research-article

Policy based security architecture for software defined networks

Authors:

Kallol Krishna Karmakar,

Vijay Varadharajan,

Udaya Tupakula,

Michael HitchensAuthors Info & Claims

SAC '16: Proceedings of the 31st Annual ACM Symposium on Applied Computing

Pages 658 - 663

https://doi.org/10.1145/2851613.2851728

Published: 04 April 2016 Publication History

Get Access

Abstract

Software Defined Network(SDN) is a promising technological advancement in the networking world. It is still evolving and security is a major concern for SDN. In this paper we proposed policy based security architecture for securing the SDN domains. Our architecture enables the administrator to enforce different types of policies such as based on the devices, users, location and path for securing the communication in SDN domain. Our architecture is developed as an application that can be run on any of the SDN Controllers. We have implemented our architecture using the POX Controller and Raspberry Pi 2 switches. We will present different case scenarios to demonstrate fine granular security policy enforcement with our architecture.

References

[1]

LINC-switch. https://github.com/FlowForwarding/LINC-Switch.

Google Scholar

[2]

Simple network access control (SNAC). www.openow.org/wp/snac/.

Google Scholar

[3]

D. D. Clark. Policy routing in internet protocols, 1989.

Digital Library

Google Scholar

[4]

D. Estrin and G. Tsudik. Security issues in policy routing. In Security and Privacy, 1989. Proceedings., 1989 IEEE Symposium on, pages 183--193. IEEE, 1989.

Crossref

Google Scholar

[5]

N. Foster, R. Harrison, M. J. Freedman, C. Monsanto, J. Rexford, A. Story, and D. Walker. Frenetic: A network programming language. In ACM SIGPLAN Notices, volume 46, pages 279--291. ACM, 2011.

Digital Library

Google Scholar

[6]

T. L. Hinrichs, N. S. Gude, M. Casado, J. C. Mitchell, and S. Shenker. Practical declarative network management. In Proceedings of the 1st ACM workshop on Research on enterprise networking, pages 1--10. ACM, 2009.

Digital Library

Google Scholar

[7]

T. Koponen, M. Casado, N. Gude, J. Stribling, L. Poutievski, M. Zhu, R. Ramanathan, Y. Iwata, H. Inoue, T. Hama, et al. Onix: A distributed control platform for large-scale production networks. In OSDI, volume 10, pages 1--6, 2010.

Digital Library

Google Scholar

[8]

J. Reich, C. Monsanto, N. Foster, J. Rexford, and D. Walker. Modular SDN programming with pyretic. Technical Reprot of USENIX, 2013.

Google Scholar

[9]

A. Voellmy and P. Hudak. Nettle: Taking the sting out of programming network routers. In Practical Aspects of Declarative Languages, pages 235--249. Springer, 2011.

Digital Library

Google Scholar

[10]

A. Voellmy, J. Wang, Y. R. Yang, B. Ford, and P. Hudak. Maple: Simplifying SDN programming using algorithmic policies. In ACM SIGCOMM Computer Communication Review, volume 43, pages 87--98. ACM, 2013.

Digital Library

Google Scholar

Cited By

View all

Ahuja NMukhopadhyay DSingh LKumar RGupta C(2023)Attack Detection in SDN Using RNNAdvances in Data-Driven Computing and Intelligent Systems10.1007/978-981-99-3250-4_44(585-596)Online publication date: 4-Aug-2023
https://doi.org/10.1007/978-981-99-3250-4_44
Karmakar KVaradharajan VNepal STupakula U(2021)SDN-Enabled Secure IoT ArchitectureIEEE Internet of Things Journal10.1109/JIOT.2020.30437408:8(6549-6564)Online publication date: 15-Apr-2021
https://doi.org/10.1109/JIOT.2020.3043740
Overmars AVenkatraman S(2020)Towards a Secure and Scalable IoT Infrastructure: A Pilot Deployment for a Smart Water Monitoring SystemTechnologies10.3390/technologies80400508:4(50)Online publication date: 26-Sep-2020
https://doi.org/10.3390/technologies8040050
Show More Cited By

Index Terms

Policy based security architecture for software defined networks
1. Security and privacy
  1. Network security

Recommendations

Security in Software Defined Networks: A Survey
Software defined networking (SDN) decouples the network control and data planes. The network intelligence and state are logically centralized and the underlying network infrastructure is abstracted from applications. SDN enhances network security by means ...
Security Analysis of Software Defined Networking Architectures: PCE, 4D and SANE
AINTEC '14: Proceedings of the 10th Asian Internet Engineering Conference

Today's data networks are steadily growing in size and complexity. Especially in enterprise networks, these development lead to the requirement of a central network administration. With Software Defined Networking (SDN), this requirement can be ...
Performance Analysis of SDN/OpenFlow Controllers: POX Versus Floodlight

Software-Defined Networking (SDN) is an emerging network architecture that is adaptable, dynamic, cost-effective, and manageable. The SDN architecture is a form of network virtualization where the network controlling functions and forwarding functions ...

Comments

Information & Contributors

Information

Published In

SAC '16: Proceedings of the 31st Annual ACM Symposium on Applied Computing

April 2016

2360 pages

ISBN:9781450337397

DOI:10.1145/2851613

Conference Chair:
Sascha Ossowski
University Rey Juan Carlos, Spain

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 April 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SAC 2016

Sponsor:

SIGAPP

SAC 2016: Symposium on Applied Computing

April 4 - 8, 2016

Pisa, Italy

Acceptance Rates

SAC '16 Paper Acceptance Rate 252 of 1,047 submissions, 24%;

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25

Sponsor:
sigapp

The 40th ACM/SIGAPP Symposium on Applied Computing

March 31 - April 4, 2025

Catania , Italy

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
427
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Ahuja NMukhopadhyay DSingh LKumar RGupta C(2023)Attack Detection in SDN Using RNNAdvances in Data-Driven Computing and Intelligent Systems10.1007/978-981-99-3250-4_44(585-596)Online publication date: 4-Aug-2023
https://doi.org/10.1007/978-981-99-3250-4_44
Karmakar KVaradharajan VNepal STupakula U(2021)SDN-Enabled Secure IoT ArchitectureIEEE Internet of Things Journal10.1109/JIOT.2020.30437408:8(6549-6564)Online publication date: 15-Apr-2021
https://doi.org/10.1109/JIOT.2020.3043740
Overmars AVenkatraman S(2020)Towards a Secure and Scalable IoT Infrastructure: A Pilot Deployment for a Smart Water Monitoring SystemTechnologies10.3390/technologies80400508:4(50)Online publication date: 26-Sep-2020
https://doi.org/10.3390/technologies8040050
Sood KPokhrel SKarmakar KVardharajan VYu S(2020)SDN-Capable IoT Last-Miles: Design Challenges2019 IEEE Global Communications Conference (GLOBECOM)10.1109/GLOBECOM38437.2019.9014145(1-6)Online publication date: 17-Jun-2020
https://dl.acm.org/doi/10.1109/GLOBECOM38437.2019.9014145
Vaidya NRughani P(2020)A forensic study of Tor usage on the Raspberry Pi platform using open source toolsComputer Fraud & Security10.1016/S1361-3723(20)30064-62020:6(13-19)Online publication date: Jan-2020
https://doi.org/10.1016/S1361-3723(20)30064-6
Abdelrahman ARodrigues JMahmoud MSaleem KDas AKorotaev VKozlov S(2020)Software‐defined networking security for private data center networks and clouds: Vulnerabilities, attacks, countermeasures, and solutionsInternational Journal of Communication Systems10.1002/dac.470634:4Online publication date: 15-Dec-2020
https://doi.org/10.1002/dac.4706
Rivera DMonje FVillagrá VVega-Barbas MLarriva-Novo XBerrocal J(2019)Automatic Translation and Enforcement of Cybersecurity Policies Using A High-Level Definition LanguageEntropy10.3390/e2112118021:12(1180)Online publication date: 30-Nov-2019
https://doi.org/10.3390/e21121180
Kurniawan MYazid SWatanabe HLi J(2019)A systematic literature review of security software defined networkProceedings of the 3rd International Conference on Telecommunications and Communication Engineering10.1145/3369555.3369567(39-45)Online publication date: 9-Nov-2019
https://dl.acm.org/doi/10.1145/3369555.3369567
Varadharajan VKarmakar KTupakula UHitchens M(2019)A Policy-Based Security Architecture for Software-Defined NetworksIEEE Transactions on Information Forensics and Security10.1109/TIFS.2018.286822014:4(897-912)Online publication date: Apr-2019
https://doi.org/10.1109/TIFS.2018.2868220
Ahuja NSingal G(2019)DDOS Attack Detection & Prevention in SDN using OpenFlow Statistics2019 IEEE 9th International Conference on Advanced Computing (IACC)10.1109/IACC48062.2019.8971596(147-152)Online publication date: Dec-2019
https://doi.org/10.1109/IACC48062.2019.8971596
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Security in Software Defined Networks: A Survey

Security Analysis of Software Defined Networking Architectures: PCE, 4D and SANE

Performance Analysis of SDN/OpenFlow Controllers: POX Versus Floodlight

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations