Advanced

SDN Access Control for the Masses

Paladi, Nicolae LU and Gehrmann, Christian LU (2019) In Computers and Security 80. p.155-172
Abstract

The evolution of Software-Defined Networking (SDN) has so far been predominantly geared towards defining and refining the abstractions on the forwarding and control planes. However, despite a maturing south-bound interface and a range of proposed network operating systems, the network management application layer is yet to be specified and standardized. It has currently poorly defined access control mechanisms that could be exposed to network applications. Available mechanisms allow only rudimentary control and lack procedures to partition resource access across multiple dimensions. We address this by extending the SDN north-bound interface to provide control over shared resources to key stakeholders of network infrastructure: network... (More)

The evolution of Software-Defined Networking (SDN) has so far been predominantly geared towards defining and refining the abstractions on the forwarding and control planes. However, despite a maturing south-bound interface and a range of proposed network operating systems, the network management application layer is yet to be specified and standardized. It has currently poorly defined access control mechanisms that could be exposed to network applications. Available mechanisms allow only rudimentary control and lack procedures to partition resource access across multiple dimensions. We address this by extending the SDN north-bound interface to provide control over shared resources to key stakeholders of network infrastructure: network providers, operators and application developers. We introduce a taxonomy of SDN access models, describe a comprehensive design for SDN access control and implement the proposed solution as an extension of the ONOS network controller intent framework.

(Less)
Please use this url to cite or link to this publication:
author
organization
publishing date
type
Contribution to journal
publication status
published
subject
keywords
Access control, Network abstractions, North-bound interface, Security, Software-defined networking
in
Computers and Security
volume
80
pages
18 pages
external identifiers
  • scopus:85054899526
ISSN
0167-4048
DOI
10.1016/j.cose.2018.10.003
language
English
LU publication?
yes
id
76ccbd3d-b3e3-4774-81ee-f2ce02bc1cd8
date added to LUP
2018-10-26 13:22:54
date last changed
2018-10-26 13:22:54
@article{76ccbd3d-b3e3-4774-81ee-f2ce02bc1cd8,
  abstract     = {<p>The evolution of Software-Defined Networking (SDN) has so far been predominantly geared towards defining and refining the abstractions on the forwarding and control planes. However, despite a maturing south-bound interface and a range of proposed network operating systems, the network management application layer is yet to be specified and standardized. It has currently poorly defined access control mechanisms that could be exposed to network applications. Available mechanisms allow only rudimentary control and lack procedures to partition resource access across multiple dimensions. We address this by extending the SDN north-bound interface to provide control over shared resources to key stakeholders of network infrastructure: network providers, operators and application developers. We introduce a taxonomy of SDN access models, describe a comprehensive design for SDN access control and implement the proposed solution as an extension of the ONOS network controller intent framework.</p>},
  author       = {Paladi, Nicolae and Gehrmann, Christian},
  issn         = {0167-4048},
  keyword      = {Access control,Network abstractions,North-bound interface,Security,Software-defined networking},
  language     = {eng},
  pages        = {155--172},
  series       = {Computers and Security},
  title        = {SDN Access Control for the Masses},
  url          = {http://dx.doi.org/10.1016/j.cose.2018.10.003},
  volume       = {80},
  year         = {2019},
}