Demo: Leveraging SDN in Critical Infrastructures

Abstract

Recent developments in computer networks increased flexibility, making them more dynamic and programmable, e.g., by SDN and NFV. However, this also increased complexity and volatility of network components. This is a challenge for highly regulated environments such as critical infrastructure networks where certified components are used to guarantee security requirements of infrastructures, e.g., through mandatory filtering or encryption of network traffic. This demo paper presents a setup where programmable and volatile components are separated from trusted, and thus certified, components. In particular, programmable Network Operating Systems (NOSes) and SDN controllers are deployed to steer the network flows in a VPN overlay. Yet, these flexible components do not have to be included into a certification process.