TY - GEN
T1 - SDNKeeper
T2 - 26th IEEE/ACM International Symposium on Quality of Service, IWQoS 2018
AU - Leng, Xue
AU - Hou, Kaiyu
AU - Chen, Yan
AU - Bu, Kai
AU - Song, Libin
N1 - Publisher Copyright:
© 2018 IEEE.
PY - 2019/1/22
Y1 - 2019/1/22
N2 - SDN-based cloud has the merit of allowing more flexibility in network management, however, the security of network accessing and the correctness of network configuration in SDN-based cloud have not been effectively addressed yet. In this paper, SDNKeeper, a generic and fine-grained policy enforcement system in SDN-based cloud is proposed, which can defend against unauthorized attacks and avoid network resource misconfiguration. With the usage of SDNKeeper, numerous flexible network management policies can be created by administrators, which give administrators the discretionary room on controlling the network resources. To be specific, SDNKeeper can reject any unauthorized network access request at Northbound Interface (NBI), which located between application plane and control plane. Moreover, compared with other traditional policy-based access control systems, SDNKeeper is totally application-transparent and lightweight, which is easy to implement, deploy and runtime configure. Based on the prototype implementation and evaluation, we conclude that SDNKeeper can perform access control accurately with negligible computation overhead whilst the throughput degradation is still within the acceptable range.
AB - SDN-based cloud has the merit of allowing more flexibility in network management, however, the security of network accessing and the correctness of network configuration in SDN-based cloud have not been effectively addressed yet. In this paper, SDNKeeper, a generic and fine-grained policy enforcement system in SDN-based cloud is proposed, which can defend against unauthorized attacks and avoid network resource misconfiguration. With the usage of SDNKeeper, numerous flexible network management policies can be created by administrators, which give administrators the discretionary room on controlling the network resources. To be specific, SDNKeeper can reject any unauthorized network access request at Northbound Interface (NBI), which located between application plane and control plane. Moreover, compared with other traditional policy-based access control systems, SDNKeeper is totally application-transparent and lightweight, which is easy to implement, deploy and runtime configure. Based on the prototype implementation and evaluation, we conclude that SDNKeeper can perform access control accurately with negligible computation overhead whilst the throughput degradation is still within the acceptable range.
KW - Access Control
KW - Network Management
KW - SDN-based Cloud
KW - Software Defined Networking
KW - Unauthorized Attack
UR - http://www.scopus.com/inward/record.url?scp=85062610192&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85062610192&partnerID=8YFLogxK
U2 - 10.1109/IWQoS.2018.8624135
DO - 10.1109/IWQoS.2018.8624135
M3 - Conference contribution
AN - SCOPUS:85062610192
T3 - 2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018
BT - 2018 IEEE/ACM 26th International Symposium on Quality of Service, IWQoS 2018
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 4 June 2018 through 6 June 2018
ER -