S. Betgé-Brezetz, Guy-Bertrand Kamga, Ali El Amrani Joutei, Oussama Maalmi
{"title":"基于sdn的可信路径控制","authors":"S. Betgé-Brezetz, Guy-Bertrand Kamga, Ali El Amrani Joutei, Oussama Maalmi","doi":"10.1109/NOF.2014.7119799","DOIUrl":null,"url":null,"abstract":"Security of sensitive data in the network is a key issue in a world where such sensitive data can easily be transferred between different servers and locations (e.g., in networked clouds). In this context, there is a particular need to control the path followed by the data when they move across the cloud (e.g., to avoid crossing -even encrypted- un-trusted nodes or areas). In this paper we proposed therefore a new approach which aims to leverage the programmability offered by the SDN technology in order to enforce a trusted path for the transfer of sensitive data in the network. Given a policy related to the sensitive data (e.g., the data should not cross a given area), our approach allows sending this policy to an extended SDN controller (called Trusted Path Controller) which automatically enforces this policy in the SDN network. Two architectures have been investigated: the Out-of-Band architecture (the policy being sent to the Trusted Path Controller via a Web Service interface) and the In-Band architecture (the policy being sent to the Trusted Path Controller via a dedicated “signaling packet”). These two architectures have been implemented in a SDN controller. Experimentations and evaluations have also been performed on a test-bed of SDN switches which allow showing the feasibility of this approach as well as its performances.","PeriodicalId":435905,"journal":{"name":"2014 International Conference and Workshop on the Network of the Future (NOF)","volume":"52 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"SDN-based Trusted Path Control\",\"authors\":\"S. Betgé-Brezetz, Guy-Bertrand Kamga, Ali El Amrani Joutei, Oussama Maalmi\",\"doi\":\"10.1109/NOF.2014.7119799\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security of sensitive data in the network is a key issue in a world where such sensitive data can easily be transferred between different servers and locations (e.g., in networked clouds). In this context, there is a particular need to control the path followed by the data when they move across the cloud (e.g., to avoid crossing -even encrypted- un-trusted nodes or areas). In this paper we proposed therefore a new approach which aims to leverage the programmability offered by the SDN technology in order to enforce a trusted path for the transfer of sensitive data in the network. Given a policy related to the sensitive data (e.g., the data should not cross a given area), our approach allows sending this policy to an extended SDN controller (called Trusted Path Controller) which automatically enforces this policy in the SDN network. Two architectures have been investigated: the Out-of-Band architecture (the policy being sent to the Trusted Path Controller via a Web Service interface) and the In-Band architecture (the policy being sent to the Trusted Path Controller via a dedicated “signaling packet”). These two architectures have been implemented in a SDN controller. Experimentations and evaluations have also been performed on a test-bed of SDN switches which allow showing the feasibility of this approach as well as its performances.\",\"PeriodicalId\":435905,\"journal\":{\"name\":\"2014 International Conference and Workshop on the Network of the Future (NOF)\",\"volume\":\"52 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 International Conference and Workshop on the Network of the Future (NOF)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NOF.2014.7119799\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 International Conference and Workshop on the Network of the Future (NOF)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NOF.2014.7119799","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Security of sensitive data in the network is a key issue in a world where such sensitive data can easily be transferred between different servers and locations (e.g., in networked clouds). In this context, there is a particular need to control the path followed by the data when they move across the cloud (e.g., to avoid crossing -even encrypted- un-trusted nodes or areas). In this paper we proposed therefore a new approach which aims to leverage the programmability offered by the SDN technology in order to enforce a trusted path for the transfer of sensitive data in the network. Given a policy related to the sensitive data (e.g., the data should not cross a given area), our approach allows sending this policy to an extended SDN controller (called Trusted Path Controller) which automatically enforces this policy in the SDN network. Two architectures have been investigated: the Out-of-Band architecture (the policy being sent to the Trusted Path Controller via a Web Service interface) and the In-Band architecture (the policy being sent to the Trusted Path Controller via a dedicated “signaling packet”). These two architectures have been implemented in a SDN controller. Experimentations and evaluations have also been performed on a test-bed of SDN switches which allow showing the feasibility of this approach as well as its performances.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
