用集中式信誉管理隔离分布式软件定义网络中的恶意控制器

International Journal of Future Generation Communication and Networking Pub Date : 2018-09-30 DOI:10.14257/IJFGCN.2018.11.5.02

Bilal Karim Mughal, S. Hameed, B. Hameed

{"title":"用集中式信誉管理隔离分布式软件定义网络中的恶意控制器","authors":"Bilal Karim Mughal, S. Hameed, B. Hameed","doi":"10.14257/IJFGCN.2018.11.5.02","DOIUrl":null,"url":null,"abstract":"Although software-defined networks have seen a sharp increase in their deployment around the world, with big tech companies including Microsoft and Google, to name a few, tapping into the enormous potential that these networks offer, there are still various security loopholes that need to be plugged. One such security-related issues is that of a rogue controller bringing down an entire network. As we shall see in this paper, this problem is still short of any definitive solutions, especially when it comes to distributed software-defined networks. We attempt to resolve this issue by developing a centrally managed trust and reputation scheme. By proactively comparing the policies/flow rules that need to be installed in the switches with those that are actually installed, our scheme singles out a malicious controller. We have evaluated the scheme for scalability, message overhead, and for bad-mouthing attacks. Our results suggest that using trust and reputation system can greatly enhance the network security in this scenario as demonstrated by rigorous evaluations in Emulab network emulation testbed.","PeriodicalId":45234,"journal":{"name":"International Journal of Future Generation Communication and Networking","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2018-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Isolating Malicious Controller(s) In Distributed Software-Defined Networks with Centralized Reputation Management\",\"authors\":\"Bilal Karim Mughal, S. Hameed, B. Hameed\",\"doi\":\"10.14257/IJFGCN.2018.11.5.02\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Although software-defined networks have seen a sharp increase in their deployment around the world, with big tech companies including Microsoft and Google, to name a few, tapping into the enormous potential that these networks offer, there are still various security loopholes that need to be plugged. One such security-related issues is that of a rogue controller bringing down an entire network. As we shall see in this paper, this problem is still short of any definitive solutions, especially when it comes to distributed software-defined networks. We attempt to resolve this issue by developing a centrally managed trust and reputation scheme. By proactively comparing the policies/flow rules that need to be installed in the switches with those that are actually installed, our scheme singles out a malicious controller. We have evaluated the scheme for scalability, message overhead, and for bad-mouthing attacks. Our results suggest that using trust and reputation system can greatly enhance the network security in this scenario as demonstrated by rigorous evaluations in Emulab network emulation testbed.\",\"PeriodicalId\":45234,\"journal\":{\"name\":\"International Journal of Future Generation Communication and Networking\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-09-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Future Generation Communication and Networking\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.14257/IJFGCN.2018.11.5.02\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Future Generation Communication and Networking","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14257/IJFGCN.2018.11.5.02","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

摘要

尽管软件定义网络在世界各地的部署急剧增加，包括微软和谷歌在内的大型科技公司利用了这些网络提供的巨大潜力，但仍有各种安全漏洞需要堵塞。其中一个与安全相关的问题是流氓控制器导致整个网络瘫痪。正如我们将在本文中看到的，这个问题仍然缺乏任何明确的解决方案，尤其是当涉及到分布式软件定义网络时。我们试图通过制定一个集中管理的信托和声誉计划来解决这个问题。通过主动比较需要安装在交换机中的策略/流规则与实际安装的策略/流程规则，我们的方案挑出了一个恶意控制器。我们已经评估了该方案的可扩展性、消息开销和恶意攻击。我们的研究结果表明，在这种情况下，使用信任和信誉系统可以大大提高网络安全性，Emulab网络仿真试验台的严格评估证明了这一点。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Isolating Malicious Controller(s) In Distributed Software-Defined Networks with Centralized Reputation Management

Although software-defined networks have seen a sharp increase in their deployment around the world, with big tech companies including Microsoft and Google, to name a few, tapping into the enormous potential that these networks offer, there are still various security loopholes that need to be plugged. One such security-related issues is that of a rogue controller bringing down an entire network. As we shall see in this paper, this problem is still short of any definitive solutions, especially when it comes to distributed software-defined networks. We attempt to resolve this issue by developing a centrally managed trust and reputation scheme. By proactively comparing the policies/flow rules that need to be installed in the switches with those that are actually installed, our scheme singles out a malicious controller. We have evaluated the scheme for scalability, message overhead, and for bad-mouthing attacks. Our results suggest that using trust and reputation system can greatly enhance the network security in this scenario as demonstrated by rigorous evaluations in Emulab network emulation testbed.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Journal of Future Generation Communication and Networking TELECOMMUNICATIONS-

自引率

0.00%

发文量

期刊介绍： The topics covered by IJFGCN include the following:- -Communication Basic and Infrastructure: *Algorithms, Architecture, and Infrastructures *Communication protocols *Communication Systems *Telecommunications *Transmission TechniquesEtc. -Networks Basic and Management: *Network Management Techniques *Network Modeling and Simulation *Network Systems and Devices *Networks Security, Encryption and Cryptography *Wireless Networks, Ad-Hoc and Sensor Networks *Etc. -Multimedia Application: *Digital Rights Management *Documents Monetization and Interpretation *Management and Diffusion of Multimedia Applications *Multimedia Data Base *Etc. -Image, Video, Signal and Information Processing: *Analysis and Processing *Compression and Coding *Information Fusion *Rationing Methods and Data mining *Etc.