12 Scopus citations

Abstract

Separation of network control from devices in Software Defined Network (SDN) allows for centralized implementation and management of security policies in a cloud computing environment. The ease of programmability also makes SDN a great platform implementation of various initiatives that involve application deployment, dynamic topology changes, and decentralized network management in a multi-tenant data center environment. Dynamic change of network topology, or host reconfiguration in such networks might require corresponding changes to the flow rules in the SDN based cloud environment. Verifying adherence of these new flow policies in the environment to the organizational security policies and ensuring a conflict free environment is especially challenging. In this paper, we extend the work on rule conflicts from a traditional environment to an SDN environment, introducing a new classification to describe conflicts stemming from cross-layer conflicts. Our framework ensures that in any SDN based cloud, flow rules do not have conflicts at any layer; thereby ensuring that changes to the environment do not lead to unintended consequences. We demonstrate the correctness, feasibility and scalability of our framework through a proof-of-concept prototype.

Original languageEnglish (US)
Title of host publication2016 IEEE Conference on Communications and Network Security, CNS 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages19-27
Number of pages9
ISBN (Electronic)9781509030651
DOIs
StatePublished - Feb 21 2017
Event2016 IEEE Conference on Communications and Network Security, CNS 2016 - Philadelphia, United States
Duration: Oct 17 2016Oct 19 2016

Other

Other2016 IEEE Conference on Communications and Network Security, CNS 2016
CountryUnited States
CityPhiladelphia
Period10/17/1610/19/16

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Fingerprint Dive into the research topics of 'Security policy checking in distributed SDN based clouds'. Together they form a unique fingerprint.

  • Cite this

    Pisharody, S., Chowdhary, A., & Huang, D. (2017). Security policy checking in distributed SDN based clouds. In 2016 IEEE Conference on Communications and Network Security, CNS 2016 (pp. 19-27). [7860466] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CNS.2016.7860466