A new approach for detecting violation of data plane integrity in Software Defined Networks-Reference-Cited by-同舟云学术

A new approach for detecting violation of data plane integrity in Software Defined Networks

Published:2021-05-07 Issue:3 Volume:29 Page:341-358
ISSN:1875-8924
Container-title:Journal of Computer Security
language:
Short-container-title:JCS

Author:

Hessam Ghandi¹,Saba Ghassan²,Alkhayat M. Iyad¹

Affiliation:

1. Department of Systems and Computer Networks, Faculty of Information Technology Engineering, Damascus University, Syria. E-mails: ghandi.hessam@damascusuniversity.edu.sy, iyad.khayat@damascusuniversity.edu.sy

2. Informatics Engineering, Higher Institute for Applied Sciences and Technology, Syria. E-mail: ghassan.saba@hiast.edu.sy

Abstract

The scale of Software Defined Networks (SDN) is expanding rapidly and the demands for security reinforcement are increasing. SDN creates new targets for potential security threats such as the SDN controller and networking devices in the data plane. Violation of data plane integrity might lead to abnormal behaviors of the overall network. In this paper, we propose a new security approach for OpenFlow-based SDN in order to detect violation of switches flow tables integrity and successfully locate the compromised switches online. We cover all aspects of integrity violation including flow rule adding, modifying and removing by an unauthorized entity. We achieve this by using the cookie field in the OpenFlow protocol to put in a suitable digest (hash) value for each flow entry. Moreover, we optimize our method performance by calculating a global digest value for the entire switch’s flow table that decides whether a switch is suspected of being compromised. Our method is also able to determine and handle false alarms that affect the coherence of a corresponding table digest. The implementation is a reactive java module integrated with the Floodlight controller. In addition, we introduce a performance evaluation for three different SDN topologies.

Publisher

IOS Press

Subject

Computer Networks and Communications,Hardware and Architecture,Safety, Risk, Reliability and Quality,Software

Reference20 articles.

1. Software Defined Networking (SDN) and its Security Issues

2. OpenFlow vulnerability assessment

3. A Man-in-the-Middle attack against OpenDayLight SDN controller

4. Securing data planes in software-defined networks

5. P.W. Chi, C.T. Kuo, J.W. Guo and C.L. Lei, How to detect a compromised SDN switch, in: Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft), IEEE, 2015, pp. 1–6.

Cited by 3 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. P4-DVPF: Dynamic Verification of Packets Forwarding Based on P4 for SDN;2023 International Conference on Intelligent Computing and Next Generation Networks（ICNGN);2023-11-17

2. Towards a Reliable and Smart Approach for Detecting and Resolving Security Violations within SDWN;2023 International Wireless Communications and Mobile Computing (IWCMC);2023-06-19

3. A Survey of SDN Data Plane Attacks and Defense Strategies;Proceedings of the 2023 2nd International Conference on Networks, Communications and Information Technology;2023-06-16