology
Permission
SDN controller security
software defined network
Switches
Online AccessGet full text

Cover

More Information
Summary:The flow table is the core interactive component between the control plane and the data plane in software-defined network, and it realizes global coordination and dynamic mapping of the security policy. The rules of the flow table determine the SDN network behavior, and the flow table security affects the whole security of the SDN facilities. To address the challenges for flow table security, this paper proposes and implements a flow table security framework, named as SecFT-SDN, on the carrier-grade open source SDN controller (ONOS). SecFT-SDN installs flow rule test set, with latency penalty varied from 10.98 milliseconds to 7.17 milliseconds and throughput penalty of 6%-14%(for 1-4 controller node clusters), and it barely affects the network performance. To sum up, SecFT-SDN enhances the security protection facilities on ONOS controller, while incurs an acceptable overhead as a cost-effective trade-off.
DOI:10.1109/ISPA-BDCloud-SustainCom-SocialCom48970.2019.00162