Towards a reliable firewall for software-defined networks. Issue 87 (November 2019)
- Record Type:
- Journal Article
- Title:
- Towards a reliable firewall for software-defined networks. Issue 87 (November 2019)
- Main Title:
- Towards a reliable firewall for software-defined networks
- Authors:
- Hu, Hongxin
Han, Wonkyu
Kyung, Sukwha
Wang, Juan
Ahn, Gail-Joon
Zhao, Ziming
Li, Hongda - Abstract:
- Abstract: Software-Defined Networking (SDN) is an emerging paradigm in networking where network control plane is decoupled from forwarding plane through programmable control. OpenFlow – the most popular SDN platform – introduces significant granularity, visibility and flexibility to networking, but at the same time brings forth new security challenges. One of the fundamental challenges is to build a reliable firewall for protecting OpenFlow networks where network states and traffic are frequently changed. To address this challenge, we introduce FlowMon, an OpenFlow-based firewall, to support network-wide access control by facilitating not only accurate violation detection but also effective violation resolution in dynamic OpenFlow networks. FlowMon detects firewall policy violations by checking flow path space against firewall authorization space when a flow entry or firewall rule is inserted, modified, or deleted. In particular, FlowMon conducts automatic and real-time violation resolutions with the help of several innovative resolution strategies applied to diverse network update situations. We also implement a prototype of FlowMon in Floodlight. Our experimental results demonstrate FlowMon effectively addresses violations in a real-world network topology, and produces manageable performance overhead with effective violation detection and resolution.
- Is Part Of:
- Computers & security. Issue 87(2019)
- Journal:
- Computers & security
- Issue:
- Issue 87(2019)
- Issue Display:
- Volume 87, Issue 87 (2019)
- Year:
- 2019
- Volume:
- 87
- Issue:
- 87
- Issue Sort Value:
- 2019-0087-0087-0000
- Page Start:
- Page End:
- Publication Date:
- 2019-11
- Subjects:
- Firewalls -- Policy violation -- Software-Defined networking -- Openflow -- Network security
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2019.101597 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 16313.xml