Study the Past if You Would Define the Future: Implementing Secure Multi-party SDN Updates

Liron Schiff, Stefan Schmid

Publikation: Bidrag til bog/antologi/rapport/konference proceedingKonferenceartikel i proceedingForskningpeer review

4 Citationer (Scopus)

Abstract

A highly available and robust control plane is a critical prerequisite for any Software-Defined Network (SDN) providing dependability guarantees. While there is a wide consensus that the logically centralized SDN controller should be physically distributed, today, we do not have a good understanding of how to design such a distributed and robust control plane. This is problematic, given the potentially large influence an SDN controller has on the network state compared to the distributed legacy protocols: the control plane can be an attractive target for a malicious attack. This paper initiates the study of distributed SDN control planes which are resilient to malicious controllers, for example controllers which have been compromised by a cyber attack. We introduce an adversarial control plane model and observe that approaches based on redundancy or threshold cryptography are insufficient, as incomplete or out-dated information about the network state introduces vulnerabilities. The approach presented in this paper is based on the insight that a control plane resilient to malicious behavior requires a basic notion of memory, and must be history-aware. In particular, we propose an in band approach, implemented on the SDN switch, to efficiently coordinate the different controller actions, and guarantee correct network updates even in the presence of malicious behavior. In our approach, the switch maintains a digest of the controller state and history, and only implements the update after verifying that a majority of controllers agree to the change. Our solution is not only robust but also, compared to existing consensus protocols such as Paxos, light-weight.

OriginalsprogEngelsk
TitelProceedings - 2016 IEEE International Conference on Software Science, Technology and Engineering, SwSTE 2016
Antal sider6
ForlagIEEE
Publikationsdato18 jul. 2016
Sider111-116
Artikelnummer7515418
ISBN (Elektronisk)9781509010189
DOI
StatusUdgivet - 18 jul. 2016
Begivenhed2016 IEEE International Conference on Software Science, Technology and Engineering, SwSTE 2016 - Beer Sheva, Israel
Varighed: 23 jun. 201624 jun. 2016

Konference

Konference2016 IEEE International Conference on Software Science, Technology and Engineering, SwSTE 2016
Land/OmrådeIsrael
ByBeer Sheva
Periode23/06/201624/06/2016

Fingeraftryk

Dyk ned i forskningsemnerne om 'Study the Past if You Would Define the Future: Implementing Secure Multi-party SDN Updates'. Sammen danner de et unikt fingeraftryk.

Citationsformater