Visible to the public PSA: An Architecture for Proactively Securing Protocol-Oblivious SDN Networks

TitlePSA: An Architecture for Proactively Securing Protocol-Oblivious SDN Networks
Publication TypeConference Paper
Year of Publication2019
AuthorsMei, Lei, Tong, Haojie, Liu, Tong, Tian, Ye
Conference Name2019 IEEE 9th International Conference on Electronics Information and Emergency Communication (ICEIEC)
ISBN Number978-1-7281-1190-2
KeywordsBandwidth, Business, business logic, Computer architecture, computer network security, control systems, data-to-control plane saturation attack, Optical fibers, proactive security, proactive security framework PSA, proactive security layer, proactively securing protocol-oblivious SDN networks, protocol-oblivious forwarding (POF), Protocols, pubcrawl, resilience, Resiliency, Scalability, SDN infrastructure, SDN security, security, security defense application, security defense function, software defined networking, software-defined network, software-defined network (SDN), telecommunication control, unified security defense framework

Up to now, Software-defined network (SDN) has been developing for many years and various controller implementations have appeared. Most of these controllers contain the normal business logic as well as security defense function. This makes the business logic on the controller tightly coupled with the security function, which increases the burden of the controller and is not conducive to the evolution of the controller. To address this problem, we propose a proactive security framework PSA, which decouples the business logic and security function of the controller, and deploys the security function in the proactive security layer which lies between the data plane and the control plane, so as to provide a unified security defense framework for different controller implementations. Based on PSA, we design a security defense application for the data-to-control plane saturation attack, which overloads the infrastructure of SDN networks. We evaluate the prototype implementation of PSA in the software environments. The results show that PSA is effective with adding only minor overhead into the entire SDN infrastructure.

Citation Keymei_psa_2019