Abstract
Software-Defined Networking (SDN) introduces significant granularity, visibility and flexibility to networking, but at the same time brings forth new security challenges. One of the fundamental challenges is to build robust firewalls for protecting OpenFlow-based networks where network states and traffic are frequently changed. To address this challenge, we introduce FlowGuard, a comprehensive framework, to facilitate not only accurate detection but also effective resolution of firewall policy violations in dynamic OpenFlow-based networks. FlowGuard checks network flow path spaces to detect firewall policy violations when network states are updated. In addition, FlowGuard conducts automatic and real-time violation resolutions with the help of several innovative resolution strategies designed for diverse network update situations. We also implement our framework and demonstrate the efficacy and efficiency of the proposed detection and resolution approaches in FlowGuard through experiments with a real-world network topology.
| Original language | English (US) |
|---|---|
| Title of host publication | HotSDN 2014 - Proceedings of the ACM SIGCOMM 2014 Workshop on Hot Topics in Software Defined Networking |
| Publisher | Association for Computing Machinery |
| Pages | 97-102 |
| Number of pages | 6 |
| ISBN (Print) | 9781450329897 |
| DOIs | |
| State | Published - 2014 |
| Event | 3rd ACM SIGCOMM 2014 Workshop on Hot Topics in Software Defined Networking, HotSDN 2014 - Chicago, IL, United States Duration: Aug 22 2014 → Aug 22 2014 |
Other
| Other | 3rd ACM SIGCOMM 2014 Workshop on Hot Topics in Software Defined Networking, HotSDN 2014 |
|---|---|
| Country | United States |
| City | Chicago, IL |
| Period | 8/22/14 → 8/22/14 |
Fingerprint
Keywords
- firewalls
- openflow
- security
- software-defined networking
ASJC Scopus subject areas
- Computer Graphics and Computer-Aided Design
- Computer Vision and Pattern Recognition
- Human-Computer Interaction
- Software
Cite this
FLOWGUARD : Building robust firewalls for software-defined networks. / Hu, Hongxin; Han, Wonkyu; Ahn, Gail-Joon; Zhao, Ziming.
HotSDN 2014 - Proceedings of the ACM SIGCOMM 2014 Workshop on Hot Topics in Software Defined Networking. Association for Computing Machinery, 2014. p. 97-102.Research output: Chapter in Book/Report/Conference proceeding › Conference contribution
}
TY - GEN
T1 - FLOWGUARD
T2 - Building robust firewalls for software-defined networks
AU - Hu, Hongxin
AU - Han, Wonkyu
AU - Ahn, Gail-Joon
AU - Zhao, Ziming
PY - 2014
Y1 - 2014
N2 - Software-Defined Networking (SDN) introduces significant granularity, visibility and flexibility to networking, but at the same time brings forth new security challenges. One of the fundamental challenges is to build robust firewalls for protecting OpenFlow-based networks where network states and traffic are frequently changed. To address this challenge, we introduce FlowGuard, a comprehensive framework, to facilitate not only accurate detection but also effective resolution of firewall policy violations in dynamic OpenFlow-based networks. FlowGuard checks network flow path spaces to detect firewall policy violations when network states are updated. In addition, FlowGuard conducts automatic and real-time violation resolutions with the help of several innovative resolution strategies designed for diverse network update situations. We also implement our framework and demonstrate the efficacy and efficiency of the proposed detection and resolution approaches in FlowGuard through experiments with a real-world network topology.
AB - Software-Defined Networking (SDN) introduces significant granularity, visibility and flexibility to networking, but at the same time brings forth new security challenges. One of the fundamental challenges is to build robust firewalls for protecting OpenFlow-based networks where network states and traffic are frequently changed. To address this challenge, we introduce FlowGuard, a comprehensive framework, to facilitate not only accurate detection but also effective resolution of firewall policy violations in dynamic OpenFlow-based networks. FlowGuard checks network flow path spaces to detect firewall policy violations when network states are updated. In addition, FlowGuard conducts automatic and real-time violation resolutions with the help of several innovative resolution strategies designed for diverse network update situations. We also implement our framework and demonstrate the efficacy and efficiency of the proposed detection and resolution approaches in FlowGuard through experiments with a real-world network topology.
KW - firewalls
KW - openflow
KW - security
KW - software-defined networking
UR - http://www.scopus.com/inward/record.url?scp=84907014880&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84907014880&partnerID=8YFLogxK
U2 - 10.1145/2620728.2620749
DO - 10.1145/2620728.2620749
M3 - Conference contribution
AN - SCOPUS:84907014880
SN - 9781450329897
SP - 97
EP - 102
BT - HotSDN 2014 - Proceedings of the ACM SIGCOMM 2014 Workshop on Hot Topics in Software Defined Networking
PB - Association for Computing Machinery
ER -