Security-aware data provenance for multi-domain software-defined networks

IF 5.4 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2025-09-22 DOI:10.1016/j.cose.2025.104677

Visal Dam, Fariha Tasmin Jaigirdar, Kallol Krishna Karmakar, Adnan Anwar

{"title":"Security-aware data provenance for multi-domain software-defined networks","authors":"Visal Dam, Fariha Tasmin Jaigirdar, Kallol Krishna Karmakar, Adnan Anwar","doi":"10.1016/j.cose.2025.104677","DOIUrl":null,"url":null,"abstract":"<div><div>As interconnectivity increases, Software-defined Networking (SDN) offers a centralized, dynamic, and programmable approach to network management. However, a significant concern lies in the transparency of network devices and data propagation, which contribute to security awareness gaps in SDN domains. Documenting and aggregating network metadata is therefore crucial to detect anomalies and linked events, which is related to the concept of data provenance. However, existing provenance solutions merely collect data without validating it, focus mainly on single-domain SDNs, and overlook supposedly-benign aspects such as switch authentication states, flow rules, and network paths. This paper explores how integrating security metadata into provenance graphs with predefined security policies increases security awareness. With this goal, we propose PRISM-Prov, a security-aware provenance framework for distributed SDNs. To the best of our knowledge, this work is the first of its kind. We identify and discuss the metadata required to enable security awareness, implementing a proof-of-concept for the popular ONOS controller. Our method is tested against six attack scenarios, confirming real-time detection capabilities, and adding only 0.021 ms to 0.102 ms to average packet processing times <span><math><mo>−</mo></math></span> an overhead of 4.89% to 13.4% for small and large topologies, respectively <span><math><mo>−</mo></math></span> demonstrating low performance costs. Finally, this study promotes security awareness in SDNs to enhance data transparency, as well as risk and trust-based decision-making systems.</div></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":"159 ","pages":"Article 104677"},"PeriodicalIF":5.4000,"publicationDate":"2025-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404825003669","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

As interconnectivity increases, Software-defined Networking (SDN) offers a centralized, dynamic, and programmable approach to network management. However, a significant concern lies in the transparency of network devices and data propagation, which contribute to security awareness gaps in SDN domains. Documenting and aggregating network metadata is therefore crucial to detect anomalies and linked events, which is related to the concept of data provenance. However, existing provenance solutions merely collect data without validating it, focus mainly on single-domain SDNs, and overlook supposedly-benign aspects such as switch authentication states, flow rules, and network paths. This paper explores how integrating security metadata into provenance graphs with predefined security policies increases security awareness. With this goal, we propose PRISM-Prov, a security-aware provenance framework for distributed SDNs. To the best of our knowledge, this work is the first of its kind. We identify and discuss the metadata required to enable security awareness, implementing a proof-of-concept for the popular ONOS controller. Our method is tested against six attack scenarios, confirming real-time detection capabilities, and adding only 0.021 ms to 0.102 ms to average packet processing times

-

an overhead of 4.89% to 13.4% for small and large topologies, respectively

-

demonstrating low performance costs. Finally, this study promotes security awareness in SDNs to enhance data transparency, as well as risk and trust-based decision-making systems.

查看原文本刊更多论文

面向多域软件定义网络的安全感知数据溯源

随着互连性的增加，软件定义网络（SDN）为网络管理提供了一种集中的、动态的和可编程的方法。然而，一个重要的问题在于网络设备和数据传播的透明度，这导致了SDN域的安全意识差距。因此，记录和聚合网络元数据对于检测异常和关联事件至关重要，这与数据来源的概念有关。然而，现有的溯源解决方案只是收集数据而不进行验证，主要关注单域sdn，而忽略了交换机身份验证状态、流规则和网络路径等看似良性的方面。本文探讨了如何将安全元数据集成到具有预定义安全策略的来源图中，从而提高安全意识。为此，我们提出了prism - prove，这是一个分布式sdn的安全意识来源框架。据我们所知，这项工作是史无前例的。我们确定并讨论启用安全意识所需的元数据，为流行的ONOS控制器实现概念验证。我们的方法针对六种攻击场景进行了测试，确认了实时检测能力，平均数据包处理时间仅增加0.021 ms至0.102 ms -小型和大型拓扑的开销分别为4.89%至13.4% -显示了较低的性能成本。最后，本研究提高了sdn的安全意识，以提高数据透明度，以及基于风险和信任的决策系统。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.