TY - GEN
T1 - SDNSOC
T2 - 2019 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, SDN-NFV 2019, co-located with CODASPY 2019
AU - Chowdhary, Ankur
AU - Huang, Dijiang
AU - Ahn, Gail Joon
AU - Kang, Myong
AU - Kim, Anya
AU - Velazquez, Alexander
N1 - Publisher Copyright:
© 2019 Association for Computing Machinery.
PY - 2019/3/19
Y1 - 2019/3/19
N2 - The cloud networks managed by SDN can have multi-tier policy and rule conflicts. The application plane can have conflicting user-defined policies, and the infrastructure layer can have Open-Flow rules conflicting with each other. There is no scalable, and, automated programming framework to detect and resolve multitier conflicts in SDN-based cloud networks. We present an objectoriented programming framework-SDN Security Operation Center (SDNSOC), which handles policy composition at application plane, flow rule conflict detection and resolution at the control plane. We follow the design principles of object-oriented paradigm such as code-re-utilization, methods abstraction, aggregation for the implementation of SDNSOC on a multi-tenant cloud network. The key benefits obtained using this approach are (i) The network administrator is abstracted from complex-implementation details of SFC. The end-to-end policy composition of different network functions is handled by an object-oriented framework in an automated fashion. We achieve 37% lower latency in SFC composition compared to nearest competitors-SICS and PGA. (ii) Policy conflict detection between the existing traffic rules and incoming traffic is handled by SDNSOC in a scalable manner. The solution scales well on a large cloud network., and 18% faster security policy conflict detection on a cloud network with 100k OpenFlow rules compared to similar works-Brew, and Flowguard.
AB - The cloud networks managed by SDN can have multi-tier policy and rule conflicts. The application plane can have conflicting user-defined policies, and the infrastructure layer can have Open-Flow rules conflicting with each other. There is no scalable, and, automated programming framework to detect and resolve multitier conflicts in SDN-based cloud networks. We present an objectoriented programming framework-SDN Security Operation Center (SDNSOC), which handles policy composition at application plane, flow rule conflict detection and resolution at the control plane. We follow the design principles of object-oriented paradigm such as code-re-utilization, methods abstraction, aggregation for the implementation of SDNSOC on a multi-tenant cloud network. The key benefits obtained using this approach are (i) The network administrator is abstracted from complex-implementation details of SFC. The end-to-end policy composition of different network functions is handled by an object-oriented framework in an automated fashion. We achieve 37% lower latency in SFC composition compared to nearest competitors-SICS and PGA. (ii) Policy conflict detection between the existing traffic rules and incoming traffic is handled by SDNSOC in a scalable manner. The solution scales well on a large cloud network., and 18% faster security policy conflict detection on a cloud network with 100k OpenFlow rules compared to similar works-Brew, and Flowguard.
KW - Policy Conflict Detection
KW - Service Function Chaining (SFC)
KW - Software Defined Networking (SDN)
UR - http://www.scopus.com/inward/record.url?scp=85066116204&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85066116204&partnerID=8YFLogxK
U2 - 10.1145/3309194.3309196
DO - 10.1145/3309194.3309196
M3 - Conference contribution
AN - SCOPUS:85066116204
SN - 9781450361798
T3 - SDN-NFV 2019 - Proceedings of the ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2019
SP - 7
EP - 12
BT - SDN-NFV 2019 - Proceedings of the ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2019
PB - Association for Computing Machinery, Inc
Y2 - 27 March 2019
ER -