TY - GEN
T1 - Towards a secure controller platform for OpenFlow applications
AU - Wen, Xitao
AU - Chen, Yan
AU - Hu, Chengchen
AU - Shi, Chao
AU - Wang, Yi
PY - 2013
Y1 - 2013
N2 - The OpenFlow (OF) paradigm embraces third-party development efforts, and therefore suffers from potential trust issue on OF applications (apps). The abuse of such trust could lead to various types of attacks impacting the entire network. In this paper, we propose PermOF, a fine-grained permission system, as the first line of defense, in order to apply minimum privilege on apps. We summarize a set of 18 permissions to be enforced at the API entry of the controller. To accommodate the isolation requirements, we propose a customized isolation mechanism, which achieves comprehensive resource isolation and access control.
AB - The OpenFlow (OF) paradigm embraces third-party development efforts, and therefore suffers from potential trust issue on OF applications (apps). The abuse of such trust could lead to various types of attacks impacting the entire network. In this paper, we propose PermOF, a fine-grained permission system, as the first line of defense, in order to apply minimum privilege on apps. We summarize a set of 18 permissions to be enforced at the API entry of the controller. To accommodate the isolation requirements, we propose a customized isolation mechanism, which achieves comprehensive resource isolation and access control.
KW - OpenFlow
KW - Policy enforcement
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=84883723129&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84883723129&partnerID=8YFLogxK
U2 - 10.1145/2491185.2491212
DO - 10.1145/2491185.2491212
M3 - Conference contribution
AN - SCOPUS:84883723129
SN - 9781450320566
T3 - HotSDN 2013 - Proceedings of the 2013 ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking
SP - 171
EP - 172
BT - HotSDN 2013 - Proceedings of the 2013 ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking
T2 - 2013 2nd ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking, HotSDN 2013
Y2 - 16 August 2013 through 16 August 2013
ER -