Trust establishment framework between SDN controller and applications

Abstract

Software Defined Networks (SDNs) is a new network paradigm and is gaining significant attention in recent years. However, security remains a great challenge, though several improvements have been proposed. A key security challenge is the lack of trust between the SDN controller and the applications running atop the control plane. SDN controller can easily be attacked if these applications are malicious or compromised by an attacker to control the entire network or even result in network failure since it represents a single point of failure in the SDN. Though trust mechanisms to verify network devices exist, mechanisms to verify management applications are still not well developed. Therefore, this paper proposes a unique direct trust establishment framework between an OpenFlow-based SDN controller and the applications. The objective is to ensure that SDN controller is protected and multitude of applications that regularly consume network resources are always trusted throughout their lifetime. Additionally, the paper introduced the concept of trust access matrix and application identity to ensure efficient control of network resources. Based on its operation, if this proposed trust model is adopted in the OpenFlow architecture, it could go a long way to improve the security of the SDN and protect the controller.