A Trust Management Framework for Software Defined Network (SDN) Controller and Network Applications

Lawal Aliyu, Aliyu and Aneiba, Adel and Patwary, Mohammad and Bull, Peter (2020) A Trust Management Framework for Software Defined Network (SDN) Controller and Network Applications. Computer Networks, 181. p. 107421. ISSN 1389-1286

[img]
Preview
Text
A Trust Management Framework for SDN.pdf - Accepted Version
Available under License Creative Commons Attribution Non-commercial No Derivatives.

Download (1MB)

Abstract

The use of network applications to manage network operations by the controller in SDN architecture introduces a threat that makes the controller to be susceptible to several network attacks. This is possible because the network applications operate without any access control mechanism that authenticates or dictates what operations they can execute in the network. This consequently makes the network applications to take advantage of their ability to manipulate, change or modify network state to compromise network operations and resources. In order to address this problem this paper introduces a token-based authentication method that enables the controller to authenticate the various network applications. The application of this method builds an access permission zone where only legitimate network applications with the correct token credentials can have access to the network prior to implementing any network changes. This paper contributes in providing an authorisation method Boolean Access Matrix that enforces permission constraints on what the network applications can access or execute within the network. The authorisation method helps limits the unprecedented access the network applications have over the control layer resources, core services and the network operations. The paper introduces a novel method of evaluating the trust between the controller and the network application based on Subjective Logic Reasoning (SLR) which is a belief learning model. SLR is an advanced learning algorithm that is derived from Probability Calculus and Statistics. Experiments demonstrate the efficiency and scalability of the proposed algorithms in a large scale test environment.

Item Type: Article
Identification Number: https://doi.org/10.1016/j.comnet.2020.107421
Dates:
DateEvent
8 July 2020Accepted
17 July 2020Published Online
Uncontrolled Keywords: SDN, Trust, Authentication, Authorisation, Security
Subjects: CAH11 - computing > CAH11-01 - computing > CAH11-01-01 - computer science
Divisions: Faculty of Computing, Engineering and the Built Environment > School of Computing and Digital Technology
Depositing User: Adel Aneiba
Date Deposited: 15 Jul 2020 11:24
Last Modified: 22 Mar 2023 12:01
URI: https://www.open-access.bcu.ac.uk/id/eprint/9542

Actions (login required)

View Item View Item

Research

In this section...