SDN Access Control for the Masses

Research output: Contribution to journalArticlepeer-review

Abstract

The evolution of Software-Defined Networking (SDN) has so far been predominantly geared towards defining and refining the abstractions on the forwarding and control planes. However, despite a maturing south-bound interface and a range of proposed network operating systems, the network management application layer is yet to be specified and standardized. It has currently poorly defined access control mechanisms that could be exposed to network applications. Available mechanisms allow only rudimentary control and lack procedures to partition resource access across multiple dimensions. We address this by extending the SDN north-bound interface to provide control over shared resources to key stakeholders of network infrastructure: network providers, operators and application developers. We introduce a taxonomy of SDN access models, describe a comprehensive design for SDN access control and implement the proposed solution as an extension of the ONOS network controller intent framework.

Original languageEnglish
Pages (from-to)155-172
Number of pages18
JournalComputers and Security
Volume80
DOIs
Publication statusPublished - 2019

Subject classification (UKÄ)

  • Software Engineering

Keywords

  • Access control
  • Network abstractions
  • North-bound interface
  • Security
  • Software-defined networking

Fingerprint

Dive into the research topics of 'SDN Access Control for the Masses'. Together they form a unique fingerprint.

Cite this