SDN Access Control for the Masses

Paladi, Nicolae; Gehrmann, Christian

SDN Access Control for the Masses

Mark

Paladi, Nicolae ^LU

and Gehrmann, Christian ^LU (2019) In Computers and Security 80. p.155-172

Abstract: The evolution of Software-Defined Networking (SDN) has so far been predominantly geared towards defining and refining the abstractions on the forwarding and control planes. However, despite a maturing south-bound interface and a range of proposed network operating systems, the network management application layer is yet to be specified and standardized. It has currently poorly defined access control mechanisms that could be exposed to network applications. Available mechanisms allow only rudimentary control and lack procedures to partition resource access across multiple dimensions. We address this by extending the SDN north-bound interface to provide control over shared resources to key stakeholders of network infrastructure: network... (More); The evolution of Software-Defined Networking (SDN) has so far been predominantly geared towards defining and refining the abstractions on the forwarding and control planes. However, despite a maturing south-bound interface and a range of proposed network operating systems, the network management application layer is yet to be specified and standardized. It has currently poorly defined access control mechanisms that could be exposed to network applications. Available mechanisms allow only rudimentary control and lack procedures to partition resource access across multiple dimensions. We address this by extending the SDN north-bound interface to provide control over shared resources to key stakeholders of network infrastructure: network providers, operators and application developers. We introduce a taxonomy of SDN access models, describe a comprehensive design for SDN access control and implement the proposed solution as an extension of the ONOS network controller intent framework.
(Less)

Please use this url to cite or link to this publication: https://lup.lub.lu.se/record/76ccbd3d-b3e3-4774-81ee-f2ce02bc1cd8

author

Paladi, Nicolae ^LU

and Gehrmann, Christian ^LU

organization

Networks and Security (research group)

publishing date

2019

type

Contribution to journal

publication status

published

subject

Software Engineering

keywords

Access control, Network abstractions, North-bound interface, Security, Software-defined networking

in

Computers and Security

volume

80

pages

18 pages

publisher

Elsevier

external identifiers

scopus:85054899526

ISSN

0167-4048

DOI

10.1016/j.cose.2018.10.003

project

Cloudification of Production Engineering for Predictive Digital Manufacturing

Cyber Security for Next Generation Factory (SEC4FACTORY)

Säkra mjukvaruuppdateringar för den smarta staden

language

English

LU publication?

yes

id

76ccbd3d-b3e3-4774-81ee-f2ce02bc1cd8

date added to LUP

2018-10-26 13:22:54

date last changed

2023-04-08 19:27:23

@article{76ccbd3d-b3e3-4774-81ee-f2ce02bc1cd8,
  abstract     = {{<p>The evolution of Software-Defined Networking (SDN) has so far been predominantly geared towards defining and refining the abstractions on the forwarding and control planes. However, despite a maturing south-bound interface and a range of proposed network operating systems, the network management application layer is yet to be specified and standardized. It has currently poorly defined access control mechanisms that could be exposed to network applications. Available mechanisms allow only rudimentary control and lack procedures to partition resource access across multiple dimensions. We address this by extending the SDN north-bound interface to provide control over shared resources to key stakeholders of network infrastructure: network providers, operators and application developers. We introduce a taxonomy of SDN access models, describe a comprehensive design for SDN access control and implement the proposed solution as an extension of the ONOS network controller intent framework.</p>}},
  author       = {{Paladi, Nicolae and Gehrmann, Christian}},
  issn         = {{0167-4048}},
  keywords     = {{Access control; Network abstractions; North-bound interface; Security; Software-defined networking}},
  language     = {{eng}},
  pages        = {{155--172}},
  publisher    = {{Elsevier}},
  series       = {{Computers and Security}},
  title        = {{SDN Access Control for the Masses}},
  url          = {{http://dx.doi.org/10.1016/j.cose.2018.10.003}},
  doi          = {{10.1016/j.cose.2018.10.003}},
  volume       = {{80}},
  year         = {{2019}},
}

Lund University Publications

LUND UNIVERSITY LIBRARIES

SDN Access Control for the Masses