Proceedings ArticleDOI
Virtualized network views for localizing misbehaving sources in SDN data planes
Maha Shamseddine,Wassim Itani,Ayman Kayssi,Ali Chehab +3 more
- pp 1-7
TLDR
VISKA leverages network virtualization and secure probabilistic sketching to isolate misbehaving switches in the underlying SDN network data plane to dynamically isolate parts of the data plane and check their forwarding behavior.Abstract:
In this paper, we present VISKA, a Cloud security service for detecting malicious switching elements in software defined networking (SDN) environments. VISKA leverages network virtualization and secure probabilistic sketching to isolate misbehaving switches in the underlying SDN network data plane. The main contribution lies in utilizing network virtualization in SDN environments to dynamically isolate parts of the data plane and check their forwarding behavior. This is achieved by applying a set of focused packet probing and sketching mechanisms on virtualized network views mapped to these data plane partitions instead of focusing the security mechanisms on the whole physical network. VISKA flexibly analyzes the network behavior of the granular virtual views and recursively partitions these views to reduce the problem size in order to localize abnormal/malicious network switching units. A test bed prototype implementation is realized on the OpenVirtex SDN network virtualization platform. The experimental analysis corroborated the algorithm's convergence property using the linear and FatTree topologies with SDN network sizes of up to 250 switching units.read more
Citations
More filters
Dissertation
Balanceamento entre segurança e desempenho na comunicação entre os planos de controle e dados em redes definidas por software
TL;DR: In this paper, a possibilidade de balancear seguranca e desempenho na comunicacao envolvendo controlador-switch em redes definidas por software is discussed.
Journal ArticleDOI
A comprehensive survey on software‐defined networking for smart communities
Journal ArticleDOI
Network Programming and Probabilistic Sketching for Securing the Data Plane
TL;DR: In this article, the authors present VISKA, a cloud security service for dynamically detecting malicious switching elements in software defined networking (SDN) infrastructures, which uses network programming and secure probabilistic sketching in SDN environments to detect and isolate parts of the data plane that experience malicious behavior.
Journal ArticleDOI
Secure and Reliable Network Updates
TL;DR: Extensive experiments show that SERENE imposes minimal switch burden and scales to large networks running multiple network applications all requiring concurrent network updates, imposing at worst a 16% overhead on short-lived flow completion and negligible overhead on anticipated normal workloads.
References
More filters
Journal ArticleDOI
OpenFlow: enabling innovation in campus networks
Nick McKeown,Thomas Anderson,Hari Balakrishnan,Guru Parulkar,Larry L. Peterson,Jennifer Rexford,Scott Shenker,Jonathan S. Turner +7 more
TL;DR: This whitepaper proposes OpenFlow: a way for researchers to run experimental protocols in the networks they use every day, based on an Ethernet switch, with an internal flow-table, and a standardized interface to add and remove flow entries.
Journal ArticleDOI
A scalable, commodity data center network architecture
TL;DR: This paper shows how to leverage largely commodity Ethernet switches to support the full aggregate bandwidth of clusters consisting of tens of thousands of elements and argues that appropriately architected and interconnected commodity switches may deliver more performance at less cost than available from today's higher-end solutions.
FlowVisor: A Network Virtualization Layer
Rob Sherwood,Glen Gibb,Kok-Kiong Yap,Guido Appenzeller,Martin Casado,Nick McKeown,Guru Parulkar +6 more
TL;DR: This paper builds a research platform which allows multiple network experiments to run side-by-side with production traffic while still providing isolation and hardware forwarding speeds and presents a new approach to switch virtualization in which the same hardware forwarding plane can be shared among multiple logical networks, each with distinct forwarding logic.
Proceedings ArticleDOI
Towards secure and dependable software-defined networks
TL;DR: This paper describes several threat vectors that may enable the exploit of SDN vulnerabilities and sketches the design of a secure and dependable SDN control platform as a materialization of the concept here advocated.
Journal ArticleDOI
Software-defined networking
TL;DR: Novel architecture allows programmers to quickly reconfigure network resource usage as well as provide real-time information about how the network is being used.