Design and implementation of a framework for software-defined middlebox networking

Gember, Aaron; Grandl, Robert; Khalid, Junaid

doi:10.1145/2486001.2491686

Cited by 20 publications

(9 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A quantity of existing access control implementations, including SELinux, Domain, and Type Enforcement (DTE) and Linux Intrusion Detection System (LIDS) has already been adapted to use the LSM framework. [22][23][24] uses stratification ideas to separate data and control. The control layer mainly includes a logiccentric and programmable controller so that it can grasp the global network information and it is convenient for operators and researchers to manage network configurations and the deployment of new protocols.…”

Section: Blpmentioning

confidence: 99%

Task‐Oriented Multilevel Cooperative Access Control Scheme for Environment with Virtualization and IoT

Dong

Zhu

Song

et al. 2018

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

With the development of cloud computing technology and the proliferation of the Internet of Things (IoT) terminals, more and more scenes need the collaboration of virtual machines and IoT terminals to resolve. However, there are many severe challenges on the security of virtual machines and IoT terminals. Based on Bell-LaPadula Model (BLP), a task-oriented multilevel cooperative access control scheme virtualization and reality BLP, named VR-BLP, is proposed. Specifically, tasks are created for each user of the platform and tasks and users are divided into multiple levels to provide more granularities to limit access between virtual machines and IoT terminals. Moreover, with network isolation cooperating with process isolation and shared memory isolation mechanisms, VR-BLP is implemented to enhance the security isolations between tasks. Performance evaluations show that VR-BLP enhanced the security of environment with virtualization and IoT without causing significant performance penalty.

show abstract

Section: Blpmentioning

confidence: 99%

Task‐Oriented Multilevel Cooperative Access Control Scheme for Environment with Virtualization and IoT

Dong

Zhu

Song

et al. 2018

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

show abstract

“…In this part, we consider the works [126][127][128][129] which leverage SDN into the set of middleboxes placed behind the SGi-LAN of the mobile network. StEERING [126] relied on the SDN concept to route the traffic through a series of middleboxes.…”

Section: Service Function Chainingmentioning

confidence: 99%

“…StEERING allows steering different types of traffic through a sequence of desired middleboxes according to per-subscriber and per-application policies. Gember et al [127,128] introduced the concept of software defined middlebox networking to address some challenges in traditional middlebox networks, such as complex management, middlebox scaling. OpenNF [129] is a control plane architecture that allows quick and safe flows' allocation across virtual middlebox instances by combining NFV and SDN concepts.…”

Section: Service Function Chainingmentioning

confidence: 99%

SDN and Virtualization-Based LTE Mobile Network Architectures: A Comprehensive Survey

Nguyen

Kim

2015

Wireless Pers Commun

104

View full text Add to dashboard Cite

Software-defined networking (SDN) features the decoupling of the control plane and data plane, a programmable network and virtualization, which enables network infrastructure sharing and the ''softwarization'' of the network functions. Recently, many research works have tried to redesign the traditional mobile network using two of these concepts in order to deal with the challenges faced by mobile operators, such as the rapid growth of mobile traffic and new services. In this paper, we first provide an overview of SDN, network virtualization, and network function virtualization, and then describe the current LTE mobile network architecture as well as its challenges and issues. By analyzing and categorizing a wide range of the latest research works on SDN and virtualization in LTE mobile networks, we present a general architecture for SDN and virtualization in mobile networks (called SDVMN) and then propose a hierarchical taxonomy based on the different levels of the carrier network. We also present an in-depth analysis about changes related to protocol operation and architecture when adopting SDN and virtualization in mobile networks. In addition, we list specific use cases and applications that benefit from SDVMN. Last but not least, we discuss the open issues and future research directions of SDVMN.

show abstract

“…In order to overcome these difficulties, more and more specific middleboxes [7] (e.g., firewall, network monitor, DPI detector) have been added in the network to guarantee the performance and resist the external attacks.…”

Section: Introductionmentioning

confidence: 99%

DEFINE: A Service-Oriented Dynamically Enabling Function Model

2017

View full text Add to dashboard Cite

Abstract. With the rapid expansion of network scale and the continuous evolution of network applications, the Internet becomes much more open and uncontrollable, and inevitably faces a variety of security threats. In order to satisfy the requirements of the current Internet security and transmission performance, the general solution is increasing specific devices (e.g., firewalls, network monitors) to detect and defend against attacks. However, these devices typically use a dedicated hardware-based or software-based architecture which is closed, leading to limited scalability, management complexity. And deploying a new application needs to develop new equipment, which take a long development cycle and costs a lot.In this paper, we introduce an innovative Dynamically Enable Function In Network Equipment (DEFINE) to allow tenant get the network service quickly. First, DEFINE decouples an application into different functional components, and connects these function components in a reconfigurable method. Second, DEFINE provides a programmable interface to the third party, who can develop their own processing modules according to their own needs. To verify the effectiveness of this model, we set up an evaluating network with a FPGA-based OpenFlow switch prototype, and deployed several applications on it. Our results show that DEFINE has excellent flexibility and performance.

show abstract

Design and implementation of a framework for software-defined middlebox networking

Cited by 20 publications

References 7 publications

Task‐Oriented Multilevel Cooperative Access Control Scheme for Environment with Virtualization and IoT

Task‐Oriented Multilevel Cooperative Access Control Scheme for Environment with Virtualization and IoT

SDN and Virtualization-Based LTE Mobile Network Architectures: A Comprehensive Survey

DEFINE: A Service-Oriented Dynamically Enabling Function Model

Contact Info

Product

Resources

About