SDN Access Control for the Masses

Nicolae Paladi; Christian Gehrmann

doi:10.1016/j.cose.2018.10.003

SDN Access Control for the Masses

Nicolae Paladi, Christian Gehrmann

RISE SICS AB

Research output: Contribution to journal › Article › peer-review

Abstract

The evolution of Software-Defined Networking (SDN) has so far been predominantly geared towards defining and refining the abstractions on the forwarding and control planes. However, despite a maturing south-bound interface and a range of proposed network operating systems, the network management application layer is yet to be specified and standardized. It has currently poorly defined access control mechanisms that could be exposed to network applications. Available mechanisms allow only rudimentary control and lack procedures to partition resource access across multiple dimensions. We address this by extending the SDN north-bound interface to provide control over shared resources to key stakeholders of network infrastructure: network providers, operators and application developers. We introduce a taxonomy of SDN access models, describe a comprehensive design for SDN access control and implement the proposed solution as an extension of the ONOS network controller intent framework.

Original language	English
Pages (from-to)	155-172
Number of pages	18
Journal	Computers and Security
Volume	80
DOIs	https://doi.org/10.1016/j.cose.2018.10.003
Publication status	Published - 2019

Subject classification (UKÄ)

Software Engineering

Free keywords

Access control
Network abstractions
North-bound interface
Security
Software-defined networking

Access to Document

10.1016/j.cose.2018.10.003

1 Doctoral Thesis (compilation)

Trust but Verify: Trust Establishment Mechanisms in Infrastructure Clouds
Paladi, N., 2017 Sept 4, 1 ed. Lund: The Department of Electrical and Information Technology. 224 p.
Research output: Thesis › Doctoral Thesis (compilation)

Open Access
File

3 Finished

Sec4Factory: Cyber Security for Next Generation Factory (SEC4FACTORY)
Gehrmann, C. (PI), Kihl, M. (CoPI), Hell, M. (CoI), Fitzgerald, E. (Researcher), Toorani, M. (Researcher), Fitzgerald, E. (Researcher), Tärneberg, W. (Researcher) & Akbarian, F. (Researcher)
Swedish Foundation for Strategic Research, SSF
2018/04/01 → 2024/12/31
Project: Research
SMARTY: Säkra mjukvaruuppdateringar för den smarta staden
Hell, M. (PI), Magnusson, B. (PI), Gehrmann, C. (CoI), Paladi, N. (Researcher), Karlsson, L. (Researcher), Sönnerup, J. (Researcher), Johnsson, B. A. (Researcher), Hedin, G. (Researcher), Nordahl, M. (Researcher), Pagnin, E. (Researcher), Kundu, R. (Researcher), Åkesson, A. (Researcher), Stankovski Wagner, P. (Researcher) & Ramezanian, S. (Researcher)
Swedish Foundation for Strategic Research, SSF
2018/03/01 → 2024/12/31
Project: Research
CloudiFacturing: Cloudification of Production Engineering for Predictive Digital Manufacturing
Gehrmann, C. (PI)
European Commission - Horizon 2020
2017/10/01 → 2021/03/31
Project: Research

Cite this

@article{76ccbd3db3e3477481eef2ce02bc1cd8,

title = "SDN Access Control for the Masses",

abstract = "The evolution of Software-Defined Networking (SDN) has so far been predominantly geared towards defining and refining the abstractions on the forwarding and control planes. However, despite a maturing south-bound interface and a range of proposed network operating systems, the network management application layer is yet to be specified and standardized. It has currently poorly defined access control mechanisms that could be exposed to network applications. Available mechanisms allow only rudimentary control and lack procedures to partition resource access across multiple dimensions. We address this by extending the SDN north-bound interface to provide control over shared resources to key stakeholders of network infrastructure: network providers, operators and application developers. We introduce a taxonomy of SDN access models, describe a comprehensive design for SDN access control and implement the proposed solution as an extension of the ONOS network controller intent framework.",

keywords = "Access control, Network abstractions, North-bound interface, Security, Software-defined networking",

author = "Nicolae Paladi and Christian Gehrmann",

year = "2019",

doi = "10.1016/j.cose.2018.10.003",

language = "English",

volume = "80",

pages = "155--172",

journal = "Computers and Security",

issn = "0167-4048",

publisher = "Elsevier",

}

TY - JOUR

T1 - SDN Access Control for the Masses

AU - Paladi, Nicolae

AU - Gehrmann, Christian

PY - 2019

Y1 - 2019

N2 - The evolution of Software-Defined Networking (SDN) has so far been predominantly geared towards defining and refining the abstractions on the forwarding and control planes. However, despite a maturing south-bound interface and a range of proposed network operating systems, the network management application layer is yet to be specified and standardized. It has currently poorly defined access control mechanisms that could be exposed to network applications. Available mechanisms allow only rudimentary control and lack procedures to partition resource access across multiple dimensions. We address this by extending the SDN north-bound interface to provide control over shared resources to key stakeholders of network infrastructure: network providers, operators and application developers. We introduce a taxonomy of SDN access models, describe a comprehensive design for SDN access control and implement the proposed solution as an extension of the ONOS network controller intent framework.

AB - The evolution of Software-Defined Networking (SDN) has so far been predominantly geared towards defining and refining the abstractions on the forwarding and control planes. However, despite a maturing south-bound interface and a range of proposed network operating systems, the network management application layer is yet to be specified and standardized. It has currently poorly defined access control mechanisms that could be exposed to network applications. Available mechanisms allow only rudimentary control and lack procedures to partition resource access across multiple dimensions. We address this by extending the SDN north-bound interface to provide control over shared resources to key stakeholders of network infrastructure: network providers, operators and application developers. We introduce a taxonomy of SDN access models, describe a comprehensive design for SDN access control and implement the proposed solution as an extension of the ONOS network controller intent framework.

KW - Access control

KW - Network abstractions

KW - North-bound interface

KW - Security

KW - Software-defined networking

U2 - 10.1016/j.cose.2018.10.003

DO - 10.1016/j.cose.2018.10.003

M3 - Article

AN - SCOPUS:85054899526

SN - 0167-4048

VL - 80

SP - 155

EP - 172

JO - Computers and Security

JF - Computers and Security

ER -

SDN Access Control for the Masses

Abstract

Subject classification (UKÄ)

Free keywords

Access to Document

Fingerprint

Research output

Trust but Verify: Trust Establishment Mechanisms in Infrastructure Clouds

Projects

Sec4Factory: Cyber Security for Next Generation Factory (SEC4FACTORY)

SMARTY: Säkra mjukvaruuppdateringar för den smarta staden

CloudiFacturing: Cloudification of Production Engineering for Predictive Digital Manufacturing

Cite this