FlowNAC: Flow-based Network Access Control

Matias, Jon; Garay, Jokin; Mendiola, Alaitz; Toledo, Nerea; Jacob, Eduardo

doi:10.1109/ewsdn.2014.39

Cited by 50 publications

(21 citation statements)

References 5 publications

(5 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Most take advantage of SDN for improving services required to secure systems and networks, such as policy enforcement (e.g., access control, firewalling, middleboxes as middlepipes [27]) [100], [326], [335], [324], [27], DoS attacks detection and mitigation [323], [334], random host mutation [324] (i.e., randomly and frequently mutate the IP addresses of end-hosts to break the attackers' assumption about static IPs, which is the common case) [329], monitoring of cloud infrastructures for finegrained security inspections (i.e., automatically analyze and detour suspected traffic to be further inspected by specialized network security appliances, such as deep packet inspection systems) [321], traffic anomaly detection [352], [323], [334], fine-grained flow-based network access control [325], fine-grained policy enforcement for personal mobile applica-tions [327] and so forth [100], [326], [323], [329], [321], [324], [335], [352]. Others address OpenFlow-based networks issues, such as flow rule prioritization, security services composition, protection against traffic overload, and protection against malicious administrators [201], [258], [320], [328], [199].…”

Section: Security and Dependabilitymentioning

confidence: 99%

Software-Defined Networking: A Comprehensive Survey

et al. 2015

View full text Add to dashboard Cite

Abstract-The Internet has led to the creation of a digital society, where (almost) everything is connected and is accessible from anywhere. However, despite their widespread adoption, traditional IP networks are complex and very hard to manage. It is both difficult to configure the network according to predefined policies, and to reconfigure it to respond to faults, load and changes. To make matters even more difficult, current networks are also vertically integrated: the control and data planes are bundled together. Software-Defined Networking (SDN) is an emerging paradigm that promises to change this state of affairs, by breaking vertical integration, separating the network's control logic from the underlying routers and switches, promoting (logical) centralization of network control, and introducing the ability to program the network. The separation of concerns introduced between the definition of network policies, their implementation in switching hardware, and the forwarding of traffic, is key to the desired flexibility: by breaking the network control problem into tractable pieces, SDN makes it easier to create and introduce new abstractions in networking, simplifying network management and facilitating network evolution.In this paper we present a comprehensive survey on SDN. We start by introducing the motivation for SDN, explain its main concepts and how it differs from traditional networking, its roots, and the standardization activities regarding this novel paradigm. Next, we present the key building blocks of an SDN infrastructure using a bottom-up, layered approach. We provide an in-depth analysis of the hardware infrastructure, southbound and northbound APIs, network virtualization layers, network operating systems (SDN controllers), network programming languages, and network applications. We also look at cross-layer problems such as debugging and troubleshooting. In an effort to anticipate the future evolution of this new paradigm, we discuss the main ongoing research efforts and challenges of SDN. In particular, we address the design of switches and control platforms -with a focus on aspects such as resiliency, scalability, performance, security and dependability -as well as new opportunities for carrier transport networks and cloud providers. Last but not least, we analyze the position of SDN as a key enabler of a software-defined environment.

show abstract

Section: Security and Dependabilitymentioning

confidence: 99%

Software-Defined Networking: A Comprehensive Survey

et al. 2015

View full text Add to dashboard Cite

show abstract

“…OpenFlow-based framework named OpenSec, which helps maintain pre-defined security policies, i.e., guiding how it responds when malicious events are identified. Matias et al [26] designed FlowNAC to authenticate participants and service-level access control according to the flow status. • DoS defend.…”

Section: Defence and Solutionsmentioning

confidence: 99%

Towards Blockchain-Based Software-Defined Networking: Security Challenges and Solutions

Meng

Liu

et al. 2020

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

Software-Defined Networking (SDN) enables flexible deployment and innovation of new networking applications by decoupling and abstracting the control and data planes. It has radically changed the concept and way of building and managing networked systems, and reduced the barriers to entry for new players in the service markets. It is considered to be a promising solution providing the scale and versatility necessary for IoT. However, SDN may also face many challenges, i.e., the centralized control plane would be a single point of failure. With the advent of blockchain technology, blockchain-based SDN has become an emerging architecture for securing a distributed network environment. Motivated by this, in this work, we summarize the generic framework of blockchainbased SDN, discuss security challenges and relevant solutions, and provide insights on the future development in this field.

show abstract

“…General SDN Security. Various security issues related to the SDN have been studied previously [1,[31][32][33][34]. Kreutz et al [6] presented new threat vectors of the SDN that were not present in traditional networks.…”

Section: Related Workmentioning

confidence: 99%

A Framework for Real-Time Intrusion Response in Software Defined Networking Using Precomputed Graphical Security Models

Eom

Hong

et al. 2020

Security and Communication Networks

View full text Add to dashboard Cite

Software defined networking (SDN) has been adopted in many application domains as it provides functionalities to dynamically control the network flow more robust and more economical compared to the traditional networks. In order to strengthen the security of the SDN against cyber attacks, many security solutions have been proposed. However, those solutions need to be compared in order to optimize the security of the SDN. To assess and evaluate the security of the SDN systematically, one can use graphical security models (e.g., attack graphs and attack trees). However, it is difficult to provide defense against an attack in real time due to their high computational complexity. In this paper, we propose a real-time intrusion response in SDN using precomputation to estimate the likelihood of future attack paths from an ongoing attack. We also take into account various SDN components to conduct a security assessment, which were not available when addressing only the components of an existing network. Our experimental analysis shows that we are able to estimate possible attack paths of an ongoing attack to mitigate it in real time, as well as showing the security metrics that depend on the flow table, including the SDN component. Hence, the proposed approach can be used to provide effective real-time mitigation solutions for securing SDN.

show abstract

FlowNAC: Flow-based Network Access Control

Cited by 50 publications

References 5 publications

Software-Defined Networking: A Comprehensive Survey

Software-Defined Networking: A Comprehensive Survey

Towards Blockchain-Based Software-Defined Networking: Security Challenges and Solutions

A Framework for Real-Time Intrusion Response in Software Defined Networking Using Precomputed Graphical Security Models

Contact Info

Product

Resources

About