A trust management framework for Software Defined Network (SDN) controller and network applications

The use of network applications to manage network operations by the controller in SDN architecture introduces a threat that makes the controller to be susceptible to several network attacks. This is possible because the network applications operate without any access control mechanism that authenticates or dictates what operations they can execute in the network. This consequently makes the network applications to take advantage of their ability to manipulate, change or modify network state to compromise network operations and resources. In order to address this problem this paper introduces a token-based authentication method that enables the controller to authenticate the various network applications. The application of this method builds an access permission zone where only legitimate network applications with the correct token credentials can have access to the network prior to implementing any network changes. This paper contributes in providing an authorisation method Boolean Access Matrix that enforces permission constraints on what the network applications can access or execute within the network. The authorisation method helps limits the unprecedented access the network applications have over the control layer resources, core services and the network operations. The paper introduces a novel method of evaluating the trust between the controller and the network application based on Subjective Logic Reasoning (SLR) which is a belief learning model. SLR is an advanced learning algorithm that is derived from Probability Calculus and Statistics. Experiments demonstrate the efficiency and scalability of the proposed algorithms in a large scale test environment.