FlowIdentity: Software-defined network access control

Abstract

Software-Defined Networking (SDN) is a new paradigm for building computer networks through the decoupling of the control and forwarding functions of network devices. This has provided not only an exciting opportunity for the industry and researchers to solve some of the most persistent networking problems, but also an environment where creative network applications and services are more easily developed and deployed to solve specific business needs. In this paper, we present FlowIdentity - a virtualized network access control function using OpenFlow protocol. FlowIdentity implements 802.1X framework in SDN architecture, combined with a novel authorization method through a stateful role-based firewall. Policy definition is based on high-level endpoints' role which can be dynamically updated and enforced directly on the centralized 802.1X authenticator. Our solution solves some outlined persistent challenges facing the traditional port-based access control method to provide an effective enterprise network access control solution, and also provides a platform that encourages network operators, equipment vendors and researchers to develop innovative alternatives to the current solutions.