A Secure Northbound Interface for SDN Applications

被引：31

作者：

Banse, Christian ^{[1
]}

Rangarajan, Sathyanarayanan ^{[1
]}

机构：

[1] Fraunhofer AISEC, Garching, Germany

来源：

2015 IEEE TRUSTCOM/BIGDATASE/ISPA, VOL 1 | 2015年

关键词：

Software; Defined Networking; SDN; network security; northbound interface; trust;

D O I：

10.1109/Trustcom.2015.454

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

Software-Defined Networking (SDN) promises to introduce flexibility and programmability into networks by offering a northbound interface (NBI) for developers to create SDN applications. However, current designs and implementations have several drawbacks, including the lack of extended security features. In this paper, we present a secure northbound interface, through which an SDN controller can offer network resources, such as statistics, flow information or topology data, via a REST-like API to registered SDN applications. A trust manager ensures that only authenticated and trusted applications can utilize the interface. Furthermore, a permission system allows for fine-grained authorization and access control to the aforementioned resources. We present a prototypical implementation of our interface and developed example applications using our interface, including an SDN management dashboard.

引用

页码：834 / 839

页数：6

共 15 条

[1]

[Anonymous], 2008, 5280 RFC INT ENG TAS

[2]

[Anonymous], 2009, TECH REP

[3]

[Anonymous], 2012, Tech. Rep

[4]

[Anonymous], 2014, Tech. Rep

[5]

[Anonymous], 2002, ACM Transactions on Internet Technology, DOI [10.1145/514183.514185, DOI 10.1145/514183.514185]

[6]

[Anonymous], 2013, SSRN, DOI [DOI 10.2139/SSRN.2304426, 10.2139/ssrn.2304426]

[7]

Dierks T., 2008, RFC 5246 PROPOSED ST

[8]

DIFFIE W, 1992, AUTHENTICATION AUTHE

[9]

Popov A., 2015, RFC 7465

[10]

Porras P., 2012, Proceedings of the first workshop on Hot topics in software defined networks, ACM, P121, DOI [10.1145/2342441.2342466, DOI 10.1145/2342441.2342466]

← 1 2 →