SDN Access Control for the Masses
2019 (English)In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 80, p. 155-172Article in journal (Refereed) Published
Abstract [en]
The evolution of Software-Defined Networking (SDN) has so far been predominantly geared towards defining and refining the abstractions on the forwarding and control planes. However, despite a maturing south-bound interface and a range of proposed network operating systems, the network management application layer is yet to be specified and standardized. It has currently poorly defined access control mechanisms that could be exposed to network applications. Available mechanisms allow only rudimentary control and lack procedures to partition resource access across multiple dimensions. We address this by extending the SDN north-bound interface to provide control over shared resources to key stakeholders of network infrastructure: network providers, operators and application developers. We introduce a taxonomy of SDN access models, describe a comprehensive design for SDN access control and implement the proposed solution as an extension of the ONOS network controller intent framework.
Place, publisher, year, edition, pages
Elsevier Ltd , 2019. Vol. 80, p. 155-172
Keywords [en]
Access control, Network abstractions, North-bound interface, Security, Software-defined networking, Abstracting, Flight control systems, Network layers, Software defined networking, Access control mechanism, Application developers, Management applications, Network infrastructure, Network operating system, Software defined networking (SDN)
National Category
Natural Sciences
Identifiers
URN: urn:nbn:se:ri:diva-35566DOI: 10.1016/j.cose.2018.10.003Scopus ID: 2-s2.0-85054899526OAI: oai:DiVA.org:ri-35566DiVA, id: diva2:1261034
Note
Funding details: 731574; Funding text: The research was conducted within the COLA project and received funding from the European Union’s Horizon 2020 research and innovation programme under grant No 731574.
2018-11-062018-11-062018-11-06Bibliographically approved