8 Scopus citations

Abstract

OpenFlow, as the prevailing technique for Software-Defined Networks (SDNs), introduces significant programmability, granularity, and flexibility for many network applications to effectively manage and process network flows. However, because OpenFlow attempts to keep the SDN data plane simple and efficient, it focuses solely on L2/L3 network transport and consequently lacks the fundamental ability of stateful forwarding for the data plane. Also, OpenFlow provides a very limited access to connection-level information in the SDN controller. In particular, for any network access management applications on SDNs that require comprehensive network state information, these inherent limitations of Open-Flow pose significant challenges in supporting network services. To address these challenges, we propose an innovative connection tracking framework called STATEMON that introduces a global state-Awareness to provide better access control in SDNs. STATEMON is based on a lightweight extension of OpenFlow for programming the stateful SDN data plane, while keeping the underlying network devices as simple as possible. To demonstrate the practicality and feasibility of STATEMON, we implement and evaluate a stateful network firewall and port knocking applications for SDNs, using the APIs provided by STATEMON. Our evaluations show that STATEMON introduces minimal message exchanges for monitoring active connections in SDNs with manageable overhead (3.27% throughput degradation).

Original languageEnglish (US)
Title of host publicationSACMAT 2016 - Proceedings of the 21st ACM Symposium on Access Control Models and Technologies
PublisherAssociation for Computing Machinery
Pages1-11
Number of pages11
ISBN (Electronic)9781450338028
DOIs
StatePublished - Jun 6 2016
Event21st ACM Symposium on Access Control Models and Technologies, SACMAT 2016 - Shanghai, China
Duration: Jun 6 2016Jun 8 2016

Publication series

NameProceedings of ACM Symposium on Access Control Models and Technologies, SACMAT
Volume06-08-June-2016

Conference

Conference21st ACM Symposium on Access Control Models and Technologies, SACMAT 2016
CountryChina
CityShanghai
Period6/6/166/8/16

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality
  • Information Systems

Fingerprint Dive into the research topics of 'State-Aware network access management for software-defined networks'. Together they form a unique fingerprint.

  • Cite this

    Han, W., Hu, H., Zhao, Z., Doupe, A., Ahn, G-J., Wang, K. C., & Deng, J. (2016). State-Aware network access management for software-defined networks. In SACMAT 2016 - Proceedings of the 21st ACM Symposium on Access Control Models and Technologies (pp. 1-11). (Proceedings of ACM Symposium on Access Control Models and Technologies, SACMAT; Vol. 06-08-June-2016). Association for Computing Machinery. https://doi.org/10.1145/2914642.2914643