StateFit: A security framework for SDN programmable data plane model

Ren Hung Hwang; Van Linh Nguyen; Po Ching Lin

doi:10.1109/I-SPAN.2018.00035

StateFit: A security framework for SDN programmable data plane model

Ren Hung Hwang, Van Linh Nguyen, Po Ching Lin

智慧計算與科技研究所

研究成果: Conference contribution › 同行評審

6 引文斯高帕斯（Scopus）

摘要

The programmable data plane model of software-defined networks (SDN) continues to gain adoption and support in many enterprise entities such as Google and Barefoot. This leading trend promises to enable flexible mechanisms for handling traffic on SDN switches. In the early stage of its development, few already-in-market proposals exploit the innovative features of a programmable data plane model to provide smart filters on the SDN switches against attack traffic if any. In this work, we therefore propose a security framework, so-called StateFit, which can flexibly filter attack traffic at the SDN programmable switches (data plane). The goal of StateFit is to reduce the latency and the signaling overhead that come along with the centralized architecture of SDN controllers and further provide innovative features for localized security services such as stateful monitoring. The experiment shows that our system is able to not only detect and prevent the attack traffic but also flexibly update the filtering policies and even the whole traffic interpreter onto the connected programmable switches. Following this approach, we believe that the vision of on-demand security services may come true soon.

原文	English
主出版物標題	Proceedings - 2018 15th International Symposium on Pervasive Systems, Algorithms and Networks, I-SPAN 2018
發行者	Institute of Electrical and Electronics Engineers Inc.
頁面	168-173
頁數	6
ISBN（電子）	9781538685341
DOIs	https://doi.org/10.1109/I-SPAN.2018.00035
出版狀態	Published - 5 2月 2019
事件	15th International Symposium on Pervasive Systems, Algorithms and Networks, I-SPAN 2018 - Yichang, China 持續時間: 16 10月 2018 → 18 10月 2018

出版系列

名字	Proceedings - 2018 15th International Symposium on Pervasive Systems, Algorithms and Networks, I-SPAN 2018

Conference

Conference	15th International Symposium on Pervasive Systems, Algorithms and Networks, I-SPAN 2018
國家/地區	China
城市	Yichang
期間	16/10/18 → 18/10/18

存取文件

10.1109/I-SPAN.2018.00035

其它文件與鏈接

Link to publication in Scopus

引用此

Hwang, R. H., Nguyen, V. L., & Lin, P. C. (2019). StateFit: A security framework for SDN programmable data plane model. 於 Proceedings - 2018 15th International Symposium on Pervasive Systems, Algorithms and Networks, I-SPAN 2018 (頁 168-173). [8636318] (Proceedings - 2018 15th International Symposium on Pervasive Systems, Algorithms and Networks, I-SPAN 2018). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/I-SPAN.2018.00035

Hwang, Ren Hung ; Nguyen, Van Linh ; Lin, Po Ching. / StateFit : A security framework for SDN programmable data plane model. Proceedings - 2018 15th International Symposium on Pervasive Systems, Algorithms and Networks, I-SPAN 2018. Institute of Electrical and Electronics Engineers Inc., 2019. 頁 168-173 (Proceedings - 2018 15th International Symposium on Pervasive Systems, Algorithms and Networks, I-SPAN 2018).

@inproceedings{463a8781678649ec9530019dfbd410bc,

title = "StateFit: A security framework for SDN programmable data plane model",

abstract = "The programmable data plane model of software-defined networks (SDN) continues to gain adoption and support in many enterprise entities such as Google and Barefoot. This leading trend promises to enable flexible mechanisms for handling traffic on SDN switches. In the early stage of its development, few already-in-market proposals exploit the innovative features of a programmable data plane model to provide smart filters on the SDN switches against attack traffic if any. In this work, we therefore propose a security framework, so-called StateFit, which can flexibly filter attack traffic at the SDN programmable switches (data plane). The goal of StateFit is to reduce the latency and the signaling overhead that come along with the centralized architecture of SDN controllers and further provide innovative features for localized security services such as stateful monitoring. The experiment shows that our system is able to not only detect and prevent the attack traffic but also flexibly update the filtering policies and even the whole traffic interpreter onto the connected programmable switches. Following this approach, we believe that the vision of on-demand security services may come true soon.",

keywords = "ONOS network operating system, P4 programmable language, SDN data plane stateful security, Software-defined network",

author = "Hwang, {Ren Hung} and Nguyen, {Van Linh} and Lin, {Po Ching}",

note = "Publisher Copyright: {\textcopyright} 2018 IEEE.; null ; Conference date: 16-10-2018 Through 18-10-2018",

year = "2019",

month = feb,

day = "5",

doi = "10.1109/I-SPAN.2018.00035",

language = "English",

series = "Proceedings - 2018 15th International Symposium on Pervasive Systems, Algorithms and Networks, I-SPAN 2018",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "168--173",

booktitle = "Proceedings - 2018 15th International Symposium on Pervasive Systems, Algorithms and Networks, I-SPAN 2018",

address = "United States",

}

Hwang, RH, Nguyen, VL & Lin, PC 2019, StateFit: A security framework for SDN programmable data plane model. 於 Proceedings - 2018 15th International Symposium on Pervasive Systems, Algorithms and Networks, I-SPAN 2018., 8636318, Proceedings - 2018 15th International Symposium on Pervasive Systems, Algorithms and Networks, I-SPAN 2018, Institute of Electrical and Electronics Engineers Inc., 頁 168-173, 15th International Symposium on Pervasive Systems, Algorithms and Networks, I-SPAN 2018, Yichang, China, 16/10/18. https://doi.org/10.1109/I-SPAN.2018.00035

StateFit : A security framework for SDN programmable data plane model. / Hwang, Ren Hung; Nguyen, Van Linh; Lin, Po Ching.

Proceedings - 2018 15th International Symposium on Pervasive Systems, Algorithms and Networks, I-SPAN 2018. Institute of Electrical and Electronics Engineers Inc., 2019. p. 168-173 8636318 (Proceedings - 2018 15th International Symposium on Pervasive Systems, Algorithms and Networks, I-SPAN 2018).

研究成果: Conference contribution › 同行評審

TY - GEN

T1 - StateFit

AU - Hwang, Ren Hung

AU - Nguyen, Van Linh

AU - Lin, Po Ching

PY - 2019/2/5

Y1 - 2019/2/5

N2 - The programmable data plane model of software-defined networks (SDN) continues to gain adoption and support in many enterprise entities such as Google and Barefoot. This leading trend promises to enable flexible mechanisms for handling traffic on SDN switches. In the early stage of its development, few already-in-market proposals exploit the innovative features of a programmable data plane model to provide smart filters on the SDN switches against attack traffic if any. In this work, we therefore propose a security framework, so-called StateFit, which can flexibly filter attack traffic at the SDN programmable switches (data plane). The goal of StateFit is to reduce the latency and the signaling overhead that come along with the centralized architecture of SDN controllers and further provide innovative features for localized security services such as stateful monitoring. The experiment shows that our system is able to not only detect and prevent the attack traffic but also flexibly update the filtering policies and even the whole traffic interpreter onto the connected programmable switches. Following this approach, we believe that the vision of on-demand security services may come true soon.

AB - The programmable data plane model of software-defined networks (SDN) continues to gain adoption and support in many enterprise entities such as Google and Barefoot. This leading trend promises to enable flexible mechanisms for handling traffic on SDN switches. In the early stage of its development, few already-in-market proposals exploit the innovative features of a programmable data plane model to provide smart filters on the SDN switches against attack traffic if any. In this work, we therefore propose a security framework, so-called StateFit, which can flexibly filter attack traffic at the SDN programmable switches (data plane). The goal of StateFit is to reduce the latency and the signaling overhead that come along with the centralized architecture of SDN controllers and further provide innovative features for localized security services such as stateful monitoring. The experiment shows that our system is able to not only detect and prevent the attack traffic but also flexibly update the filtering policies and even the whole traffic interpreter onto the connected programmable switches. Following this approach, we believe that the vision of on-demand security services may come true soon.

KW - ONOS network operating system

KW - P4 programmable language

KW - SDN data plane stateful security

KW - Software-defined network

UR - http://www.scopus.com/inward/record.url?scp=85063669077&partnerID=8YFLogxK

U2 - 10.1109/I-SPAN.2018.00035

DO - 10.1109/I-SPAN.2018.00035

M3 - Conference contribution

AN - SCOPUS:85063669077

T3 - Proceedings - 2018 15th International Symposium on Pervasive Systems, Algorithms and Networks, I-SPAN 2018

SP - 168

EP - 173

BT - Proceedings - 2018 15th International Symposium on Pervasive Systems, Algorithms and Networks, I-SPAN 2018

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 16 October 2018 through 18 October 2018

ER -

Hwang RH, Nguyen VL, Lin PC. StateFit: A security framework for SDN programmable data plane model. 於 Proceedings - 2018 15th International Symposium on Pervasive Systems, Algorithms and Networks, I-SPAN 2018. Institute of Electrical and Electronics Engineers Inc. 2019. p. 168-173. 8636318. (Proceedings - 2018 15th International Symposium on Pervasive Systems, Algorithms and Networks, I-SPAN 2018). doi: 10.1109/I-SPAN.2018.00035

StateFit: A security framework for SDN programmable data plane model

摘要

出版系列

Conference

存取文件

其它文件與鏈接

指紋

引用此