A security enforcement kernel for OpenFlow networks Conference Paper uri icon


  • Software-defined networks facilitate rapid and open innovation at the network control layer by providing a programmable network infrastructure for computing flow policies on demand. However, the dynamism of programmable networks also introduces new security challenges that demand innovative solutions. A critical challenge is efficient detection and reconciliation of potentially conflicting flow rules imposed by dynamic OpenFlow (OF) applications. To that end, we introduce FortNOX, a software extension that provides role-based authorization and security constraint enforcement for the NOX OpenFlow controller. FortNOX enables NOX to check flow rule contradictions in real time, and implements a novel analysis algorithm that is robust even in cases where an adversarial OF application attempts to strategically insert flow rules that would otherwise circumvent flow rules imposed by OF security applications. We demonstrate the utility of FortNOX through a prototype implementation and use it to examine performance and efficiency aspects of the proposed framework. 2012 ACM.

name of conference

  • Proceedings of the first workshop on Hot topics in software defined networks

published proceedings

  • Proceedings of the first workshop on Hot topics in software defined networks

altmetric score

  • 6

author list (cited authors)

  • Porras, P., Shin, S., Yegneswaran, V., Fong, M., Tyson, M., & Gu, G.

citation count

  • 387

complete list of authors

  • Porras, Philip||Shin, Seungwon||Yegneswaran, Vinod||Fong, Martin||Tyson, Mabry||Gu, Guofei

publication date

  • January 2012