SDN Access Control for the Masses

Research output: Contribution to journalArticle

Abstract

The evolution of Software-Defined Networking (SDN) has so far been predominantly geared towards defining and refining the abstractions on the forwarding and control planes. However, despite a maturing south-bound interface and a range of proposed network operating systems, the network management application layer is yet to be specified and standardized. It has currently poorly defined access control mechanisms that could be exposed to network applications. Available mechanisms allow only rudimentary control and lack procedures to partition resource access across multiple dimensions. We address this by extending the SDN north-bound interface to provide control over shared resources to key stakeholders of network infrastructure: network providers, operators and application developers. We introduce a taxonomy of SDN access models, describe a comprehensive design for SDN access control and implement the proposed solution as an extension of the ONOS network controller intent framework.

Details

Authors
Organisations
External organisations
  • RISE SICS AB
Research areas and keywords

Subject classification (UKÄ) – MANDATORY

  • Software Engineering

Keywords

  • Access control, Network abstractions, North-bound interface, Security, Software-defined networking
Original languageEnglish
Pages (from-to)155-172
Number of pages18
JournalComputers and Security
Volume80
Publication statusPublished - 2019
Publication categoryResearch
Peer-reviewedYes

Related projects

Christian Gehrmann, Maria Kihl, Martin Hell, Emma Fitzgerald & Mohsen Toorani

Swedish Foundation for Strategic Research, SSF

2018/04/012023/03/31

Project: Other

Christian Gehrmann

European Commission - Horizon 2020

2017/10/012021/03/31

Project: Research

View all (2)