SDNKeeper: Lightweight Resource Protection and Management System for SDN-Based Cloud

Xue Leng, Kaiyu Hou, Yan Chen, Kai Bu, Libin Song

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

SDN-based cloud has the merit of allowing more flexibility in network management, however, the security of network accessing and the correctness of network configuration in SDN-based cloud have not been effectively addressed yet. In this paper, SDNKeeper, a generic and fine-grained policy enforcement system in SDN-based cloud is proposed, which can defend against unauthorized attacks and avoid network resource misconfiguration. With the usage of SDNKeeper, numerous flexible network management policies can be created by administrators, which give administrators the discretionary room on controlling the network resources. To be specific, SDNKeeper can reject any unauthorized network access request at Northbound Interface (NBI), which located between application plane and control plane. Moreover, compared with other traditional policy-based access control systems, SDNKeeper is totally application-transparent and lightweight, which is easy to implement, deploy and runtime configure. Based on the prototype implementation and evaluation, we conclude that SDNKeeper can perform access control accurately with negligible computation overhead whilst the throughput degradation is still within the acceptable range.

Original languageEnglish (US)
Title of host publication2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781538625422
DOIs
StatePublished - Jan 22 2019
Event26th IEEE/ACM International Symposium on Quality of Service, IWQoS 2018 - Banff, Canada
Duration: Jun 4 2018Jun 6 2018

Publication series

Name2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018

Conference

Conference26th IEEE/ACM International Symposium on Quality of Service, IWQoS 2018
CountryCanada
CityBanff
Period6/4/186/6/18

Fingerprint

Computer systems
Network management
Access control
Throughput
Control systems
Degradation
Software defined networking
Resources
Management system
Network resources
Evaluation
Network access
Prototype
Network configuration
Enforcement
Attack

Keywords

  • Access Control
  • Network Management
  • SDN-based Cloud
  • Software Defined Networking
  • Unauthorized Attack

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Management of Technology and Innovation
  • Computer Networks and Communications
  • Media Technology

Cite this

Leng, X., Hou, K., Chen, Y., Bu, K., & Song, L. (2019). SDNKeeper: Lightweight Resource Protection and Management System for SDN-Based Cloud. In 2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018 [8624135] (2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/IWQoS.2018.8624135
Leng, Xue ; Hou, Kaiyu ; Chen, Yan ; Bu, Kai ; Song, Libin. / SDNKeeper : Lightweight Resource Protection and Management System for SDN-Based Cloud. 2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018. Institute of Electrical and Electronics Engineers Inc., 2019. (2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018).
@inproceedings{a2dc1ed41d4f4884984deb8df8c5a8f6,
title = "SDNKeeper: Lightweight Resource Protection and Management System for SDN-Based Cloud",
abstract = "SDN-based cloud has the merit of allowing more flexibility in network management, however, the security of network accessing and the correctness of network configuration in SDN-based cloud have not been effectively addressed yet. In this paper, SDNKeeper, a generic and fine-grained policy enforcement system in SDN-based cloud is proposed, which can defend against unauthorized attacks and avoid network resource misconfiguration. With the usage of SDNKeeper, numerous flexible network management policies can be created by administrators, which give administrators the discretionary room on controlling the network resources. To be specific, SDNKeeper can reject any unauthorized network access request at Northbound Interface (NBI), which located between application plane and control plane. Moreover, compared with other traditional policy-based access control systems, SDNKeeper is totally application-transparent and lightweight, which is easy to implement, deploy and runtime configure. Based on the prototype implementation and evaluation, we conclude that SDNKeeper can perform access control accurately with negligible computation overhead whilst the throughput degradation is still within the acceptable range.",
keywords = "Access Control, Network Management, SDN-based Cloud, Software Defined Networking, Unauthorized Attack",
author = "Xue Leng and Kaiyu Hou and Yan Chen and Kai Bu and Libin Song",
year = "2019",
month = "1",
day = "22",
doi = "10.1109/IWQoS.2018.8624135",
language = "English (US)",
series = "2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
booktitle = "2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018",
address = "United States",

}

Leng, X, Hou, K, Chen, Y, Bu, K & Song, L 2019, SDNKeeper: Lightweight Resource Protection and Management System for SDN-Based Cloud. in 2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018., 8624135, 2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018, Institute of Electrical and Electronics Engineers Inc., 26th IEEE/ACM International Symposium on Quality of Service, IWQoS 2018, Banff, Canada, 6/4/18. https://doi.org/10.1109/IWQoS.2018.8624135

SDNKeeper : Lightweight Resource Protection and Management System for SDN-Based Cloud. / Leng, Xue; Hou, Kaiyu; Chen, Yan; Bu, Kai; Song, Libin.

2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018. Institute of Electrical and Electronics Engineers Inc., 2019. 8624135 (2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - SDNKeeper

T2 - Lightweight Resource Protection and Management System for SDN-Based Cloud

AU - Leng, Xue

AU - Hou, Kaiyu

AU - Chen, Yan

AU - Bu, Kai

AU - Song, Libin

PY - 2019/1/22

Y1 - 2019/1/22

N2 - SDN-based cloud has the merit of allowing more flexibility in network management, however, the security of network accessing and the correctness of network configuration in SDN-based cloud have not been effectively addressed yet. In this paper, SDNKeeper, a generic and fine-grained policy enforcement system in SDN-based cloud is proposed, which can defend against unauthorized attacks and avoid network resource misconfiguration. With the usage of SDNKeeper, numerous flexible network management policies can be created by administrators, which give administrators the discretionary room on controlling the network resources. To be specific, SDNKeeper can reject any unauthorized network access request at Northbound Interface (NBI), which located between application plane and control plane. Moreover, compared with other traditional policy-based access control systems, SDNKeeper is totally application-transparent and lightweight, which is easy to implement, deploy and runtime configure. Based on the prototype implementation and evaluation, we conclude that SDNKeeper can perform access control accurately with negligible computation overhead whilst the throughput degradation is still within the acceptable range.

AB - SDN-based cloud has the merit of allowing more flexibility in network management, however, the security of network accessing and the correctness of network configuration in SDN-based cloud have not been effectively addressed yet. In this paper, SDNKeeper, a generic and fine-grained policy enforcement system in SDN-based cloud is proposed, which can defend against unauthorized attacks and avoid network resource misconfiguration. With the usage of SDNKeeper, numerous flexible network management policies can be created by administrators, which give administrators the discretionary room on controlling the network resources. To be specific, SDNKeeper can reject any unauthorized network access request at Northbound Interface (NBI), which located between application plane and control plane. Moreover, compared with other traditional policy-based access control systems, SDNKeeper is totally application-transparent and lightweight, which is easy to implement, deploy and runtime configure. Based on the prototype implementation and evaluation, we conclude that SDNKeeper can perform access control accurately with negligible computation overhead whilst the throughput degradation is still within the acceptable range.

KW - Access Control

KW - Network Management

KW - SDN-based Cloud

KW - Software Defined Networking

KW - Unauthorized Attack

UR - http://www.scopus.com/inward/record.url?scp=85062610192&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85062610192&partnerID=8YFLogxK

U2 - 10.1109/IWQoS.2018.8624135

DO - 10.1109/IWQoS.2018.8624135

M3 - Conference contribution

T3 - 2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018

BT - 2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018

PB - Institute of Electrical and Electronics Engineers Inc.

ER -

Leng X, Hou K, Chen Y, Bu K, Song L. SDNKeeper: Lightweight Resource Protection and Management System for SDN-Based Cloud. In 2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018. Institute of Electrical and Electronics Engineers Inc. 2019. 8624135. (2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018). https://doi.org/10.1109/IWQoS.2018.8624135