SecFT-SDN: Securing the Flow-Table for Software-Defined Network
The flow table is the core interactive component between the control plane and the data plane in software-defined network, and it realizes global coordination and dynamic mapping of the security policy. The rules of the flow table determine the SDN network behavior, and the flow table security affec...
Saved in:
| Published in | 2019 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom) pp. 1139 - 1146 |
|---|---|
| Main Authors | , , , |
| Format | Conference Proceeding |
| Language | English |
| Published |
IEEE
01.12.2019
|
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | The flow table is the core interactive component between the control plane and the data plane in software-defined network, and it realizes global coordination and dynamic mapping of the security policy. The rules of the flow table determine the SDN network behavior, and the flow table security affects the whole security of the SDN facilities. To address the challenges for flow table security, this paper proposes and implements a flow table security framework, named as SecFT-SDN, on the carrier-grade open source SDN controller (ONOS). SecFT-SDN installs flow rule test set, with latency penalty varied from 10.98 milliseconds to 7.17 milliseconds and throughput penalty of 6%-14%(for 1-4 controller node clusters), and it barely affects the network performance. To sum up, SecFT-SDN enhances the security protection facilities on ONOS controller, while incurs an acceptable overhead as a cost-effective trade-off. |
|---|---|
| AbstractList | The flow table is the core interactive component between the control plane and the data plane in software-defined network, and it realizes global coordination and dynamic mapping of the security policy. The rules of the flow table determine the SDN network behavior, and the flow table security affects the whole security of the SDN facilities. To address the challenges for flow table security, this paper proposes and implements a flow table security framework, named as SecFT-SDN, on the carrier-grade open source SDN controller (ONOS). SecFT-SDN installs flow rule test set, with latency penalty varied from 10.98 milliseconds to 7.17 milliseconds and throughput penalty of 6%-14%(for 1-4 controller node clusters), and it barely affects the network performance. To sum up, SecFT-SDN enhances the security protection facilities on ONOS controller, while incurs an acceptable overhead as a cost-effective trade-off. |
| Author | Cheng, Jie You, Ruibang Tu, Bibo Yuan, Zimu |
| Author_xml | – sequence: 1 givenname: Ruibang surname: You fullname: You, Ruibang organization: Institute of Information Engineering, Chinese Academy of Sciences, China and School of Cyber Security, University of Chinese Academy of Sciences, China – sequence: 2 givenname: Bibo surname: Tu fullname: Tu, Bibo organization: Institute of Information Engineering, Chinese Academy of Sciences, China and School of Cyber Security, University of Chinese Academy of Sciences, China – sequence: 3 givenname: Zimu surname: Yuan fullname: Yuan, Zimu organization: Institute of Information Engineering, Chinese Academy of Sciences, China – sequence: 4 givenname: Jie surname: Cheng fullname: Cheng, Jie organization: Institute of Information Engineering, Chinese Academy of Sciences, China and School of Cyber Security, University of Chinese Academy of Sciences, China |
| BookMark | eNotzNFOwjAUgOGa6IUiT-DNXqB4Tlu21huDwykJQZPNa9Kup9o4VjNGiG8PiV7939V_wy771BNjBmGGCOZ-Vb8v-NOy7NLB8_qwH23sy7TjdWqj7c5S2hQwE4BmBoC5uGBTU2gshEYlhc6v2WNNbdXwerl5yM48DLH_zMYvyqouHXljXUdZSENWpzAe7UB8SSH25LMNjcc0fN-yq2C7PU3_O2Ef1XNTvvL128uqXKx5FCBHrr2SqKVx2JJxXiFqjSaXc1JCtE6D8SJgYYwDNQdJrQwuhMJLD-QsBDlhd3_fSETbnyHu7PC7NaAKqaQ8AePzUBY |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/ISPA-BDCloud-SustainCom-SocialCom48970.2019.00162 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| EISBN | 9781728143286 1728143284 |
| EndPage | 1146 |
| ExternalDocumentID | 9047343 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IL CBEJK RIE RIL |
| ID | FETCH-LOGICAL-i203t-8d431839b1ce9bd4118819635e422cb809d2f1799b04503ec3fbff7d3d0eba0f3 |
| IEDL.DBID | RIE |
| IngestDate | Thu Jun 29 18:38:08 EDT 2023 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i203t-8d431839b1ce9bd4118819635e422cb809d2f1799b04503ec3fbff7d3d0eba0f3 |
| PageCount | 8 |
| ParticipantIDs | ieee_primary_9047343 |
| PublicationCentury | 2000 |
| PublicationDate | 2019-Dec. |
| PublicationDateYYYYMMDD | 2019-12-01 |
| PublicationDate_xml | – month: 12 year: 2019 text: 2019-Dec. |
| PublicationDecade | 2010 |
| PublicationTitle | 2019 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom) |
| PublicationTitleAbbrev | ISPA_BDCloud |
| PublicationYear | 2019 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| Score | 1.7554567 |
| Snippet | The flow table is the core interactive component between the control plane and the data plane in software-defined network, and it realizes global coordination... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 1139 |
| SubjectTerms | Access control Authentication Cloud computing flow security flow table security Network topology Permission SDN controller security software defined network Switches |
| Title | SecFT-SDN: Securing the Flow-Table for Software-Defined Network |
| URI | https://ieeexplore.ieee.org/document/9047343 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3PS8MwFA5zB_Gksom_ycGj2dImXVJvulmmsDHoBruNJnkRcWwyWgb-9SZtnSIevIWckpSX9730-76H0I0FHbjUbYmwxhCuuCYqiyPCTSACHYHSxouTR-PecMaf59G8gW53WhgAKMln0PHD8l--WevCP5V1Y8oF42wP7UkaVlqtfRTXtpndp3RyTx4G_eW6MCSt5EcuqEilc3UjLmNBPZurtKj0_XF-NFQp80lyiEZfK6loJG-dIlcd_fHLpPG_Sz1C7W_lHp7sctIxasCq5QA56GRK0sH4Dtfv6y_YAT-cLNdbMvXiKeywK07dlbzNNkAGYB34NHhcccTbaJY8TvtDUjdOIK8hZTmRhvtQjVWgIVaGuyJC-kiLgIehVpLGJrTeCk45QEcZaGaVtcIwQ0Fl1LIT1FytV3CKcGyNoMK6KiV0lbQMM2Ai45xH2gYge_IMtfzmF--VN8ai3vf539MX6MAff0UHuUTNfFPAlUvqubouv-YnXXKjlQ |
| link.rule.ids | 310,311,786,790,795,796,802,27958,55109 |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3PS8MwFA46QT2pbOJve_BotrRN18abbpZNtzJoB7uNJnkRcawyWgb-9SZtnSIevIWcEsLL-17yfd9D6EaBsHXqVthXUmLKqcA8ZR6m0vZt4QEX0oiTx1F3MKVPM2-2hW43WhgAKMln0DbD8i9fZqIwT2UdRqjvUncb7eg8T1il1tpFrDbO7AzjyT1-6PcWWSFxXAmQdFjhSumqRzRgPjF8rtKk0nTI-dFSpcwo4QEaf62lIpK8tYuct8XHL5vG_y72ELW-tXvWZJOVjtAWLJsakoMIExz3ozurfmF_sTT0s8JFtsaJkU9ZGr1asb6U1-kKcB-Uhp_SiiqWeAtNw8ekN8B16wT86hA3x4GkJlgZtwUwLqkuIwITax5QxxE8IEw6ypjBcQ3piAvCVVwpX7qSAE-Jco9RY5kt4QRZTEmf-ErXKY6upQMnBddPKaWeUDYE3eAUNc3m5--VO8a83vfZ39PXaG-QjEfz0TB6Pkf75igqcsgFauSrAi51is_5VXmynzBCpus |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2019+IEEE+Intl+Conf+on+Parallel+%26+Distributed+Processing+with+Applications%2C+Big+Data+%26+Cloud+Computing%2C+Sustainable+Computing+%26+Communications%2C+Social+Computing+%26+Networking+%28ISPA%2FBDCloud%2FSocialCom%2FSustainCom%29&rft.atitle=SecFT-SDN%3A+Securing+the+Flow-Table+for+Software-Defined+Network&rft.au=You%2C+Ruibang&rft.au=Tu%2C+Bibo&rft.au=Yuan%2C+Zimu&rft.au=Cheng%2C+Jie&rft.date=2019-12-01&rft.pub=IEEE&rft.spage=1139&rft.epage=1146&rft_id=info:doi/10.1109%2FISPA-BDCloud-SustainCom-SocialCom48970.2019.00162&rft.externalDocID=9047343 |