Rosemary: A Robust, Secure, and High-performance Network Operating System

@article{Shin2014RosemaryAR,
  title={Rosemary: A Robust, Secure, and High-performance Network Operating System},
  author={Seungwon Shin and YongJoo Song and Taekyung Lee and Sangho Lee and Jaewoong Chung and Phillip A. Porras and Vinod Yegneswaran and Jiseong Noh and Brent Byunghoon Kang},
  journal={Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security},
  year={2014}
}
Within the hierarchy of the Software Defined Network (SDN) network stack, the control layer operates as the critical middleware facilitator of interactions between the data plane and the network applications, which govern flow routing decisions. In the OpenFlow implementation of the SDN model, the control layer, commonly referred to as a network operating system (NOS), has been realized by a range of competing implementations that offer various performance and functionality advantages… Expand
RoSCo: Robust Updates for Software-Defined Networks
TLDR
A robust SDN controller protocol (RoSCo) is presented which implements a protocol with provably linearizable semantics for applying network policies that is resilient against faulty/malicious control devices as long as a correct majority exists and a modification to the protocol that improves performance by relaxing the guarantees of linearizability to exploit commutativity among updates. Expand
On network operating system security
TLDR
A sandbox system is proposed, which allows not only SDN applications but also internal NOS components to access only a configurable set of critical operations, and enables operators to prevent the entire NOS from crashing in case a single SDN application or NOS component runs into a fatal error. Expand
Securing the Software Defined Network Control Layer
TLDR
This work proposes the design of security extensions at the control layer to provide the security management and arbitration of conflicting flow rules that arise when multiple applications are deployed within the same network. Expand
Repoxy: Replication Proxy for Trustworthy SDN Controller Operation
  • M. Azab, Ahmed Hamdy, Ahmed Mansour
  • Computer Science
  • 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)
  • 2018
TLDR
Repoxy presents a novel SDN-controller intrusion detection system to detect any malicious manipulations to the controller software and enables elasticity and high-availability for SDN controllers by facilitating southbound-oblivious seamless multi-controller replication, and handover for same network traffic. Expand
Vulnerabilities of network OS and mitigation with state-based permission system
TLDR
A permission-based malicious network application detector was introduced, which examines the permission set of each application and prevents it from executing without permission and shows almost no performance overhead. Expand
SENAD: Securing Network Application Deployment in Software Defined Networks
TLDR
This approach can easily shield against any deny of service, caused for instance by the resource exhaustion attack or the malicious command injection, that is caused by the co-existence of a malicious application on the controller's runtime. Expand
Stateful Distributed Firewall as a Service in SDN
  • A. Zeineddine, W. El-Hajj
  • Computer Science
  • 2018 4th IEEE Conference on Network Softwarization and Workshops (NetSoft)
  • 2018
TLDR
This paper proposes the framework, SDFS, which optimizes a distributed stateful application in the data-plane to transform the SDN network into one big firewall, with inherent fault-tolerance mechanisms that eliminate the need for immediate controller intervention even in cases of network failure or attacks. Expand
A Survey on Fault Management in Software-Defined Networks
TLDR
An overview of fault management in SDN is presented, showing how different fault management threat vectors are introduced by each layer, as well as by the interface between layers. Expand
Attacking Network Isolation in Software-Defined Networks: New Attacks and Countermeasures
TLDR
This work demonstrates a novel network isolation attack in SDN networks, called Network Harvesting, and presents a defense, SpoofDefender, that prevents network isolation attacks or other spoofing attacks by leveraging SDN's data and control plane separation, global network view, and programmatic control of the network, while building upon IEEE 802.1x and encryption. Expand
Performance analysis of software defined network controller architecture—A simulation based survey
TLDR
A number of technologies, models and tools are reported to evaluate the performance metrics of SDN controllers along with simulation results, and the working procedure of various controllers like NOX, NOX-MT, POX, Rosemary, FloodLight, OpenDayLight, Beacon, Maestro are states. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 54 REFERENCES
AVANT-GUARD: scalable and vigilant switch flow management in software-defined networks
TLDR
This paper introduces an extension to the OpenFlow data plane called "connection migration", which dramatically reduces the amount of data-to-control-plane interactions that arise during attacks, and introduces "actuating triggers" over the data plane's existing statistics collection services. Expand
Towards secure and dependable software-defined networks
TLDR
This paper describes several threat vectors that may enable the exploit of SDN vulnerabilities and sketches the design of a secure and dependable SDN control platform as a materialization of the concept here advocated. Expand
A security enforcement kernel for OpenFlow networks
TLDR
This work introduces FortNOX, a software extension that provides role-based authorization and security constraint enforcement for the NOX OpenFlow controller that enables NOX to check flow rule contradictions in real time, and implements a novel analysis algorithm that is robust even in cases where an adversarial OF application attempts to strategically insert flow rules that would otherwise circumvent flow rules imposed by OF security applications. Expand
Applying operating system principles to SDN controller design
TLDR
This paper introduces yanc, a controller platform for software-defined networks which exposes the network configuration and state as a file system, enabling user and system applications to interact through standard file I/O, and to easily take advantage of the tools available on the host operating system. Expand
NOX: towards an operating system for networks
As anyone who has operated a large network can attest, enterprise networks are difficult to manage. That they have remained so despite significant commercial and academic efforts suggests the needExpand
DevoFlow: scaling flow management for high-performance networks
OpenFlow is a great concept, but its original design imposes excessive overheads. It can simplify network and traffic management in enterprise and data center environments, because it enablesExpand
Kandoo: a framework for efficient and scalable offloading of control applications
TLDR
Kandoo is proposed, a framework for preserving scalability without changing switches that enables network operators to replicate local controllers on demand and relieve the load on the top layer, which is the only potential bottleneck in terms of scalability. Expand
A NICE Way to Test OpenFlow Applications
TLDR
This paper proposes a novel way to augment model checking with symbolic execution of event handlers (to identify representative packets that exercise code paths on the controller) and presents a simplified OpenFlow switch model (to reduce the state space), and effective strategies for generating event interleavings likely to uncover bugs. Expand
HyperFlow: A Distributed Control Plane for OpenFlow
TLDR
HyperFlow is logically centralized but physically distributed: it provides scalability while keeping the benefits of network control centralization, and enables interconnecting independently managed OpenFlow networks, an essential feature missing in current OpenFlow deployments. Expand
Onix: A Distributed Control Platform for Large-scale Production Networks
TLDR
Onix provides a general API for control plane implementations, while allowing them to make their own trade-offs among consistency, durability, and scalability. Expand
...
1
2
3
4
5
...