SDN Access Control for the Masses

    Research output: Contribution to journalArticlepeer-review

    Abstract

    The evolution of Software-Defined Networking (SDN) has so far been predominantly geared towards defining and refining the abstractions on the forwarding and control planes. However, despite a maturing south-bound interface and a range of proposed network operating systems, the network management application layer is yet to be specified and standardized. It has currently poorly defined access control mechanisms that could be exposed to network applications. Available mechanisms allow only rudimentary control and lack procedures to partition resource access across multiple dimensions. We address this by extending the SDN north-bound interface to provide control over shared resources to key stakeholders of network infrastructure: network providers, operators and application developers. We introduce a taxonomy of SDN access models, describe a comprehensive design for SDN access control and implement the proposed solution as an extension of the ONOS network controller intent framework.

    Original languageEnglish
    Pages (from-to)155-172
    Number of pages18
    JournalComputers and Security
    Volume80
    DOIs
    Publication statusPublished - 2019

    Subject classification (UKÄ)

    • Software Engineering

    Free keywords

    • Access control
    • Network abstractions
    • North-bound interface
    • Security
    • Software-defined networking

    Fingerprint

    Dive into the research topics of 'SDN Access Control for the Masses'. Together they form a unique fingerprint.

    Cite this