On the design and implementation of a security architecture for software defined networks

Karmakar, Kallol Krishna; Varadharajan, Vijay; Tupakula, Udaya

doi:10.1109/HPCC-SmartCity-DSS.2016.0099

Author(s)

Karmakar, Kallol Krishna

Varadharajan, Vijay

Tupakula, Udaya

Publication Date

2016

Abstract

<p>In this paper, we propose techniques for securing Software Defined Networks(SDN). We describe the design of a security architecture that makes use of security applications on top of the SDN Controller to specify fine granular security policies based on domain wide knowledge of the domain and Security Agents to enforce these policies in the switches in the data plane. We have extended the Open Flow protocol to enable communication of the security policies between the security applications in the Controller to the agents in the switches. We have implemented the security architecture using POX Controller and demonstrated the operation of our architecture in a range of scenarios such as enforcing specific security policies for different traffic with different services, counteracting attacks such as Heartbleed and Shellshock as well as spoofing attacks, and protecting Content Management Systems(CMS) from data confidentiality attacks.</p>

Citation

Proceedings of the 18th IEEE International Conference on High Performance Computing and Communications (HPCC 2016), p. 671-678

ISBN

9781509042975

9781509042982

Link

https://hdl.handle.net/1959.11/57331

Language

en

Publisher

Institute of Electrical and Electronics Engineers

Title

On the design and implementation of a security architecture for software defined networks

Type of document

Conference Publication

Entity Type

Publication

Author(s)	Karmakar, Kallol Krishna Varadharajan, Vijay Tupakula, Udaya
Publication Date	2016
Abstract	<p>In this paper, we propose techniques for securing Software Defined Networks(SDN). We describe the design of a security architecture that makes use of security applications on top of the SDN Controller to specify fine granular security policies based on domain wide knowledge of the domain and Security Agents to enforce these policies in the switches in the data plane. We have extended the Open Flow protocol to enable communication of the security policies between the security applications in the Controller to the agents in the switches. We have implemented the security architecture using POX Controller and demonstrated the operation of our architecture in a range of scenarios such as enforcing specific security policies for different traffic with different services, counteracting attacks such as Heartbleed and Shellshock as well as spoofing attacks, and protecting Content Management Systems(CMS) from data confidentiality attacks.</p>
Citation	Proceedings of the 18th IEEE International Conference on High Performance Computing and Communications (HPCC 2016), p. 671-678
ISBN	9781509042975 9781509042982
Link	https://hdl.handle.net/1959.11/57331
Language	en
Publisher	Institute of Electrical and Electronics Engineers
Title	On the design and implementation of a security architecture for software defined networks
Type of document	Conference Publication
Entity Type	Publication

On the design and implementation of a security architecture for software defined networks

Files: