SDNSOC

Object oriented SDN framework

Ankur Chowdhary, Dijiang Huang, Gail-Joon Ahn, Myong Kang, Anya Kim, Alexander Velazquez

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The cloud networks managed by SDN can have multi-tier policy and rule conflicts. The application plane can have conflicting user-defined policies, and the infrastructure layer can have Open-Flow rules conflicting with each other. There is no scalable, and, automated programming framework to detect and resolve multitier conflicts in SDN-based cloud networks. We present an objectoriented programming framework-SDN Security Operation Center (SDNSOC), which handles policy composition at application plane, flow rule conflict detection and resolution at the control plane. We follow the design principles of object-oriented paradigm such as code-re-utilization, methods abstraction, aggregation for the implementation of SDNSOC on a multi-tenant cloud network. The key benefits obtained using this approach are (i) The network administrator is abstracted from complex-implementation details of SFC. The end-to-end policy composition of different network functions is handled by an object-oriented framework in an automated fashion. We achieve 37% lower latency in SFC composition compared to nearest competitors-SICS and PGA. (ii) Policy conflict detection between the existing traffic rules and incoming traffic is handled by SDNSOC in a scalable manner. The solution scales well on a large cloud network., and 18% faster security policy conflict detection on a cloud network with 100k OpenFlow rules compared to similar works-Brew, and Flowguard.

Original languageEnglish (US)
Title of host publicationSDN-NFV 2019 - Proceedings of the ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2019
PublisherAssociation for Computing Machinery, Inc
Pages7-12
Number of pages6
ISBN (Electronic)9781450356350
DOIs
StatePublished - Mar 19 2019
Event2019 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, SDN-NFV 2019, co-located with CODASPY 2019 - Richardson, United States
Duration: Mar 27 2019 → …

Publication series

NameSDN-NFV 2019 - Proceedings of the ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2019

Conference

Conference2019 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, SDN-NFV 2019, co-located with CODASPY 2019
CountryUnited States
CityRichardson
Period3/27/19 → …

Fingerprint

Computer networks
Telecommunication traffic
Chemical analysis
Computer programming
Agglomeration
Software defined networking

Keywords

  • Policy Conflict Detection
  • Service Function Chaining (SFC)
  • Software Defined Networking (SDN)

ASJC Scopus subject areas

  • Information Systems
  • Software
  • Computer Science Applications

Cite this

Chowdhary, A., Huang, D., Ahn, G-J., Kang, M., Kim, A., & Velazquez, A. (2019). SDNSOC: Object oriented SDN framework. In SDN-NFV 2019 - Proceedings of the ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2019 (pp. 7-12). [3309196] (SDN-NFV 2019 - Proceedings of the ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2019). Association for Computing Machinery, Inc. https://doi.org/10.1145/3309194.3309196

SDNSOC : Object oriented SDN framework. / Chowdhary, Ankur; Huang, Dijiang; Ahn, Gail-Joon; Kang, Myong; Kim, Anya; Velazquez, Alexander.

SDN-NFV 2019 - Proceedings of the ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2019. Association for Computing Machinery, Inc, 2019. p. 7-12 3309196 (SDN-NFV 2019 - Proceedings of the ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2019).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Chowdhary, A, Huang, D, Ahn, G-J, Kang, M, Kim, A & Velazquez, A 2019, SDNSOC: Object oriented SDN framework. in SDN-NFV 2019 - Proceedings of the ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2019., 3309196, SDN-NFV 2019 - Proceedings of the ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2019, Association for Computing Machinery, Inc, pp. 7-12, 2019 ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, SDN-NFV 2019, co-located with CODASPY 2019, Richardson, United States, 3/27/19. https://doi.org/10.1145/3309194.3309196
Chowdhary A, Huang D, Ahn G-J, Kang M, Kim A, Velazquez A. SDNSOC: Object oriented SDN framework. In SDN-NFV 2019 - Proceedings of the ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2019. Association for Computing Machinery, Inc. 2019. p. 7-12. 3309196. (SDN-NFV 2019 - Proceedings of the ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2019). https://doi.org/10.1145/3309194.3309196
Chowdhary, Ankur ; Huang, Dijiang ; Ahn, Gail-Joon ; Kang, Myong ; Kim, Anya ; Velazquez, Alexander. / SDNSOC : Object oriented SDN framework. SDN-NFV 2019 - Proceedings of the ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2019. Association for Computing Machinery, Inc, 2019. pp. 7-12 (SDN-NFV 2019 - Proceedings of the ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2019).
@inproceedings{cca73c87e9814135a33c46fa7918dd01,
title = "SDNSOC: Object oriented SDN framework",
abstract = "The cloud networks managed by SDN can have multi-tier policy and rule conflicts. The application plane can have conflicting user-defined policies, and the infrastructure layer can have Open-Flow rules conflicting with each other. There is no scalable, and, automated programming framework to detect and resolve multitier conflicts in SDN-based cloud networks. We present an objectoriented programming framework-SDN Security Operation Center (SDNSOC), which handles policy composition at application plane, flow rule conflict detection and resolution at the control plane. We follow the design principles of object-oriented paradigm such as code-re-utilization, methods abstraction, aggregation for the implementation of SDNSOC on a multi-tenant cloud network. The key benefits obtained using this approach are (i) The network administrator is abstracted from complex-implementation details of SFC. The end-to-end policy composition of different network functions is handled by an object-oriented framework in an automated fashion. We achieve 37{\%} lower latency in SFC composition compared to nearest competitors-SICS and PGA. (ii) Policy conflict detection between the existing traffic rules and incoming traffic is handled by SDNSOC in a scalable manner. The solution scales well on a large cloud network., and 18{\%} faster security policy conflict detection on a cloud network with 100k OpenFlow rules compared to similar works-Brew, and Flowguard.",
keywords = "Policy Conflict Detection, Service Function Chaining (SFC), Software Defined Networking (SDN)",
author = "Ankur Chowdhary and Dijiang Huang and Gail-Joon Ahn and Myong Kang and Anya Kim and Alexander Velazquez",
year = "2019",
month = "3",
day = "19",
doi = "10.1145/3309194.3309196",
language = "English (US)",
series = "SDN-NFV 2019 - Proceedings of the ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2019",
publisher = "Association for Computing Machinery, Inc",
pages = "7--12",
booktitle = "SDN-NFV 2019 - Proceedings of the ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2019",

}

TY - GEN

T1 - SDNSOC

T2 - Object oriented SDN framework

AU - Chowdhary, Ankur

AU - Huang, Dijiang

AU - Ahn, Gail-Joon

AU - Kang, Myong

AU - Kim, Anya

AU - Velazquez, Alexander

PY - 2019/3/19

Y1 - 2019/3/19

N2 - The cloud networks managed by SDN can have multi-tier policy and rule conflicts. The application plane can have conflicting user-defined policies, and the infrastructure layer can have Open-Flow rules conflicting with each other. There is no scalable, and, automated programming framework to detect and resolve multitier conflicts in SDN-based cloud networks. We present an objectoriented programming framework-SDN Security Operation Center (SDNSOC), which handles policy composition at application plane, flow rule conflict detection and resolution at the control plane. We follow the design principles of object-oriented paradigm such as code-re-utilization, methods abstraction, aggregation for the implementation of SDNSOC on a multi-tenant cloud network. The key benefits obtained using this approach are (i) The network administrator is abstracted from complex-implementation details of SFC. The end-to-end policy composition of different network functions is handled by an object-oriented framework in an automated fashion. We achieve 37% lower latency in SFC composition compared to nearest competitors-SICS and PGA. (ii) Policy conflict detection between the existing traffic rules and incoming traffic is handled by SDNSOC in a scalable manner. The solution scales well on a large cloud network., and 18% faster security policy conflict detection on a cloud network with 100k OpenFlow rules compared to similar works-Brew, and Flowguard.

AB - The cloud networks managed by SDN can have multi-tier policy and rule conflicts. The application plane can have conflicting user-defined policies, and the infrastructure layer can have Open-Flow rules conflicting with each other. There is no scalable, and, automated programming framework to detect and resolve multitier conflicts in SDN-based cloud networks. We present an objectoriented programming framework-SDN Security Operation Center (SDNSOC), which handles policy composition at application plane, flow rule conflict detection and resolution at the control plane. We follow the design principles of object-oriented paradigm such as code-re-utilization, methods abstraction, aggregation for the implementation of SDNSOC on a multi-tenant cloud network. The key benefits obtained using this approach are (i) The network administrator is abstracted from complex-implementation details of SFC. The end-to-end policy composition of different network functions is handled by an object-oriented framework in an automated fashion. We achieve 37% lower latency in SFC composition compared to nearest competitors-SICS and PGA. (ii) Policy conflict detection between the existing traffic rules and incoming traffic is handled by SDNSOC in a scalable manner. The solution scales well on a large cloud network., and 18% faster security policy conflict detection on a cloud network with 100k OpenFlow rules compared to similar works-Brew, and Flowguard.

KW - Policy Conflict Detection

KW - Service Function Chaining (SFC)

KW - Software Defined Networking (SDN)

UR - http://www.scopus.com/inward/record.url?scp=85066116204&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85066116204&partnerID=8YFLogxK

U2 - 10.1145/3309194.3309196

DO - 10.1145/3309194.3309196

M3 - Conference contribution

T3 - SDN-NFV 2019 - Proceedings of the ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2019

SP - 7

EP - 12

BT - SDN-NFV 2019 - Proceedings of the ACM International Workshop on Security in Software Defined Networks and Network Function Virtualization, co-located with CODASPY 2019

PB - Association for Computing Machinery, Inc

ER -