A Novel Secure and Efficient Policy Management Framework for Software Defined Network

Software Defined Network (SDN) paradigm provides a flexible execution platform for running different Network Control and Management Functions (NF). This provides scope for efficient management and control of traffic flows in the network. The network functions heavily rely on heterogeneous and complex network policies. These network policies can be defined by different administrators and configured (pushed to the controller) through distributed Network Application and Management Servers. Thus, efficient management and correct enforcement of network policies is an important, but a challenging problem. Our proposed policy management framework ensures, the policies are enforced by certified servers as well as focuses on detecting and resolving the potential conflicts among the heterogeneous policy rules. In addition, it maintains consistency between the flow table rules and the on-demand changes in policy rules in the application layer. Our proposed framework comprises of three novel network control functions namely, Trust Verify, Policy Conflict Resolve and Policy Consistency Check. These functions combinedly ensure security, correctness and adaptability with the dynamic on-demand changes in heterogeneous policy rules in an SDN environment. We demonstrate our framework with an extended case study of an SDN-based enterprise network.